- Add PKG_UPGRADE variable to lib/distro.sh:
- Debian: sudo apt upgrade -y
- Fedora: sudo dnf upgrade -y
- Export PKG_UPGRADE so stage scripts can use it
- Add upgrade step to 00-envcheck.sh after the existing cache update
- Errors are non-fatal (|| warn) to handle fresh installs gracefully
Public key, name, email, and self-hosted URLs are fine to publish.
Remove config/shell/zshrc.local.example instead of genericizing it —
it contained personal infrastructure details with no value to others.
- config/git/gitconfig: replace real name, email, SSH signing key, and
self-hosted git credential URL with placeholder values
- stages/06-scripts.sh: remove hardcoded personal email from bw login;
CLI prompts interactively
- config/shell/zshrc.local.example: replace personal server URLs
(Nextcloud, LiteLLM proxy), university email address, institution-
specific Canvas LMS URL, and identifying Canvas key prefix with
generic example.com placeholders
- TODO.md: replace personal email and Nextcloud URL in code examples
with generic placeholders
- stages/07-uv-projects.sh: remove private org name from comment
- lib/distro.sh: add DISTRO_CODENAME from VERSION_CODENAME; remove
unused REPO_ADD_RPM variable; export DISTRO_CODENAME
- stages/01-repos.sh: replace repeated '. /etc/os-release' subshell
calls with $DISTRO_CODENAME in Docker and Tailscale repo lines
- stages/00-envcheck.sh: combine four mkdir -p calls into one
- stages/02-packages.sh: remove identical if/else branches in fd
symlink block; both branches were the same command
- stages/03-toolchains.sh: set NVM_DIR once before the if/else instead
of twice; remove dead commented-out duplicate curl line
- stages/04-shell.sh: capture $(date +%Y%m%d) into _bak_date once per
backup and reuse in cp and warn to avoid redundant forks
- stages/06-scripts.sh: split 'export VAR=$(cmd)' into assignment +
export to correctly propagate errors under set -euo pipefail
- stages/07-uv-projects.sh: remove unused has_package_json field (always
false, never read); fix stage completion message 06 -> 07
- stages/08-systemd.sh: remove mempi-sync.timer (deploy, enable, header
comment); deploy mempi-sync.service only
- stages/09-desktop.sh: remove duplicate mkdir -p in COSMIC section;
remove unused repo_url parameter from install_nerd_font()
- stages/12-other-apps.sh: replace manual distro branch for Nextcloud
with pkg_install_mapped
- config/scripts/bw-load-ssh.sh: split 'export BW_SESSION=$(cat ...)'
into assignment + export
- config/systemd/mempi-sync.timer: delete file
- stages/09-desktop.sh: new autostart section — copies .desktop files
for Firefox, Ghostty, Nextcloud, Obsidian, Thunderbird into
~/.config/autostart/ so they launch at login
- stages/12-other-apps.sh: add Thunderbird, VirtualBox (Fedora via
RPM Fusion), Zoom (via Flatpak); fallback Signal to Flatpak
(no official RPM repo); remove FreeRDP (not needed on Fedora)
- config/scripts/bw-load-ssh.sh: add ssh-agent retry loop (graphical
session may not be ready when systemd fires); use process substitution
instead of pipe to avoid subshell + set -e issues with LOADED counter
- stages/05-git.sh: remove interactive SSH key generation prompt (keys
come from Bitwarden); pre-accept GitHub host key via ssh-keyscan
to avoid first-connect prompt during git clone
- stages/04-shell.sh: add sudo chsh fallback (chsh may fail in
non-interactive provisioning without PAM auth)
- config/git/gitconfig: real name, email, and SSH signing key
- config/shell/zshrc: fix typo 'powerlevel10zsh' → 'powerlevel10k'
- config/systemd/bw-ssh-keys.service: depend on graphical-session
instead of network (ssh-agent starts with session); add explicit
PATH so bw and jq are found; add RemainAfterExit=yes
(avoids restart loop on oneshot services)
Key changes:
- lib/distro.sh: replace REPO_ADD_RPM variable with repo_add_rpm()
function (DNF5 changed 'config-manager --add-repo' to
'config-manager addrepo --from-repofile=')
- 01-repos.sh: use repo_add_rpm function; add Ghostty COPR for
Fedora; remove Signal RPM repo (no official one — use Flatpak)
- 02-packages.sh: lowercase 'development-tools' group for DNF5;
add python3-devel (needed for native extensions like evdev);
swap ffmpeg-free → ffmpeg via RPM Fusion for full codec support;
use tuned (preinstalled on Fedora) instead of TLP
- 11-tweaks.sh: conditional power management — TLP on Debian,
tuned on Fedora
