# Linux Machine Provisioning

**Purpose:** Rapidly set up a new Fedora Linux machine with Julian's toolchain,
config, and customisations. Generated from audit of Pop!_OS "thinkpad" machine.

## Supported Distributions

Auto-detected — no manual config needed:

| Family | Distros | Package Manager |
|--------|---------|-----------------|
| **Debian** | Ubuntu, Pop!_OS, Debian, Linux Mint | `apt` |
| **Fedora** | Fedora Workstation, RHEL, CentOS | `dnf` |

Detection is in `lib/distro.sh`. It sets variables like `$PKG_INSTALL`,
`$PKG_UPDATE`, `$GRUB_UPDATE` etc. that all stage scripts use.

## Quick Start

```bash
# Clone this repo on the new machine
git clone git@github.com:julianprester/linux-provision.git ~/linux-provision
cd ~/linux-provision

# Review and edit config/shell/zshrc.local with your API keys
cp config/shell/zshrc.local.example ~/.zshrc.local
# Edit ~/.zshrc.local with real API keys

# Run the full provisioning (will prompt for sudo)
bash provision.sh --all

# Or run individual stages
bash provision.sh --stage 03-toolchains
bash provision.sh --stage 06-uv-projects

# Or source it for interactive use
source provision.sh --interactive
```

## Structure

```
linux-provision/
├── README.md              # This file
├── provision.sh           # Master orchestrator — run with --all or --stage N
├── stages/                # Modular stage scripts, sourced by provision.sh
│   ├── 00-envcheck.sh     # OS/sudo/environment checks
│   ├── 01-repos.sh        # DNF repos (RPM Fusion, COPR, Microsoft, etc.)
│   ├── 02-packages.sh     # System packages via DNF
│   ├── 03-toolchains.sh   # nvm, Node, uv, Python
│   ├── 04-shell.sh        # zsh, oh-my-zsh, powerlevel10k, configs
│   ├── 05-git.sh          # Git config, SSH key setup
│   ├── 06-scripts.sh      # ~/.local/bin (bw, zoom, env, etc.)
│   ├── 07-uv-projects.sh  # Clone + install Julian's uv tools from ~/Development
│   ├── 08-systemd.sh      # User systemd services (porridge, swayidle, etc.)
│   ├── 09-desktop.sh      # Keybindings, hotkeys, ghostty, fonts
│   ├── 10-docker.sh       # Docker CE setup
│   ├── 11-tweaks.sh       # sysctl, kernel params, TLP/powertop, modprobe
│   └── 12-other-apps.sh   # Chrome, Signal, Zotero
├── config/                # Dotfiles and config files (installed by stages)
│   ├── git/gitconfig
│   ├── shell/{zshrc,zshrc.local.example,p10k.zsh}
│   ├── scripts/{bw-load-ssh.sh,idle-battery-suspend.sh,zoom.sh,env.sh}
│   ├── systemd/{porridge.service,...}
│   ├── sysctl/99-custom.conf
│   └── modprobe/{system76-power.conf,pop-default-settings-dirty-frag.conf}
├── etc/                   # System-level configs (copied to /etc)
└── TODO.md                # Post-provisioning manual steps
```

## Stages Overview

| #  | Stage | What it does |
| --- | --- | --- |
| 00 | envcheck | Verify Fedora, sudo access, directory setup |
| 01 | repos | RPM Fusion free/nonfree, COPRs, Microsoft, Docker, Google, Signal, Tailscale |
| 02 | packages | Install all system packages (distro-mapped names) |
| 03 | toolchains | Install nvm + Node LTS, uv, Python |
| 04 | shell | Install zsh, oh-my-zsh, p10k, deploy .zshrc, .p10k.zsh |
| 05 | git | Deploy .gitconfig, generate SSH key |
| 06 | scripts | Deploy ~/.local/bin scripts (bw, bw-load-ssh, Zoom wrapper, etc.) |
| 07 | uv-projects | Clone all Julian's Python tool repos from GitHub, uv install (needs SSH keys) |
| 08 | systemd | Deploy and enable user systemd services |
| 09 | desktop | Configure keybindings, hotkeys, ghostty, fonts |
| 10 | docker | Install Docker CE, add user to docker group |
| 11 | tweaks | sysctl, kernel cmdline, TLP/powertop, modprobe blacklists |
| 12 | other-apps | Google Chrome, Signal, Zotero |

## Post-Install Manual Steps

See `TODO.md` for things that can't be automated: restoring SSH keys
from Bitwarden, configuring Tailscale, importing GPG keys, etc.

## Design Notes

- **Distribution-agnostic** — detects Debian/Ubuntu/Pop vs Fedora via
  `lib/distro.sh`. Package manager commands, repo config, and package
  names adapt automatically.
- **Idempotent** — safe to run multiple times. Stages check for existing
  installations before repeating work.
- **Secrets out of repo** — API keys live in `~/.zshrc.local` (gitignored).
  The repo ships `zshrc.local.example` with placeholder values.
- **One stage per concern** — comment out stages you don't need in
  `provision.sh` or pass `--stage` individually.
- **Hardware-specific quirks commented out** — AMD GPU kernel params,
  WiFi workarounds, etc. are documented but disabled by default.