# ============================================================================= # .zshrc — Julian's Zsh configuration # Generated from Pop!_OS "thinkpad" machine audit. # ============================================================================= # This file is managed by the linux-provision repo. # # API keys and secrets are loaded from Bitwarden on shell startup. # If Bitwarden is unlocked, keys are available immediately. # If locked, bw-env fails silently and you just won't have env vars # (run `bw && bw-env` when you need them). # # To set up: bw-env --setup (one-time interactive) # See config/scripts/bw-env.sh for details. # ============================================================================= # ---- Powerlevel10k instant prompt ---- # Must stay close to the top. if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" fi # ---- PATH setup ---- export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH # ---- SSH agent socket ---- # Match the socket used by ssh-agent.socket (OpenSSH), not GCR/gnome-keyring. export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.sock" # ---- Oh My Zsh ---- export ZSH="$HOME/.oh-my-zsh" ZSH_THEME="powerlevel10k/powerlevel10k" # ---- Plugins ---- plugins=(git zsh-autosuggestions) source $ZSH/oh-my-zsh.sh # ---- Custom Aliases ---- # Bluetooth hard reset (ath11k WiFi/Bluetooth adapter hang workaround) alias bt-reset='rfkill block bluetooth && sleep 1 && rfkill unblock bluetooth && sleep 1 && systemctl restart bluetooth' # ---- Key bindings ---- # Ctrl+Backspace → delete word before cursor bindkey "^H" backward-kill-word # ---- Powerlevel10k config ---- [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh # ---- NVM (Node Version Manager) ---- export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # ---- Custom completions ---- fpath+=~/.zfunc; autoload -Uz compinit; compinit # ============================================================================= # Secrets — API keys and tokens # Loaded from Bitwarden on every shell start. # Fetches the "Environment" item and exports all custom fields as env vars. # Falls back silently if vault is locked or item doesn't exist. # # Prerequisites: bw (Bitwarden CLI), jq # To set up: # 1. bw login # 2. bw unlock --raw > ~/.config/Bitwarden\ CLI/.session # 3. Create a Bitwarden item named "Environment" (type: Secure Note) # with custom fields for each API key (name = VAR_NAME, value = the_key) # ============================================================================= if [ -z "${BW_SESSION:-}" ] && [ -f "$HOME/.config/Bitwarden CLI/.session" ]; then export BW_SESSION=$(cat "$HOME/.config/Bitwarden CLI/.session") fi if [ -n "${BW_SESSION:-}" ]; then eval "$(bw get item Environment 2>/dev/null | jq -r ' .fields[] | select(.type != 0) | "export " + (.name | gsub(" "; "_")) + "=" + (.value | @sh) ' 2>/dev/null)" 2>/dev/null fi # Signal porridge daemon to reload config (picks up newly loaded env vars) _pidfile="$HOME/.local/state/porridge/daemon.pid" [[ -f "$_pidfile" ]] && kill -HUP "$(cat "$_pidfile")" 2>/dev/null || true