julianprester/linux-provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a79d2b3fa2deb1b5701bce6ef2a1b88420a8d134
linux-provisioning/TODO.md
Julian Prester a249dec1ba Revert gitconfig/TODO/bw-login redactions; remove zshrc.local.example 
Public key, name, email, and self-hosted URLs are fine to publish.
Remove config/shell/zshrc.local.example instead of genericizing it —
it contained personal infrastructure details with no value to others.
2026-06-07 15:23:53 +10:00

174 lines
5.2 KiB
Markdown
Executable File
Raw Blame History

# Post-Provisioning TODO
Things that can't be fully automated (require manual setup, credentials,
or hardware-specific configuration).
## 1. SSH Keys & GitHub
- [ ] **Load SSH keys from Bitwarden** or generate a new key:
```bash
# Option A: Generate fresh key
ssh-keygen -t ed25519 -C "hi@julianprester.com"
# Option B: Set up Bitwarden+SSH loading
bw login
bw unlock --raw > ~/.config/Bitwarden\ CLI/.session
chmod 600 ~/.config/Bitwarden\ CLI/.session
bw-load-ssh.sh
# Option C: Copy keys from old machine
# scp old-machine:~/.ssh/id_ed25519* ~/.ssh/
```
- [ ] **Add SSH public key to GitHub**: https://github.com/settings/keys
- [ ] Clone this repo and remaining repos:
```bash
git clone git@github.com:julianprester/linux-provision.git
```
## 2. Bitwarden & Environment Variables
API keys are loaded directly in `.zshrc` via `bw` + `jq`. No separate script.
- [ ] **Run `bw login`** to authenticate with Bitwarden
- [ ] **Unlock vault and save session:**
```bash
bw unlock --raw > ~/.config/Bitwarden\ CLI/.session
chmod 600 ~/.config/Bitwarden\ CLI/.session
```
- [ ] **Create a Bitwarden item** named "Environment" (type: Secure Note)
with custom fields for each API key:
| Field Name | Type | Example Value |
|---|---|---|
| `GROQ_API_KEY` | Hidden | `gsk_your_key` |
| `ANTHROPIC_API_KEY` | Hidden | `sk-ant-your-key` |
| `GOOGLE_API_KEY` | Hidden | `AIza_your_key` |
| `CANVAS_API_KEY` | Hidden | `3156~your_key` |
| `NC_PASSWORD` | Hidden | `your_nextcloud_password` |
| ... (22 vars total — see `config/shell/zshrc.local.example` for the full list) |
- [ ] **Open a new shell** — `.zshrc` exports them automatically
- [ ] **Verify:** `echo $GROQ_API_KEY` (should show your key)
If you prefer a plain file instead of Bitwarden:
- [ ] Edit `~/.zshrc.local` with your API keys (template in `config/shell/zshrc.local.example`)
- [ ] Uncomment the alternate `source ~/.zshrc.local` line in the deployed `.zshrc`
If you prefer a plain file instead of Bitwarden:
- [ ] Edit `~/.zshrc.local` with your API keys (template in `config/shell/zshrc.local.example`)
- [ ] Uncomment the `source ~/.zshrc.local` line in your deployed `.zshrc`
## 3. Tailscale
- [ ] Authenticate Tailscale:
```bash
sudo tailscale up
```
- [ ] Verify connection: `tailscale status`
- [ ] Note your Tailscale IP for services (Actual Budget, Nextcloud, etc.)
## 4. Nextcloud
- [ ] Install Nextcloud Desktop Client (Flatpak or RPM)
- [ ] Connect to `https://nc.julianprester.com`
- [ ] Select sync folders (especially `Nextcloud/3_bibliography/`)
- [ ] Update `PandocCiter.DefaultBib` in VS Code settings if bib path changes
## 5. Actual Budget
- [ ] Verify connection: `actualpy accounts`
- [ ] Update URL/password in `~/.config/actualpy/config.yaml`
## 6. Docker & WinBoat
- [ ] Log out and back in for docker group to take effect
- [ ] Pull WinBoat image: `docker pull ghcr.io/dockur/windows:5.14`
- [ ] Set up `~/.winboat/docker-compose.yml` (see reference in repo notes)
- [ ] Pull grobid: `docker pull grobid/grobid`
- [ ] Run grobid: `docker run -d -p 8070:8070 grobid/grobid`
## 7. Zotero
- [ ] Install Zotero (Flatpak or tarball from zotero.org)
- [ ] Sign in to sync library
- [ ] Install Zotero browser connector
- [ ] Set ZOTERO_KEY env var in `~/.zshrc.local`
## 8. GNOME Keybindings (if using GNOME)
- [ ] Verify custom shortcuts were applied:
```bash
gsettings list-recursively org.gnome.settings-daemon.plugins.media-keys.custom-keybinding
```
- [ ] Or add them manually via Settings → Keyboard → Keyboard Shortcuts
## 9. Fonts
- [ ] If Nerd Font download failed, install manually:
- Download from https://www.nerdfonts.com/font-downloads
- MesloLGS NF (recommended for Powerlevel10k)
- Extract to `~/.local/share/fonts/` and run `fc-cache -fv`
## 10. Ghostty
- [ ] Verify Ghostty runs and fonts look correct (nerd font icons in prompt)
- [ ] If not, set `font-family = "MesloLGS NF"` in `~/.config/ghostty/config`
## 11. VS Code
- [ ] Open VS Code and verify extensions are installed
- [ ] Sign in to GitHub → Settings → Sync (if you use Settings Sync)
- [ ] Verify PandocCiter path to bibliography
## 12. Solaar (Logitech Peripherals)
- [ ] Open Solaar from applications menu
- [ ] Pair your Logitech receiver or connect via Bluetooth
- [ ] The config will auto-save to `~/.config/solaar/config.yaml`
## 13. Printer / Scanning
- [ ] If using a printer, add via Settings → Printers
- [ ] If using a scanner, install `simple-scan`:
```bash
sudo dnf install simple-scan
```
## 14. Reboot to Apply Kernel Changes
- [ ] `sudo reboot` — required for:
- GRUB kernel cmdline parameters (if uncommented)
- sysctl settings (most apply at runtime, but reboot ensures)
- Docker group membership
- Desktop environment changes
## 15. Verify Everything
Run a quick sanity check after reboot:
```bash
# Development tools
node --version
npm --version
python3 --version
uv --version
git --version
# Docker
docker run --rm hello-world
# Shell
zsh --version
echo $SHELL
# Services
systemctl --user status porridge.service 2>/dev/null | head -5
# Network
tailscale status
ping -c 1 google.com
# Config files exist
ls -la ~/.zshrc ~/.zshrc.local ~/.gitconfig ~/.p10k.zsh ~/.local/bin/
```
Reference in New Issue View Git Blame Copy Permalink