{"id":15352446,"url":"https://github.com/vorburger/vorburger-dotfiles-bin-etc","last_synced_at":"2025-04-14T23:37:11.302Z","repository":{"id":41465834,"uuid":"134830889","full_name":"vorburger/vorburger-dotfiles-bin-etc","owner":"vorburger","description":"https://dotfiles.github.io","archived":false,"fork":false,"pushed_at":"2025-04-12T11:33:06.000Z","size":891,"stargazers_count":6,"open_issues_count":6,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-12T11:40:33.661Z","etag":null,"topics":["alias","cli","cloud","cloudshell","codespaces","dotfiles","fish","fish-shell","fisher","git-server-docker","google-cloud","google-cloud-platform","kitty","kitty-config","kitty-terminal","nano","nano-editor","ssh-server","tmux","toolbox"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vorburger.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"vorburger","patreon":"vorburger","open_collective":"vorburger","ko_fi":"vorburger","tidelift":"maven/ch.vorburger.mariaDB4j","community_bridge":"MariaDB4j","liberapay":"vorburger","issuehunt":"vorburger","custom":"https://www.paypal.me/MichaelVorburgerCH"}},"created_at":"2018-05-25T08:56:01.000Z","updated_at":"2025-04-12T11:33:10.000Z","dependencies_parsed_at":"2024-01-07T12:48:55.675Z","dependency_job_id":"99d02a48-7d24-4c6e-9271-3e197bb6882f","html_url":"https://github.com/vorburger/vorburger-dotfiles-bin-etc","commit_stats":{"total_commits":770,"total_committers":2,"mean_commits":385.0,"dds":"0.0012987012987012436","last_synced_commit":"bb7f5a9ed73dd45c28dfc4954ff0b4288f19b507"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vorburger%2Fvorburger-dotfiles-bin-etc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vorburger%2Fvorburger-dotfiles-bin-etc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vorburger%2Fvorburger-dotfiles-bin-etc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vorburger%2Fvorburger-dotfiles-bin-etc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vorburger","download_url":"https://codeload.github.com/vorburger/vorburger-dotfiles-bin-etc/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248980936,"owners_count":21193142,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alias","cli","cloud","cloudshell","codespaces","dotfiles","fish","fish-shell","fisher","git-server-docker","google-cloud","google-cloud-platform","kitty","kitty-config","kitty-terminal","nano","nano-editor","ssh-server","tmux","toolbox"],"created_at":"2024-10-01T12:09:31.429Z","updated_at":"2025-04-14T23:37:11.288Z","avatar_url":"https://github.com/vorburger.png","language":"Shell","funding_links":["https://github.com/sponsors/vorburger","https://patreon.com/vorburger","https://opencollective.com/vorburger","https://ko-fi.com/vorburger","https://tidelift.com/funding/github/maven/ch.vorburger.mariaDB4j","https://funding.communitybridge.org/projects/MariaDB4j","https://liberapay.com/vorburger","https://issuehunt.io/r/vorburger","https://www.paypal.me/MichaelVorburgerCH"],"categories":[],"sub_categories":[],"readme":"# Vorburger.ch's Dotfiles\n\n## Installation\n\n### ArchLinux\n\n    mkdir -p ~/git/github.com/vorburger/\n    cd ~/git/github.com/vorburger/\n    git clone git@github.com:vorburger/vorburger-dotfiles-bin-etc\n    cd vorburger-dotfiles-bin-etc\n\n    ./setup.sh\n    ./git-install.sh\n    ./pacman-install.sh\n    ./pacman-install-gui.sh\n    mv ~/.bashrc ~/.bashrc.original\n    ./symlink.sh\n    ./authorized_keys.sh\n\n### ChromeOS\n\nSet up these dotfiles (in a container) on a server, like below. Then just SSH into it,\nusing a [YubiKey with Secure Shell ChromeOS](https://chromium.googlesource.com/apps/libapps/+/HEAD/nassh/docs/hardware-keys.md).\nUsing locally in ChromeOS's Debian Linux on ARM arch hasn't been tested.\n\n### Visual Studio Code\n\nThe Visual Studio Code (VSC) \"Client\" UI is installed by `dnf-install-gui.sh` (or manually from https://code.visualstudio.com).\n\nPress _Ctrl-Shift-P_ to [Enable _Settings Sync_](https://code.visualstudio.com/docs/editor/settings-sync) (also [GitHub](https://docs.github.com/en/codespaces/customizing-your-codespace/personalizing-github-codespaces-for-your-account#settings-sync)) (and, if prompted, choose _[Merge](https://code.visualstudio.com/docs/editor/settings-sync#_merge-or-replace)_). (Use [Settings Sync: Show Synced Data](https://code.visualstudio.com/docs/editor/settings-sync#_restoring-data) to view Synced Machines etc.)\n\nEach time after installing additional extensions, run [`bin/code-extensions-export.sh`](bin/code-extensions-export.sh) to export to [`extensions.txt`](dotfiles/code/extensions.txt).\n\nIf extensions somehow get lost, then run [`bin/code-extensions-install.sh`](bin/code-extensions-install.sh)\n\n_TODO:_ `vsc --uninstall-extension` those that are not listed in `extensions.txt`.\n\n#### VSC CLI Tunnel Service\n\nThe [VSC Server's](https://code.visualstudio.com/docs/remote/vscode-server) Tunnel is installed as a Service by [`code-install-cli-tunnel-service.sh`](code-install-cli-tunnel-service.sh).\n\n### GitHub Codespaces\n\nEnable _Settings Sync_ as described above.\n\nEnable _Automatically install dotfiles_ from this repository in [your GitHub Settings](https://github.com/settings/codespaces).\n\nTo fix _Error loading webview: Error: Could not register service workers: NotSupportedError: Failed to register a ServiceWorker for scope ('...'): The user denied permission to use Service Worker_, [allow third-party cookies](https://stackoverflow.com/q/72498891/421602); e.g. on Chrome, add `[*.]github.dev` _Including third-party cookies_ on chrome://settings/cookies.\n\n[Your GitHub Codespaces](https://github.com/codespaces) (only future, not existing) will be initialized by [bootstrap.sh](bootstrap.sh), as per [this list of file names](https://docs.github.com/en/codespaces/setting-your-user-preferences/personalizing-github-codespaces-for-your-account#dotfiles).\n\nCheck if it is still running with `tail -f /workspaces/.codespaces/.persistedshare/creation.log`. If NOK, or to update:\n\n    cd /workspaces/.codespaces/.persistedshare/dotfiles/\n    ./bootstrap.sh\n    fish\n    cd /workspaces/...\n\n`git push` in `/workspaces/.codespaces/.persistedshare/dotfiles/` won't succeed while working in another repo; one way to still be able to push changes to dotfiles in this case is to [create a short-lived temporary personal access token](https://github.com/settings/tokens) **with Scope incl. Repo** and do `GITHUB_TOKEN=ghp_... git push`. [Here are other useful troubleshooting infos](https://docs.github.com/en/codespaces/troubleshooting/troubleshooting-dotfiles-for-codespaces). Testing during development is simplest by creating a codespace for this repo, and manually invoking `./bootstrap.sh`. ([My personal notes](https://github.com/vorburger/Notes/blob/master/Reference/github-codespaces.md) have some remaining TODOs.)\n\nThe `CODESPACES` [environment variable](https://docs.github.com/en/codespaces/developing-in-codespaces/default-environment-variables-for-your-codespace#list-of-default-environment-variables) should be used to skip anything long running that's not required in code spaces, e.g. the `nano` build.\n\n### Fedora [Silverblue](https://silverblue.fedoraproject.org) \u0026 [CoreOS](https://github.com/vorburger/vorburger.ch-Notes/tree/develop/linux/coreos)\n\n    mkdir ~/git/github.com/vorburger \u0026\u0026 cd ~/git/github.com/vorburger/\n    git clone git@github.com:vorburger/vorburger-dotfiles-bin-etc \u0026\u0026 cd vorburger-dotfiles-bin-etc\n\n    ./gnome-settings.sh\n    ./ostree-install-gui.sh\n    systemctl reboot\n    rpm-ostree status\n\n[My notes about Silverblue](https://github.com/vorburger/vorburger.ch-Notes/blob/develop/linux/silverblue.md) have debugging tips for _OSTree._\n\nIf the Silverblue workstation is intended to (also) be used as a server, remember _Settings \u003e Power \u003e Power Mode \u003e Power Saving Options \u003e Automatic Suspend._\n\nUntil the Toolbox Container works, use [the Fedora-based Container](#fedora-based-container-with-ssh) (see below). Copy [`kitty.conf`](dotfiles/kitty.conf) to `~/.config/kitty/kitty.conf`, and change `shell /home/vorburger/git/github.com/vorburger/vorburger-dotfiles-bin-etc/container/ssh.sh /home/vorburger/dev/vorburger-dotfiles-bin-etc/bin/tmux-ssh new -A -s MAKE`.\n\n#### Toolbox Container (NEW)\n\n    ./containers/build\n    toolbox create --image gcr.io/vorburger/dotfiles-fedora:latest\n\n    toolbox enter dotfiles-fedora-latest\n\n#### Toolbox Container (OLD)\n\nThe [Toolbox](https://github.com/containers/toolbox)-based container doesn't actually quite work very nicely just yet... :-(\n\n    ./toolbox.sh\n    mux\n\nThese should later be more nicely integrated into the Toolbox container (not ~):\n\n    ./symlink-toolbox.sh\n\nAlso, automatically start Toolbox in Fish instead of Bash...\nand `./gnome-settings.sh` autostart Terminal Session TMUX, with Toolbox.\nAnd run `~/.install-nano.sh` during `Dockerfile-toolbox`.\n\n### Fedora Workstation\n\nUnless you already have GitHub auth working, we may have a \"chicken and egg\" problem with [the YubiKey configuration](docs/yubikey.md), so it's simplest to start with an anon clone:\n\n    mkdir -p ~/git/github.com/vorburger/\n    cd ~/git/github.com/vorburger/\n    git clone https://github.com/vorburger/vorburger-dotfiles-bin-etc.git\n    cd vorburger-dotfiles-bin-etc\n\n    sudo cp container/sshd/01-local.conf /etc/ssh/sshd_config.d/\n\n    mv ~/.bashrc ~/.bashrc.original\n    ./dnf-install-gui.sh\n    ./authorized_keys.sh\n\nIf it all works, you can now open _Kitty_ (not _GNOME Terminal)_, [test the YubiKey](docs/yubikey.md), and then change the remote:\n\n    git remote set-url origin git@github.com:vorburger/vorburger-dotfiles-bin-etc\n\n#### UHK\n\n    ./etc.sh\n\nInstall _latest_ https://github.com/UltimateHackingKeyboard/agent/releases/,\nand fix up path in [`UHK.desktop`](dotfiles/desktop/UHK.desktop).  Upgrade Firmware.\nRemember to Export device configuration to [`keyboard/uhk/`](keyboard/uhk/UserConfiguration.json).\n\n### Debian / Ubuntu Servers\n\n    mkdir -p ~/git/github.com/vorburger/\n    cd ~/git/github.com/vorburger/\n    git clone git@github.com:vorburger/vorburger-dotfiles-bin-etc\n    cd vorburger-dotfiles-bin-etc\n\n    ./git-install.sh\n    ./debian-install.sh # or ./ubuntu-install.sh\n    mv ~/.bashrc ~/.bashrc.original\n    ./symlink.sh\n    ./setup.sh\n    ./authorized_keys.sh\n\n### Fedora-based Container (with SSH)\n\nThis container includes SSH, based on [container/devshell](container/devshell),\nso that one can login with an agent instead of keeping private keys in the container.\n\n#### Production\n\nIt's better to run the container with _rootless_ Podman under a UID that doesn't have sudo root powers, so:\n\n    sudo useradd dotfiles\n    sudo -iu dotfiles\n    loginctl enable-linger dotfiles\n    # The following fixes \"Failed to connect to bus: No medium found\"\n    export XDG_RUNTIME_DIR=/run/user/$(id -u)\n    systemctl enable --now --user podman.socket\n    systemctl --user status\n\nNow put the [`systemd` Unit File](systemd/) into `~/.config/systemd/user/` and then run:\n(Use simple copy/paste, or e.g. via `ln -rs systemd/dotfiles-fedora.service ~/.config/systemd/user/`.\n This pulls the container from `gcr.io/vorburger/dotfiles-fedora`!)\n\n    systemctl --user enable dotfiles-fedora\n    systemctl --user start  dotfiles-fedora\n    systemctl --user status dotfiles-fedora\n    journalctl --user -u dotfiles-fedora\n    systemctl --user status\n\nYou can now SSH login on port 2222 similarly to how [`ssh.sh`](container/ssh.sh) does.\nIt's convenient to configure a terminal (Kitty or GNOME Terminal or whatever) to call\n`ssh.sh /home/vorburger/dev/vorburger-dotfiles-bin-etc/bin/tmux-ssh new -A -s MAKE`.\n\nRestart the dotfiles container for user dotfiles from another user like this:\n\n    sudo -u dotfiles XDG_RUNTIME_DIR=/run/user/$(id -u dotfiles) systemctl --user restart dotfiles-fedora\n\nRemember that if making changes to systemd `*.service` files, while working as user dotfiles, you have to:\n\n    systemctl --user daemon-reload\n    systemctl --user restart dotfiles-fedora\n\nFurther information about all this is available e.g. on my CoreOS Notes about\n[Containers with systemd](https://github.com/vorburger/vorburger.ch-Notes/blob/develop/linux/coreos/README.md#containers) and\n[Additional Users](https://github.com/vorburger/vorburger.ch-Notes/blob/develop/linux/coreos/README.md#personal-user)\n(both sections aren't really CoreOS specific).\n\n#### Local Dev\n\n    ./container/build.sh\n\nWe can it without actually using SSH, which useful for quick iterating during local development:\n\n    podman run -it --rm gcr.io/vorburger/dotfiles-fedora:latest bash -c \"su - --shell=/usr/bin/fish vorburger\"\n\nTo run it (using the systemd user unit set up above) and SSH into it:\n\n    ./container/run.sh\n    ./container/ssh.sh\n\nOnce the container runs, you can also exec into it:\n\n    podman exec -it dotfiles bash -c \"su - vorburger \u0026\u0026 fish\"\n\nWe can now work on this project in that container, like so:\n\n    sudo chown vorburger:vorburger git/\n    cd git\n    git clone git@github.com:vorburger/vorburger-dotfiles-bin-etc.git\n    cd vorburger-dotfiles-bin-etc\n\n    sudo chown vorburger:vorburger /run/user/1000/podman/podman.sock\n    ./container/build.sh\n    exit\n    ./container/run.sh\n    ./container/ssh.sh\n\nNB that this will modify the ownership of `/run/user/1000/podman/podman.sock` on the host filesystem,\nnot only in the container. As long as we don't need to use `podman-remote` on the host, that shouldn't cause problems.\n\n#### Google Cloud COS VM with this container (SSH from outside into container)\n\n[Set up a Cloud Build](cloudbuild.yaml), and then:\n\n```\ngcloud compute instances create-with-container dotfiles-fedora --project=vorburger --zone=europe-west6-a --machine-type=e2-medium --network-interface=network-tier=PREMIUM,subnet=default --maintenance-policy=MIGRATE --service-account=646827272154-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --image=projects/cos-cloud/global/images/cos-stable-93-16623-39-30 --boot-disk-size=10GB --boot-disk-type=pd-balanced --boot-disk-device-name=dotfiles-fedora2 --container-image=gcr.io/vorburger/dotfiles-fedora --container-restart-policy=always --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=container-vm=cos-stable-93-16623-39-30\n```\n\n_TODO `gcloud beta compute disks create home --project=vorburger --type=pd-ssd --size=10GB --zone=europe-west6-a`,\nand then mount that into the container (above) - and switch to **`symlink-homefree.sh`** that doesn't use $HOME in container._\n\nTo login to the dotfiles container:\n\n    ssh-add -L # MUST show local key/s, NOT \"The agent has no identities\"\n    ssh -p 2222 -A vorburger@1.2.3.4\n\nTo enable SSH login to the host, not container, typically only required to check the container:\n\n    gcloud --project=vorburger compute project-info add-metadata --metadata enable-oslogin=TRUE\n    gcloud --project=vorburger compute os-login ssh-keys add --key-file=/home/vorburger/.ssh/id_ecdsa_sk.pub\n    ssh michael_vorburger@1.2.3.4\n\n### Google Cloud Workstations\n\n    ./google-cloud-workstation-install.sh\n\nTODO: Set up CI to [pre-build](https://cloud.google.com/workstations/docs/customize-container-images) the [`Dockerfile-google-cloud-workstation`](Dockerfile-google-cloud-workstation).\n\n### Google Cloud Shell\n\n[![Open in Cloud Shell](https://gstatic.com/cloudssh/images/open-btn.svg)](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_image=gcr.io/vorburger/vorburger-dotfiles-bin-etc)\n\n_TODO [See this (pending) question on StackOverflow](https://stackoverflow.com/questions/70612890/non-ephemeral-google-cloud-shell-with-custom-container-image) about Google Cloud Shell Custom Images always launched ephemeral; which makes it a No-Go for this project. (Simply running a dotfile devshell container on a GCE VM is much easier)._\n\nhttps://shell.cloud.google.com, see https://cloud.google.com/shell, is handy (but limited to a `du -h ~` 5 GB `$HOME`..), especially with the web-based [Google Cloud Code](https://cloud.google.com/code), based on [Eclipse Theia](https://theia-ide.org) (also available on [Gitpod](https://www.gitpod.io)). To be able to connect to other servers from Google Cloud Shell, notably GitHub, login to it from a local Terminal like this (or use [SSH Web](#ssh-web)):\n\n    gcloud cloud-shell ssh --ssh-flag=\"-A\"\n\nAlternatively, you COULD `ssh-keygen` and have something like the following in your `~/.ssh/config`, as per [this](https://github.com/aubort/google-cloud-shell-tutorial) or [this](https://vincentteo.com/2018/01/07/private-github-repos-google-cloud-shell/) guide, but security wise it's much better to keep your private SSH key e.g. a HSM YubiKey in your desktop/laptop, than having it on the cloud, so better don't this but use the approach above instead:\n\n    Host github.com\n        Hostname github.com\n        PreferredAuthentications publickey\n        IdentityFile ~/.ssh/id_rsa\n\n_TODO [See this (pending) question on StackOverflow](https://stackoverflow.com/questions/70612636/google-cloud-shell-ssh-with-customer-container-image) re. how to SSH login to Google Cloud Shell using a customer container image._\n\n_TODO [See this (pending) question on StackOverflow](https://stackoverflow.com/questions/70608840/how-to-ssh-login-to-google-cloud-shell-using-an-existing-private-key-on-a-yubike) re. how to SSH login to Google Cloud Shell using an existing private key on a YubiKey security key._\n\nTo use the many configurations from this repo in Google Cloud Shell, simply use the big blue _\"Open in Google Cloud Shell\"_ above. This is [based on a customized image](https://cloud.google.com/shell/docs/customizing-container-image) available on [gcr.io/vorburger](https://gcr.io/vorburger). Here is how to \"locally\" build it for improvements to it:\n\n    cd ~/git/github.com/vorburger/vorburger-dotfiles-bin-etc/\n    cloudshell env build-local\n    cloudshell env run\n\nWatch out for `Connection to localhost closed.` after `env run` - it means that the container\ncannot be SSH into, just like when \"gcr.io/cloudshell-image/custom-image-validation\" failed on a build,\ne.g. due to a newer TMUX having been installed, or e.g. an infinite loop by\n`/etc/inputrc` doing an `$include /etc/inputrc` by `symlink-homefree.sh`.\n\n## Use\n\n### Versions\n\nWe use \u003chttps://asdf-vm.com\u003e (with `.tool-versions`) to handle different Java versions and such; e.g. to test something with an ancient Java version:\n\n    asdf plugin-add java\n    asdf install java zulu-6.22.0.3\n    asdf shell java zulu-6.22.0.3\n    java -version\n    asdf uninstall java zulu-6.22.0.3\n    asdf plugin-remove java\n\nTo switch a project (directory) to a fixed version, and create the `.tool-versions` (which ASDF's Shell integration uses), do:\n\n    asdf local java zulu-6.22.0.3\n\n\u003chttps://sdkman.io\u003e with `.sdkmanrc` (and _[sdkman-for-fish](https://github.com/reitzig/sdkman-for-fish))_ is similar,\nbut it has [less \"SDKs\"](https://sdkman.io/sdks) than `asdf` [has plugins](https://github.com/asdf-vm/asdf-plugins?tab=readme-ov-file#plugin-list), which are also visible with `asdf plugin-list-all`.\n\n\u003chttps://www.jenv.be\u003e with `.java-version` is another (older) one like these, but it manages JDK and `JAVA_HOME`, only.\n\n## Security\n\n### SSH Web\n\nBrowser-based [Secure Shell App](https://chrome.google.com/webstore/detail/secure-shell-app/pnhechapfaindjhompbnflcldabbghjo?hl=en), based on https://hterm.org.\n\nConnection Dialog SSH Arguments e.g. `-At -- /usr/bin/fish` or `-At -- /bin/bash -c \"~/bin/tmux3 new -A -s Cloud\"`.\n\nIt's important to use absolute paths to the shell, because `ssh` won't read `PATH`.\n\n### SSH for multiple GitHub accounts\n\n    git config core.sshCommand \"ssh -i ~/.ssh/id_ecdsa_sk\"\n\npossibly with `[includeIf \"gitdir:~/work/\"]` in `~/.gitconfig`, as per https://dev.to/arnellebalane/setting-up-multiple-github-accounts-the-nicer-way-1m5m.\n\n### `ssh` 101\n\n    sudo dnf install -y pwgen diceware ; pip install xkcdpass\n    # Generate a password/passphrase\n    pwgen -s -y 239 1\n    diceware -n 24 -d \" \" --no-caps\n    xkcdpass -n 24\n\n    ssh-keygen -t ed25519 -C $(id -un)@$(hostname)\n    cat ~/.ssh/id_ed25519.pub\n\nCopy/paste `~/.ssh/id_ed25519.pub` into https://github.com/settings/keys.\n\nNow `sudo dnf install seahorse` (GNOME's Passwords and Keys) and when prompted, tick the checkbox about \"unlocking keyring when logging in\".\n\n    $ ssh git@github.com\n    Enter passphrase for key '/home/vorburger/.ssh/id_ed25519':\n    $ ssh git@github.com\n    Enter passphrase for key '/home/vorburger/.ssh/id_ed25519':\n    $ ssh-add -l\n    Could not open a connection to your authentication agent.\n    # Simply means that there is no SSH_AUTH_SOCK environment variable\n    $ eval $(ssh-agent)\n    Agent pid 1234\n    $ echo $SSH_AUTH_SOCK\n    /tmp/ssh-AqnT5yXiLt1X/agent.1234\n    $ ssh-add -l\n    The agent has no identities.\n    $ ssh-add .ssh/id_ed25519\n    Enter passphrase for .ssh/id_ed25519:\n    $ ssh-add -l\n    256 SHA256: ...\n    $ ssh git@github.com\n    # does not ask for passphrase anymore!\n\nThis could be automated e.g. by having an `dotfiles/bash.d/ssh-agent` which contains something like this:\n\n    if [[ -z \"$SSH_AUTH_SOCK\" ]]; then\n      eval $(ssh-agent)\n      ssh-add $HOME/.ssh/id_ed25519\n    else\n      echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK\n    fi\n\nBut with how we'll set it up using a YubiKey and `gpgconf` in the next section we do not need this.\n\n### `ssh` (incl. `git`) Agent incl. Forwarding with YubiKey\n\nAs e.g. per https://github.com/drduh/YubiKey-Guide#replace-agents, we need to appropriately set\nthe `SSH_AUTH_SOCK` environment variable.  You could be tempted to do something like the following:\n\n    echo \"export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)\" \u003e ~/.bash.d/SSH_AUTH_SOCK\n\nDoing this on a sever is not required, but doing this on a workstation prevents remote SSH login to the workstation.\nInstead, the [`bin/tmux*`](bin/) scripts very nicely automate and correctly integrate this with TMUX:\n\n    [you@desktop ~]$ tmux-local new -A -X -s MAKEx\n\n    [you@laptop ~]$ ssh -At desktop -- tmux-ssh new -A -X -s MAKEx\n\nYou probably want to put the desktop command into a launch command for your Terminal,\nand `echo` the laptop command into an `~/.bash.d/alias-h`.\n\nRemember to always use `ssh -A` to enable Agent Forwarding, as above.\nWe could alternatively use `ForwardAgent yes` in our `~/.ssh/config`, but as a security best practice,\nalways _only for a SINGLE Hostname__, never for all servers.\n\nBTW: `RemoteForward` in `~/.ssh/config` is not actually required (at least with Fedora 30).\n\n### `gpg` Agent Forwarding\n\nSee https://wiki.gnupg.org/AgentForwarding and related personal Notes.\n\n## Manual Settings\n\n### Fonts\n\nTL;DR Ligatures in the Terminal and Editor and symbols in directory listings \"just work\"!\n\nWe (apparently...) need **BOTH** the (original)\n[DNF `fira-code-fonts` package](https://github.com/tonsky/FiraCode/wiki/Linux-instructions#fedora)\n(which is what makes Ligatures e.g. in the Kitty Terminal and Visual Studio code work)\n*as well* as the (patched!) _[Fira Code (Nerd)](https://github.com/ryanoasis/nerd-fonts/tree/master/patched-fonts/FiraCode)_\n(which is what makes the fancy symbols used by `lsd` work).\n\nThis (monospaced) font is configured to be used in [`kitty.conf`](dotfiles/kitty/kitty.conf) and\n[in VSC](dotfiles/code/settings.json). The _Fira Mono_ font, which isn't part of the\n`fira-code-fonts` DNF package but comes with Fedora, is NOT actually used, here.\n\n[`fonts-install.sh`](fonts-install.sh), called by [`dnf-install-gui.sh`](dnf-install-gui.sh)\nscripts the installation of the the `ryanoasis/nerd-fonts` _FiraCode_ and [`dnf-install-gui.sh`](dnf-install.sh)\ndoes `dnf install fira-code-fonts`.\n\n### Dark Mode\n\nOpen `chrome://flags` and search for _\"dark\"_ and enable it.\n\n### Terminals\n\nFrom https://github.com/tonsky/FiraCode#terminal-support :\n\n* [Kitty](https://sw.kovidgoyal.net/kitty) (at [kovidgoyal/kitty](https://github.com/kovidgoyal/kitty) on GitHub) is nicely minimalistic, no Settings UI.  It duplicates `tmux`, but never mind.  Very actively maintained, Fedora package à jour.\n* [Hyper](https://hyper.is) looks interesting too, but more \"bloated\". Has RPM, but not Fedora packaged. [Font ligatures don't work in v3](https://github.com/vercel/hyper/issues/3607).\n* [QTerminal](https://github.com/lxqt/qterminal) does not list `Fira Code` in File \u003e Settings \u003e Font, so nope.\n* [Konsole](https://konsole.kde.org) drags KDE along, so no thanks.\n\nhttps://github.com/topics/terminal-emulators has moar... ;-)\n\n### Eclipse\n\nPreferences \u003e General \u003e Appearance \u003e Colors and Fonts: Basic Text Font = Fira Code 12.\n\n### GNOME\n\n    ./gnome-settings.sh\n\n### Wakatime\n\n`cp dofiles/wakatime.cfg ~/.wakatime.cfg` and edit it to replace [the placeholder `api_key`](dotfiles/wakatime.cfg) with the real one from https://wakatime.com/settings/account, and then verify heartbeat on https://wakatime.com/plugins/status after a few minutes.\n\n_TODO_\n\n1. Fix `api_key_vault_cmd`, see https://github.com/wakatime/vscode-wakatime/issues/374\n1. Fix `api_key` in `import_cfg`, see https://github.com/wakatime/vscode-wakatime/issues/375. (When it works, then instead of above copy https://wakatime.com/settings/account into a `$HOME/.wakatime/wakatime_secret.cfg` imported in [`~/.wakatime.cfg`](dotfiles/wakatime.cfg) which contains `[settings]\\napi_key = waka_...`)\n1. [Remote VSC Support?](https://github.com/wakatime/wakatime-cli/blob/develop/TROUBLESHOOTING.md#ssh-configuration)\n\n#### On Fedora Silverblue\n\n1. Install [Brave Flatpack from FlatHub](https://flathub.org/apps/details/com.brave.Browser) (but [YK SK won't work](https://github.com/flathub/com.brave.Browser/issues/126)):\n\n       flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo\n       flatpak install flathub com.brave.Browser\n\n1. Install [Minecraft Flatpack from Flathub](https://flathub.org/apps/details/com.mojang.Minecraft)\n\n1. In _Gnome Terminal's Preferences_, add a new Profile as below,\n   BUT name it `toolbox` and as Command, use:\n   `sh -c 'echo \"Type mux...\" \u0026\u0026 toolbox enter vorburger-toolbox'`\n\n#### On Fedora Workstation\n\nLaunch `gnome-tweaks` and configure:\n\n* _Appearance \u003e Themes \u003e **Legacy** Applications_ switch to _Adwaita-**dark**_ mode for night mode\n* _Startup Applications_, `+` _Kitty_ and _Chrome/Firefox_.\n  This puts (copies of, not symlinks to) `firefox.desktop` and `kitty.desktop` into `~/.config/autostart/`.\n* Windows Focus on Hover\n\nIn _Gnome Terminal's Preferences_, add a new `tmux` Profile, and _Set as default_, with:\n\n* Text _Custom Font_ `Fira Code Retina` Size 20. NB: [Fira Code's README](https://github.com/tonsky/FiraCode#terminal-support) lists GNOME Terminal as not supported, and the fancy Ligatures indeed don't work (like they do e.g. in Eclipse after changing the ), but I'm not actually seeing any real problems such as [issue #162](https://github.com/tonsky/FiraCode/issues/162), so it, just for consistency. (The alternative would be to just use `Fira Mono` from `mozilla-fira-mono-fonts` instead.)\n* Scrolling disable _Show scrollbar_ and _Scroll on output_, but enable _Scroll on keystroke_, and _Limit scrollback to: 10'000 lines_\n* Command: Replace initial title, Run a custom command instead of my shell: `mux`\n\nSettings \u003e Mouse \u0026 Touchpad : Touchpad \u003e Natural Scrolling enabled  \u0026\u0026  Tap to Click.\n\nSettings \u003e Keyboard Shortcuts: Delete (Backspace) Alt-ESC to Switch Windows Directly\n(because we use that in TMUX).\n\n### Power Saving\n\nSee [power](docs/power.md) and [suspend](docs/suspend.md) docs.\n\n**TODO** Test if the additional governors (conservative userspace powersave ondemand performance schedutil)\nwhich should appear after _booting with the kernel parameter `intel_pstate=disable`_ help with increased battery life..\n\n## Containers\n\n### _\"Podman-in-Podman\"_\n\nsee [doc](docs/podman.md)\n\n### Debian\n\n    clear; time docker build -t vorburger-debian -f Dockerfile-debian . \u0026\u0026 docker run -it --hostname=debian --rm vorburger-debian\n\nThe `Dockerfile-debian-minimal` is used instead of `Dockerfile-debian` to rebuild faster with less for quick local iterative development.\n\n### Toolbox\n\nSee the Silverblue section above for usage with Toolbox.\n\n### Google Cloud Shell\n\nSee above for usage as a https://cloud.google.com/shell/docs/customizing-container-image.\n\nTo local build test, try: `time docker build -t vorburger-google-cloudshell -f Dockerfile .` but it fails with:\n`Error: error creating build container: writing blob: adding layer with blob \"sha256:73b906f329a9204f69c7efa86428158811067503ffa65431ca008c8015ce7871\": Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 150328:89939 for /tinkey.bat): Check /etc/subuid and /etc/subgid: lchown /tinkey.bat: invalid argument`\n\n### Vorburger's _DeCe_ Cloudshell\n\nUsing https://github.com/vorburger/cloudshell for a customized web shell on http://localhost:8080 :\n\n    docker build -t vorburger-cloud -f Dockerfile-dece-cloudshell .\n    docker run --hostname=cloud -eUSER_ID=vorburger -eUSER_PWD=THEPWD --rm -p 8080:8080 vorburger-cloud\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvorburger%2Fvorburger-dotfiles-bin-etc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvorburger%2Fvorburger-dotfiles-bin-etc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvorburger%2Fvorburger-dotfiles-bin-etc/lists"}