Redact personal data before publishing as public repo

- config/git/gitconfig: replace real name, email, SSH signing key, and
  self-hosted git credential URL with placeholder values

- stages/06-scripts.sh: remove hardcoded personal email from bw login;
  CLI prompts interactively

- config/shell/zshrc.local.example: replace personal server URLs
  (Nextcloud, LiteLLM proxy), university email address, institution-
  specific Canvas LMS URL, and identifying Canvas key prefix with
  generic example.com placeholders

- TODO.md: replace personal email and Nextcloud URL in code examples
  with generic placeholders

- stages/07-uv-projects.sh: remove private org name from comment

TODO.md

@@ -8,7 +8,7 @@ or hardware-specific configuration).
 - [ ] **Load SSH keys from Bitwarden** or generate a new key:
   ```bash
   # Option A: Generate fresh key
-  ssh-keygen -t ed25519 -C "hi@julianprester.com"
+  ssh-keygen -t ed25519 -C "your@email.com"
 
   # Option B: Set up Bitwarden+SSH loading
   bw login
@@ -22,7 +22,7 @@ or hardware-specific configuration).
 - [ ] **Add SSH public key to GitHub**: https://github.com/settings/keys
 - [ ] Clone this repo and remaining repos:
   ```bash
-  git clone git@github.com:julianprester/linux-provision.git
+  git clone git@github.com:yourusername/linux-provision.git
   ```
 
 ## 2. Bitwarden & Environment Variables
@@ -70,7 +70,7 @@ If you prefer a plain file instead of Bitwarden:
 ## 4. Nextcloud
 
 - [ ] Install Nextcloud Desktop Client (Flatpak or RPM)
-- [ ] Connect to `https://nc.julianprester.com`
+- [ ] Connect to your Nextcloud instance
 - [ ] Select sync folders (especially `Nextcloud/3_bibliography/`)
 - [ ] Update `PandocCiter.DefaultBib` in VS Code settings if bib path changes
 

config/git/gitconfig

@@ -1,11 +1,9 @@
 [user]
-	name = Julian Prester
+	name = Your Name
-	email = hi@julianprester.com
+	email = your@email.com
-	signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO14cVPAkygA4OIMmQ1PiBBQ9mQ+nY5n7XKJA0jD9ZOl github@julianprester.com
+	# signingkey = <paste your SSH public key here, e.g. output of: cat ~/.ssh/id_ed25519.pub>
 [init]
 	defaultBranch = main
-[credential "https://git.julianprester.com"]
-	provider = generic
 [core]
 	compression = 0
 	excludesfile = ~/.gitignore

config/shell/zshrc.local.example

@@ -9,8 +9,7 @@
 #
 #  DO NOT commit this file to version control.
 # =============================================================================
-#  From the Pop machine audit, Julian stores ~17 API keys in his env.
+#  Using Bitwarden is the recommended approach because:
-#  Using Bitwarden (bw-env.sh) is the recommended approach because:
 #    - Keys are encrypted at rest (not in dotfiles)
 #    - Syncs across machines automatically
 #    - One source of truth
@@ -23,13 +22,13 @@ export ANTHROPIC_API_KEY="sk-ant-your-key-here"
 export GOOGLE_API_KEY="AIza-your-key-here"
 export OPENCODE_API_KEY="sk-your-key-here"
 
-# ---- LiteLLM Proxy ----
+# ---- LiteLLM Proxy (optional — remove if using OpenAI directly) ----
-export OPENAI_BASE_URL="https://ai.julianprester.com"
+export OPENAI_BASE_URL="https://your-litellm-proxy.example.com"
 export OPENAI_API_KEY="sk-your-key-here"
 
 # ---- Calendar (CalDAV) ----
-export CALDAV_URL="https://nc.julianprester.com/remote.php/dav"
+export CALDAV_URL="https://your-nextcloud.example.com/remote.php/dav"
-export CALDAV_USERNAME="julian.prester@sydney.edu.au"
+export CALDAV_USERNAME="your@email.com"
 export CALDAV_PASSWORD="your-password-here"
 
 # ---- Thunderbird API ----
@@ -39,12 +38,12 @@ export TB_API_HOSTS="thunderbird"
 export ZOTERO_KEY=""
 
 # ---- Canvas LMS ----
-export CANVAS_API_KEY="3156~your-key-here"
+export CANVAS_API_KEY="your-key-here"
-export CANVAS_API_URL="https://canvas.sydney.edu.au/"
+export CANVAS_API_URL="https://canvas.your-institution.edu/"
 
 # ---- Nextcloud ----
-export NC_URL="https://nc.julianprester.com"
+export NC_URL="https://your-nextcloud.example.com"
-export NC_USERNAME="julian.prester@sydney.edu.au"
+export NC_USERNAME="your@email.com"
 export NC_PASSWORD="your-password-here"
 
 # ---- Actual Budget ----

stages/06-scripts.sh

@@ -154,7 +154,7 @@ if [ "${_do_bw_setup:-false}" = true ]; then
     info "If you have 2FA enabled, you'll be prompted for that too."
     echo "----------------------------------------"
     echo ""
-    bw login hi@julianprester.com || {
+    bw login || {
       warn "Bitwarden login failed or was cancelled."
       warn "You can run 'bw login' manually later."
     }

stages/07-uv-projects.sh

@@ -5,7 +5,7 @@
 #  and installs them via 'uv tool install' (editable mode from local path).
 # ===========================================================================
 #  These are Julian's own CLI tools — the ones installed on Pop via uv.
-#  Each has a remote on github.com/julianprester/ (or re3-work/) and a
+#  Each has a remote on github.com/julianprester/ and a
 #  pyproject.toml defining the package.
 #
 #  Tools without a public remote (oracle, panac, skill-eval, mondada) are
@@ -21,7 +21,7 @@ export PATH="$HOME/.local/bin:$PATH"
 # ---- Define tool repos ----
 # Format: "repo_name:github_org:has_pyproject"
 # repo_name     = directory name under ~/Development/
-# github_org    = GitHub org (julianprester or re3-work)
+# github_org    = GitHub org or username
 # has_pyproject = true if it has pyproject.toml and should be uv-installed
 
 TOOLS=(