Fix/led panel permissions 224

[ChuckBuilds]

Summary by CodeRabbit

• Chores
  • Reorganized installation sequence so dependencies, web assets, and the main service install in a more reliable order.
  • Ensured configuration files are created with correct ownership and permissions; re-applies permissions after path changes.
  • Hardened service integration with daemon reloads and stricter unit permissions; avoided repeated web installs via marker checks.
  • Refined Python/pip handling and added capability-setting for the Python runtime.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Reorganized first_time_install.sh to reorder installation steps: the main LED Matrix service is now installed after Python and web dependencies (moved to Step 7.5). Added explicit creation and permissioning of config.json/config_secrets.json, improved Python capability handling (setcap targeting discovered Python binary, no pip upgrade), hardened systemd unit permissions, introduced marker-based guards for web deps, and adjusted ownership/permission reapplication logic.

Changes

Cohort / File(s)	Summary
Installer script (overall flow) first_time_install.sh	Resequenced installation tasks: Python deps → web deps → main service (new Step 7.5). Renumbered steps and updated user messaging and idempotency markers.
Python & capabilities first_time_install.sh	Removed pip upgrade; only checks pip version. Added capability configuration block that finds the Python binary (including Python 3.13) and applies setcap when available.
Config files & permissions first_time_install.sh	Explicitly creates config.json and config_secrets.json from templates or minimal fallbacks, sets ownership and permissions, and reapplies ownership for plugins/plugin-repos based on detected service user.
Systemd / web integration first_time_install.sh	Moved/added systemctl daemon-reload invocations, hardened systemd unit file permissions (8.1), added conditional checks for old vs new service paths, and introduced a marker to avoid re-installing web deps.
Helper / marker logic & messaging first_time_install.sh	Added checks for relocated scripts, marker-based web dependency guard, conditional updates for service files, and small messaging/flow tweaks for missing or moved scripts.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix(install): resolve install issues and speed up web UI startup #225: Overlapping installer flow changes to first_time_install.sh, including pip/setcap handling and marker-based web-deps guarding.

Poem

🐰 Hopping through scripts with nimble paws,
I add a step and tighten up the laws,
Configs snugged safe, permissions set right,
Services now start after Python's light.
Installations hum — I nibble with delight. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix/led panel permissions 224' directly references the issue number and core purpose of the changeset, which involves ownership and permissions adjustments throughout the installation script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/led-panel-permissions-224

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@first_time_install.sh`:
- Around line 514-516: The initial "This script will perform the following
steps" list must be updated to reflect the reordered steps so Step 4 matches the
updated CURRENT_STEP and echo "Step 4: Ensuring configuration files exist...";
locate the header/list block (the startup echo statements that enumerate steps)
and change the items so item 4 reads "Ensure configuration files exist" and
renumber subsequent entries to match the provided suggested sequence (including
fractional steps like 7.5/8.5/10.1 where applicable) so the step numbers align
with the CURRENT_STEP variable and the runtime echo lines.
- Around line 898-931: The script prints success even when setcap fails and may
call setcap on a symlink (which fails); update the capability block to resolve
the real binary (use readlink -f on /usr/bin/python3 and /usr/bin/python3.13),
check command -v setcap first, run sudo setcap on the resolved path, capture the
exit status, and only print the "✓ Python3... capabilities configured" message
when setcap succeeds (otherwise print a clear warning/error). Reference the
PYTHON_VER variable and the /usr/bin/python3(/3.13) paths used in the existing
conditional so the fix replaces the current setcap calls and success echoes.