Julian Prester
7699d71d4e
Swap stage 06 and 07 so that custom scripts (Bitwarden SSH loader, custom binaries) are deployed before git clone operations that need SSH keys. - Renamed 06-uv-projects.sh → 07-uv-projects.sh - Renamed 07-scripts.sh → 06-scripts.sh - Updated provision.sh STAGES array and README - Updated stage reference numbers in 08-systemd and 09-desktop - Removed mempi-sync.timer (not needed without automated refresh)
Linux Machine Provisioning
Purpose: Rapidly set up a new Fedora Linux machine with Julian's toolchain, config, and customisations. Generated from audit of Pop!_OS "thinkpad" machine.
Supported Distributions
Auto-detected — no manual config needed:
| Family | Distros | Package Manager |
|---|---|---|
| Debian | Ubuntu, Pop!_OS, Debian, Linux Mint | apt |
| Fedora | Fedora Workstation, RHEL, CentOS | dnf |
Detection is in lib/distro.sh. It sets variables like $PKG_INSTALL,
$PKG_UPDATE, $GRUB_UPDATE etc. that all stage scripts use.
Quick Start
# Clone this repo on the new machine
git clone git@github.com:julianprester/linux-provision.git ~/linux-provision
cd ~/linux-provision
# Review and edit config/shell/zshrc.local with your API keys
cp config/shell/zshrc.local.example ~/.zshrc.local
# Edit ~/.zshrc.local with real API keys
# Run the full provisioning (will prompt for sudo)
bash provision.sh --all
# Or run individual stages
bash provision.sh --stage 03-toolchains
bash provision.sh --stage 06-uv-projects
# Or source it for interactive use
source provision.sh --interactive
Structure
linux-provision/
├── README.md # This file
├── provision.sh # Master orchestrator — run with --all or --stage N
├── stages/ # Modular stage scripts, sourced by provision.sh
│ ├── 00-envcheck.sh # OS/sudo/environment checks
│ ├── 01-repos.sh # DNF repos (RPM Fusion, COPR, Microsoft, etc.)
│ ├── 02-packages.sh # System packages via DNF
│ ├── 03-toolchains.sh # nvm, Node, uv, Python
│ ├── 04-shell.sh # zsh, oh-my-zsh, powerlevel10k, configs
│ ├── 05-git.sh # Git config, SSH key setup
│ ├── 06-scripts.sh # ~/.local/bin (bw, zoom, env, etc.)
│ ├── 07-uv-projects.sh # Clone + install Julian's uv tools from ~/Development
│ ├── 08-systemd.sh # User systemd services (porridge, swayidle, etc.)
│ ├── 09-desktop.sh # Keybindings, hotkeys, ghostty, fonts
│ ├── 10-docker.sh # Docker CE setup
│ ├── 11-tweaks.sh # sysctl, kernel params, TLP/powertop, modprobe
│ └── 12-other-apps.sh # Chrome, Signal, Zotero
├── config/ # Dotfiles and config files (installed by stages)
│ ├── git/gitconfig
│ ├── shell/{zshrc,zshrc.local.example,p10k.zsh}
│ ├── scripts/{bw-load-ssh.sh,idle-battery-suspend.sh,zoom.sh,env.sh}
│ ├── systemd/{porridge.service,...}
│ ├── sysctl/99-custom.conf
│ └── modprobe/{system76-power.conf,pop-default-settings-dirty-frag.conf}
├── etc/ # System-level configs (copied to /etc)
└── TODO.md # Post-provisioning manual steps
Stages Overview
| # | Stage | What it does |
|---|---|---|
| 00 | envcheck | Verify Fedora, sudo access, directory setup |
| 01 | repos | RPM Fusion free/nonfree, COPRs, Microsoft, Docker, Google, Signal, Tailscale |
| 02 | packages | Install all system packages (distro-mapped names) |
| 03 | toolchains | Install nvm + Node LTS, uv, Python |
| 04 | shell | Install zsh, oh-my-zsh, p10k, deploy .zshrc, .p10k.zsh |
| 05 | git | Deploy .gitconfig, generate SSH key |
| 06 | scripts | Deploy ~/.local/bin scripts (bw, bw-load-ssh, Zoom wrapper, etc.) |
| 07 | uv-projects | Clone all Julian's Python tool repos from GitHub, uv install (needs SSH keys) |
| 08 | systemd | Deploy and enable user systemd services |
| 09 | desktop | Configure keybindings, hotkeys, ghostty, fonts |
| 10 | docker | Install Docker CE, add user to docker group |
| 11 | tweaks | sysctl, kernel cmdline, TLP/powertop, modprobe blacklists |
| 12 | other-apps | Google Chrome, Signal, Zotero |
Post-Install Manual Steps
See TODO.md for things that can't be automated: restoring SSH keys
from Bitwarden, configuring Tailscale, importing GPG keys, etc.
Design Notes
- Distribution-agnostic — detects Debian/Ubuntu/Pop vs Fedora via
lib/distro.sh. Package manager commands, repo config, and package names adapt automatically. - Idempotent — safe to run multiple times. Stages check for existing installations before repeating work.
- Secrets out of repo — API keys live in
~/.zshrc.local(gitignored). The repo shipszshrc.local.examplewith placeholder values. - One stage per concern — comment out stages you don't need in
provision.shor pass--stageindividually. - Hardware-specific quirks commented out — AMD GPU kernel params, WiFi workarounds, etc. are documented but disabled by default.