fix(deploy): only reattach /dev/tty when actually prompting for password

Unconditional 'exec < /dev/tty' broke non-interactive SSH invocations
where /dev/tty isn't openable. Move the reattach into the env-prompt
branch and skip it cleanly if /root/.quiz.env was pre-populated, with
a clear error if both stdin and /root/.quiz.env are missing.

deploy/bootstrap.sh

@@ -12,10 +12,6 @@
 
 set -euo pipefail
 
-# When invoked through curl|bash, stdin is the pipe, not the TTY.
-# Reattach TTY so `read -s` works for the password prompt.
-[ -t 0 ] || exec < /dev/tty
-
 REPO_URL="${REPO_URL:-https://gitea.ahkhan.me/apps/quiz.git}"
 APP_DIR="${APP_DIR:-/opt/quiz}"
 APP_USER="${APP_USER:-quiz}"
@@ -73,6 +69,16 @@ if [ ! -f "$ENV_FILE" ]; then
         echo "Using /root/.quiz.env"
         cp /root/.quiz.env "$ENV_FILE"
     else
+        # Need to prompt for the admin password; reattach TTY if curl|bash
+        # left stdin pointed at the pipe.
+        if [ ! -t 0 ] && [ -r /dev/tty ]; then
+            exec < /dev/tty
+        fi
+        if [ ! -t 0 ]; then
+            echo "ERROR: stdin is not a TTY and /root/.quiz.env is missing." >&2
+            echo "Either pre-populate /root/.quiz.env or run this script interactively." >&2
+            exit 1
+        fi
         QUIZ_SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_urlsafe(48))')
         printf 'Admin password (input hidden): '
         read -rs QUIZ_ADMIN_PASSWORD