# Post-Provisioning TODO

Things that can't be fully automated (require manual setup, credentials,
or hardware-specific configuration).

## 1. SSH Keys & GitHub

- [ ] **Load SSH keys from Bitwarden** or generate a new key:
  ```bash
  # Option A: Generate fresh key
  ssh-keygen -t ed25519 -C "hi@julianprester.com"

  # Option B: Set up Bitwarden+SSH loading
  bw login
  bw unlock --raw > ~/.config/Bitwarden\ CLI/.session
  chmod 600 ~/.config/Bitwarden\ CLI/.session
  bw-load-ssh.sh

  # Option C: Copy keys from old machine
  # scp old-machine:~/.ssh/id_ed25519* ~/.ssh/
  ```
- [ ] **Add SSH public key to GitHub**: https://github.com/settings/keys
- [ ] Clone this repo and remaining repos:
  ```bash
  git clone git@github.com:julianprester/linux-provision.git
  ```

## 2. Bitwarden & Environment Variables

API keys are loaded directly in `.zshrc` via `bw` + `jq`. No separate script.

- [ ] **Run `bw login`** to authenticate with Bitwarden
- [ ] **Unlock vault and save session:**
  ```bash
  bw unlock --raw > ~/.config/Bitwarden\ CLI/.session
  chmod 600 ~/.config/Bitwarden\ CLI/.session
  ```
- [ ] **Create a Bitwarden item** named "Environment" (type: Secure Note)
      with custom fields for each API key:

      | Field Name | Type | Example Value |
      |---|---|---|
      | `GROQ_API_KEY` | Hidden | `gsk_your_key` |
      | `ANTHROPIC_API_KEY` | Hidden | `sk-ant-your-key` |
      | `GOOGLE_API_KEY` | Hidden | `AIza_your_key` |
      | `CANVAS_API_KEY` | Hidden | `3156~your_key` |
      | `NC_PASSWORD` | Hidden | `your_nextcloud_password` |
      | ... (22 vars total — see `config/shell/zshrc.local.example` for the full list) |

- [ ] **Open a new shell** — `.zshrc` exports them automatically
- [ ] **Verify:** `echo $GROQ_API_KEY` (should show your key)

If you prefer a plain file instead of Bitwarden:
- [ ] Edit `~/.zshrc.local` with your API keys (template in `config/shell/zshrc.local.example`)
- [ ] Uncomment the alternate `source ~/.zshrc.local` line in the deployed `.zshrc`

If you prefer a plain file instead of Bitwarden:
- [ ] Edit `~/.zshrc.local` with your API keys (template in `config/shell/zshrc.local.example`)
- [ ] Uncomment the `source ~/.zshrc.local` line in your deployed `.zshrc`

## 3. Tailscale

- [ ] Authenticate Tailscale:
  ```bash
  sudo tailscale up
  ```
- [ ] Verify connection: `tailscale status`
- [ ] Note your Tailscale IP for services (Actual Budget, Nextcloud, etc.)

## 4. Nextcloud

- [ ] Install Nextcloud Desktop Client (Flatpak or RPM)
- [ ] Connect to `https://nc.julianprester.com`
- [ ] Select sync folders (especially `Nextcloud/3_bibliography/`)
- [ ] Update `PandocCiter.DefaultBib` in VS Code settings if bib path changes

## 5. Actual Budget

- [ ] Verify connection: `actualpy accounts`
- [ ] Update URL/password in `~/.config/actualpy/config.yaml`

## 6. Docker & WinBoat

- [ ] Log out and back in for docker group to take effect
- [ ] Pull WinBoat image: `docker pull ghcr.io/dockur/windows:5.14`
- [ ] Set up `~/.winboat/docker-compose.yml` (see reference in repo notes)
- [ ] Pull grobid: `docker pull grobid/grobid`
- [ ] Run grobid: `docker run -d -p 8070:8070 grobid/grobid`

## 7. Zotero

- [ ] Install Zotero (Flatpak or tarball from zotero.org)
- [ ] Sign in to sync library
- [ ] Install Zotero browser connector
- [ ] Set ZOTERO_KEY env var in `~/.zshrc.local`

## 8. GNOME Keybindings (if using GNOME)

- [ ] Verify custom shortcuts were applied:
  ```bash
  gsettings list-recursively org.gnome.settings-daemon.plugins.media-keys.custom-keybinding
  ```
- [ ] Or add them manually via Settings → Keyboard → Keyboard Shortcuts

## 9. Fonts

- [ ] If Nerd Font download failed, install manually:
  - Download from https://www.nerdfonts.com/font-downloads
  - MesloLGS NF (recommended for Powerlevel10k)
  - Extract to `~/.local/share/fonts/` and run `fc-cache -fv`

## 10. Ghostty

- [ ] Verify Ghostty runs and fonts look correct (nerd font icons in prompt)
- [ ] If not, set `font-family = "MesloLGS NF"` in `~/.config/ghostty/config`

## 11. VS Code

- [ ] Open VS Code and verify extensions are installed
- [ ] Sign in to GitHub → Settings → Sync (if you use Settings Sync)
- [ ] Verify PandocCiter path to bibliography

## 12. Solaar (Logitech Peripherals)

- [ ] Open Solaar from applications menu
- [ ] Pair your Logitech receiver or connect via Bluetooth
- [ ] The config will auto-save to `~/.config/solaar/config.yaml`

## 13. Printer / Scanning

- [ ] If using a printer, add via Settings → Printers
- [ ] If using a scanner, install `simple-scan`:
  ```bash
  sudo dnf install simple-scan
  ```

## 14. Reboot to Apply Kernel Changes

- [ ] `sudo reboot` — required for:
  - GRUB kernel cmdline parameters (if uncommented)
  - sysctl settings (most apply at runtime, but reboot ensures)
  - Docker group membership
  - Desktop environment changes

## 15. Verify Everything

Run a quick sanity check after reboot:

```bash
# Development tools
node --version
npm --version
python3 --version
uv --version
git --version

# Docker
docker run --rm hello-world

# Shell
zsh --version
echo $SHELL

# Services
systemctl --user status porridge.service 2>/dev/null | head -5

# Network
tailscale status
ping -c 1 google.com

# Config files exist
ls -la ~/.zshrc ~/.zshrc.local ~/.gitconfig ~/.p10k.zsh ~/.local/bin/
```