fix: add login.sh helper and graceful not-logged-in handling in entrypoint

README.md

@@ -10,36 +10,46 @@ A headless Docker container that uses `obsidian-headless` to keep a local vault
    cd obsidian-sync-server
    ```
 
-2. **Configure the Host Path:**
-   - Copy the example env: `cp .env.example .env`
-   - Open `.env` and set `VAULT_HOST_PATH` to the **absolute path** of the folder on your computer where you want the notes to live.
-     - *Correct:* `/home/user/documents/my-vault`
-     - *Incorrect:* `./vault` (relative paths can be unpredictable in docker-compose)
+2. **Configure the environment:**
+   ```bash
+   cp .env.example .env
+   ```
+   Open `.env` and fill in:
+   - `VAULT_HOST_PATH` — **Absolute path** on your host where notes will be stored (e.g. `/home/user/my-vault`)
+   - `OBSIDIAN_VAULT_NAME` — Name of your remote Obsidian Sync vault
+   - `OBSIDIAN_SYNC_PASSWORD` — Your end-to-end encryption password
+   - `OBSIDIAN_DEVICE_NAME` — How this device appears in your Sync history
 
-3. **Set Sync Credentials:**
-   - Fill in `OBSIDIAN_VAULT_NAME` and `OBSIDIAN_SYNC_PASSWORD` (your E2EE key).
+3. **Log in (one-time setup):**
+   ```bash
+   ./login.sh
+   ```
+   This spins up a temporary container just for authentication. Your session is saved to the `./config` folder and will be reused by the main container automatically. You only need to do this once.
 
-4. **Launch:**
+4. **Start the sync server:**
    ```bash
    docker-compose up -d
    ```
-
-5. **First-Time Login:**
-   Because Obsidian Sync requires a secure login, you must authenticate the container once:
-   ```bash
-   docker exec -it obsidian-sync-server ob login
-   ```
-   Follow the instructions to log in. The session will be saved in the `./config` folder, so you won't have to do this again.
+   The container will now run continuously, syncing your vault in both directions.
 
 ## How it Works
-The container runs a continuous sync loop. 
-- **Cloud $\rightarrow$ Host:** Changes in Obsidian Sync are immediately downloaded to your `VAULT_HOST_PATH`.
-- **Host $\rightarrow$ Cloud:** Any changes you make to the files in `VAULT_HOST_PATH` (via a local Obsidian app or text editor) are immediately pushed to the cloud.
+
+The container runs `ob sync --continuous` which:
+- **Cloud → Host:** Pulls changes from Obsidian Sync down to your `VAULT_HOST_PATH`
+- **Host → Cloud:** Pushes any local file changes back up to the cloud
+
+If the container starts and is not logged in, it will print instructions and sleep (instead of crash-looping) so you can run `./login.sh`.
 
 ## Environment Variables
+
 | Variable | Description |
 |----------|-------------|
-| `OBSIDIAN_VAULT_NAME` | The name of the remote vault you want to sync |
+| `VAULT_HOST_PATH` | **Absolute path** to the vault folder on your host machine (e.g. `/home/user/my-vault`) |
+| `OBSIDIAN_VAULT_NAME` | The name of the remote vault to sync |
 | `OBSIDIAN_SYNC_PASSWORD` | Your end-to-end encryption password |
-| `OBSIDIAN_DEVICE_NAME` | The name this device will have in your Sync history |
-| `VAULT_HOST_PATH` | **Absolute path** to the vault folder on your host machine |
+| `OBSIDIAN_DEVICE_NAME` | Device name shown in Sync version history |
+
+## Requirements
+
+- Docker & Docker Compose
+- An active [Obsidian Sync](https://obsidian.md/sync) subscription

entrypoint.sh

@@ -3,25 +3,37 @@ set -e
 
 echo "Starting Obsidian Headless Sync Server..."
 
-# Ensure we are in the vault directory
 cd /vault
 
-# 1. Initial Login
-# Note: In a fully automated environment, the user will need to provide 
-# a session token or use 'ob login' interactively once.
-# For this container, we assume the user has handled login or we use an environment variable.
-if [ -z "$OBSIDIAN_SYNC_TOKEN" ]; then
-    echo "Warning: OBSIDIAN_SYNC_TOKEN not provided. You may need to run 'docker exec -it <container> ob login' manually once."
-else
-    # Assuming the CLI supports token-based login or we inject the session
-    echo "Using provided sync token for login..."
-    # ob login --token $OBSIDIAN_SYNC_TOKEN
+# Check if already logged in by testing ob login --status (or equivalent)
+echo "Checking login status..."
+LOGIN_STATUS=$(ob login 2>&1 || true)
+
+if echo "$LOGIN_STATUS" | grep -qi "not logged in\|unauthorized\|login required\|not authenticated"; then
+    echo ""
+    echo "============================================================"
+    echo "  NOT LOGGED IN — Action required!"
+    echo ""
+    echo "  Run the following command from your host to authenticate:"
+    echo ""
+    echo "    ./login.sh"
+    echo ""
+    echo "  Then restart this container:"
+    echo ""
+    echo "    docker-compose restart"
+    echo "============================================================"
+    echo ""
+    echo "Waiting for login... (sleeping to keep container alive)"
+    sleep infinity
+    exit 0
 fi
 
-# 2. Setup Sync for the specified vault
-echo "Setting up sync for vault: $OBSIDIAN_VAULT_NAME"
-ob sync-setup --vault "$OBSIDIAN_VAULT_NAME" --password "$OBSIDIAN_SYNC_PASSWORD" --device-name "$OBSIDIAN_DEVICE_NAME" --path /vault
+echo "Login confirmed. Setting up sync for vault: $OBSIDIAN_VAULT_NAME"
+ob sync-setup \
+    --vault "$OBSIDIAN_VAULT_NAME" \
+    --password "$OBSIDIAN_SYNC_PASSWORD" \
+    --device-name "$OBSIDIAN_DEVICE_NAME" \
+    --path /vault
 
-# 3. Start Continuous Sync
 echo "Entering continuous sync mode..."
 exec ob sync --continuous

login.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# login.sh — Run this once to authenticate obsidian-headless.
+# Starts a temporary container just for login.
+# The session is saved to ./config and persists into the main container.
+
+set -e
+
+echo "Starting temporary login container..."
+echo ""
+
+docker-compose run --rm \
+    --entrypoint "ob" \
+    obsidian-sync login
+
+echo ""
+echo "Login complete. You can now start the sync server:"
+echo "  docker-compose up -d"