Replace complex here-doc command substitution with simple printf approach
to avoid shell expansion issues that were causing syntax errors.

- Add install_docker_simple.sh eliminating complex systemd detection
- Remove hackery around environment variable management
- Use straightforward Docker daemon startup
- Update setup_service.sh to use simplified installer

- Escape $(whoami) so it evaluates when shell config runs, not when generated
- Fix SERVICE_ENV_FILE path construction that was resulting in empty variable
- Escape $XDG_CACHE_HOME and other variables for proper evaluation timing

This should fix the Docker environment sourcing issue where variables
weren't being loaded from the .env file.

- Improve cleanup logic to remove all XDG and tinsnip environment code
- Use more comprehensive regex to clean existing environment variables
- Separate cleanup and addition steps to prevent malformed shell code
- Fix the duplicate incomplete if statements that caused syntax errors

This should resolve the '.profile: syntax error near unexpected token fi' issue.

- Change from $HOME/.docker/run to /home/username/.docker/run
- Use literal expanded paths instead of shell variables in .env file
- Follows standard .env file conventions and docker-compose expectations
- Ensures DOCKER_HOST variable is properly set when .env file is sourced

This fixes the Docker verification failure where DOCKER_HOST was empty
because $HOME wasn't expanding in the .env file.

SOLUTION OVERVIEW:
- Single source of truth: /mnt/service-env/.env on NFS mount
- Shell integration: .bashrc/.profile source from NFS with host cache fallback
- Docker compose compatibility: Uses same .env file
- Migration ready: All variables stored on NFS mount

KEY FEATURES:
- create_service_env_file(): Creates service .env with TIN_* and XDG_* variables
- generate_service_env_loader(): Shell code for NFS + cache fallback loading
- TIN_SERVICE_ENV_CACHE: XDG-compliant cache at $XDG_CACHE_HOME/tinsnip/user.env
- Resilient: Works when NFS unavailable using cached copy

ARCHITECTURE:
- Primary: /mnt/gateway-prod/.env (portable, on NFS)
- Cache: ~/.cache/tinsnip/gateway-prod.env (resilient, on host)
- Shell: Sources from NFS, updates cache, falls back to cache
- Docker: Uses same .env file via docker-compose env_file directive

This solves the portability issue while maintaining shell script compatibility
and provides NFS resilience through intelligent caching.

- Move update_shell_config() function to lib.sh for shared use
- Update mount_nas.sh to set XDG Base Directory vars in both .bashrc and .profile
- Update install_docker.sh to use shared function instead of duplicate code
- Ensures all environment variables available in both interactive and non-interactive shells
- Eliminates code drift between different shell configuration approaches

This fixes Docker verification issues by ensuring environment variables
are consistently available regardless of shell invocation method.

- Create single update_shell_config() function for both .bashrc and .profile
- Eliminates code drift between interactive and non-interactive shell configs
- Ensures Docker environment variables are available to non-interactive shells
- Updates verification to use .profile (works for non-interactive execution)
- Follows DRY principle - one function called twice instead of duplicated logic

This should fix Docker verification failures in non-interactive environments.

- Check if Docker is working before attempting restart
- Skip restart if Docker is already functional to avoid systemctl issues
- Only attempt restart if Docker is not responding
- Prevents breaking working Docker installations due to systemd bus issues

This should fix the Docker verification failures when systemctl can't
manage the user session but Docker is running fine.

- Make systemctl restart calls non-fatal when systemd user session unavailable
- Add fallback checks to verify Docker is still functional after failed restart
- Handle 'Failed to connect to bus: No medium found' error gracefully
- Docker installation continues successfully even with systemd bus issues

This fixes the 'Failed to install Docker' error when systemd user sessions
aren't properly configured but Docker itself is working fine.

- Removed all interactive confirmation prompts from setup scripts
- Replaced with "# Proceeding with setup" comments for clarity
- Prevents automation from hanging on user input requests
- Maintains logging of intended actions without requiring confirmation

Files updated:
- install.sh: Updated installer version
- machine/setup.sh: Removed interactive prompt in interactive_setup()
- machine/scripts/setup_service.sh: Removed confirmation prompt
- machine/scripts/mount_nas.sh: No interactive prompts found (already clean)
- machine/scripts/install_docker.sh: No interactive prompts (already clean)

- Remove lingering setup from install_rootless_docker function
- Lingering is now handled only in main function to avoid duplicates
- Should eliminate duplicate 'Enabling systemd lingering' messages

- Fix systemd lingering authentication by using sudo loginctl
- Improve NFS mount logging with better formatting and aligned output
- Clean up station setup completion messages and remove redundant content
- Remove unnecessary blank lines and outdated XDG references
- Use proper mount point paths with variable substitution

Docker improvements:
- Add missing systemd lingering enablement for service users
- Improve systemctl_user_safe function to return status and handle logging properly
- Clean up apt-get output with success/error indicators and emoji
- Fix verification and configuration messages

NFS improvements:
- Clean up NFS export checking with status emojis and indented paths
- Improve NFS export setup instructions formatting
- Add proper test mount instructions with directory creation
- Split prompt messages for better formatting

Mount improvements:
- Clean up apt-get dependency installation output
- Add XDG environment variable setup for service users

- Use indented format for repository URL and directory operations
- Show installation location immediately with checkmark emoji
- Remove redundant service catalog path from final summary
- Consistent formatting with other installer operations

Installer improvements:
- Cleaner directory operation messages with indented paths
- Download progress shows filename with emoji instead of full path

XDG improvements:
- Remove legacy XDG symlink creation
- Add proper XDG environment variables in service user profile
- Point XDG vars directly to NFS mount directories (/mnt/service-env/)
- Create data, config, state, cache directories automatically

- Each service now gets its own mount point: /mnt/<service>-<environment>
- Prevents conflicts between services (e.g., lldap-test vs gateway-prod)
- Services can be deployed, updated, and managed independently
- Station uses /mnt/station-prod for service registry

- Define tinsnip target pattern with XDG + NFS integration
- Document two service patterns: home-grown vs third-party adaptation
- Explicit volume requirements using XDG environment variables
- Clear examples showing gazette (home-grown) and LLDAP (third-party)
- Address critical Docker volume persistence problem
- Environment variable mapping table for host/container clarity
- Complete deployment workflow and troubleshooting guide

- Document Docker volume persistence problem with named volumes vs NFS bind mounts
- Capture service debugging and change control workflow challenges
- Address real issues discovered during lldap deployment testing
- Provide structured questions for architectural decisions
- Ensure lessons learned are preserved for future development

- Remove complex detection logic that was unreliable
- Always set exec-opts to disable cgroupdriver for tinsnip deployments
- Prevents 'Interactive authentication required' cgroup errors
- Matches the manual fix applied during testing
- More reliable approach for service deployment environments

- Add log() function for consistent output formatting
- Replace all echo statements with log() calls
- Matches logging style of other tinsnip scripts
- Clearer output with [Fresh Install] prefix

- Let install.sh handle all completion messages
- Remove hardcoded service examples
- Remove INSTALL_SERVICES flag (no longer used)
- Cleaner output without duplication

- Detect if systemd user session has proper delegation
- Add exec-opts to disable cgroupdriver when needed
- Fixes 'Interactive authentication required' errors
- Allows rootless Docker to work on systems without cgroup delegation
- Only applies workaround when systemd delegation unavailable

- Check if dockerd is running before trying to start it
- For systemd: use systemctl --user start docker.service
- For non-systemd: manually start dockerd-rootless.sh
- Ensures Docker daemon is running for verification step
- Fixes 'Docker verification failed' when Docker already installed

- Explicitly set environment variables instead of relying on bashrc
- Try systemd path first (/run/user/<uid>), fall back to home directory
- Works regardless of bashrc state or shell configuration
- Shows which mode (systemd/non-systemd) is being used
- Keep bashrc modifications for standard Docker user experience

- Enable lingering at the start of Docker installation
- Ensures /run/user/<uid> directory is created for rootless Docker
- Fixes cgroup issues with rootless Docker on systemd systems
- Required for proper rootless Docker operation with systemd

- Add setup_docker_environment function to configure environment variables
- Call it when Docker is already installed to ensure proper setup
- Handles both systemd and non-systemd environments
- Removes old variables before adding new ones to avoid conflicts

- Display available services dynamically from service catalog
- Better formatting with service catalog path on new indented line
- Changed 'Next steps 2' to more inviting 'Fire up some services'
- Removed redundant 'Examples:' section
- Show up to 5 services from catalog as examples

- Add add_to_bashrc_top function to insert variables at top of bashrc
- Prevents variables being blocked by interactive shell return statement
- Ensures Docker environment works in both interactive and non-interactive shells
- Fixes automation where variables were added after early return

- Changed from bash -c with complex quoting to heredoc approach
- Avoids bash syntax errors from nested quote escaping
- Should resolve 'unexpected end of file' error in systemctl calls

- Changed mixed single/double quotes to consistent double quotes
- Properly escaped inner quotes to prevent bash parsing errors
- Should resolve systemd guard functionality for rootless Docker

Quote escaping was incorrect causing 'unexpected end of file' error.
Changed from double quotes to single quotes with proper variable interpolation.

- Add systemctl_user_safe() helper to handle systemd availability
- Replaces repetitive if/else blocks with clean function calls
- Makes code more maintainable and readable
- Fixes remaining 'Failed to connect to bus' errors

- Remove unconditional show_nfs_setup_instructions call from mount_nfs_share
- Bug was in our code, not tangled.sh service
- Now only shows setup instructions when export check actually fails
- Remove tangled-bug-repro.sh (no longer needed)

- Remove USE_GIT flag - always use curl (simpler for users)
- Remove INSTALL_SERVICES flag - always install services
- Keep SERVICE_REPO_URL for custom service catalogs (product value)
- Include ALL machine/ scripts in download (fixes missing files bug)
- Update instructions to point to machine/setup.sh not legacy setup.sh

Much simpler: curl | bash just works, no flags needed

Demonstrates that install.sh doesn't include complete repository contents.
The machine/ directory is missing from installations.

- Remove station-prod, lldap-test, gazette-prod, etc.
- Keep legacy cleanup for backward compatibility
- Add NFS mount cleanup

Fixes all major pain points discovered during real deployment:
- NFS detection logic improved
- Script path issues resolved
- Docker systemd issues handled- Service catalog access automated