Initial commit: linux-provision repo

Distribution-agnostic provisioning script that sets up a new Linux machine
(Detected via lib/distro.sh - supports Debian/Ubuntu/Pop and Fedora families).

13 stages covering:
- System packages, external repos, toolchains (nvm, uv, Python)
- Shell config (zsh, oh-my-zsh, p10k), git, SSH
- Custom uv tools from ~40 git repos
- Desktop config (keybindings, hotkeys, ghostty, fonts)
- Docker, system tweaks, browser/app installs
- Custom systemd user services (porridge, swayidle, mempi-sync, etc.)
- API keys loaded from Bitwarden at shell startup

stages/10-docker.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# ===========================================================================
+#  Stage 10: Docker CE
+#  Installs Docker CE, enables on boot, and adds user to docker group.
+# ===========================================================================
+#  On the Pop machine, Julian uses Docker extensively:
+#    - grobid (PDF extraction server)
+#    - rocker/rstudio (R environment)
+#    - pandoc/extra (document conversion)
+#
+#  This stage covers Docker CE install only. Docker images are pulled
+#  on demand (too large to pre-pull in provisioning).
+# ===========================================================================
+
+info "Installing Docker CE..."
+
+# Docker repo was added in stage 01. Install from it.
+if command -v docker &>/dev/null; then
+  ok "Docker already installed: $(docker --version 2>/dev/null)"
+else
+  $PKG_INSTALL docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin 2>/dev/null || {
+    error "Docker install failed. Check repo config in stage 01."
+    exit 1
+  }
+  ok "Docker CE packages installed."
+
+  # Enable and start Docker
+  $SERVICE_ENABLE docker 2>/dev/null
+  ok "Docker service enabled and started."
+fi
+
+# ---- Add user to docker group ----
+if groups | grep -q docker; then
+  ok "User is already in the docker group."
+else
+  info "Adding user to docker group (required to run Docker without sudo)..."
+  sudo usermod -aG docker "$USER" 2>/dev/null || warn "Could not add user to docker group."
+  warn "You'll need to log out and back in for docker group changes to take effect."
+  warn "Alternatively, run: newgrp docker (temporary, current shell only)."
+fi
+
+# ---- Verify Docker works ----
+info "Verifying Docker installation..."
+# Use a simple test (may need re-login for group changes)
+if sg docker -c "docker run --rm hello-world" 2>/dev/null; then
+  ok "Docker verified: hello-world ran successfully."
+else
+  warn "Docker verification failed. You may need to log out and back in."
+  warn "Or run: sudo usermod -aG docker $USER && newgrp docker"
+fi
+
+# ---- Install Docker Compose (plugin) ----
+# docker compose (v2, plugin) was installed with docker-compose-plugin above.
+if docker compose version 2>/dev/null; then
+  ok "Docker Compose v2 plugin ready: $(docker compose version --short 2>/dev/null)"
+fi
+
+# ---- (Optional) Pre-pull commonly used images ----
+# Uncomment to pre-pull images Julian uses frequently.
+# Note: grobid image is large (~2GB each).
+info "Note: Docker images are pulled on demand when you run containers."
+info "Common images Julian uses:"
+info "  - grobid/grobid (PDF extraction)"
+info "  - rocker/tidyverse or rocker/verse (RStudio)"
+info "  - pandoc/extra"
+echo ""
+
+ok "Stage 10 complete: Docker installed."