From 534826f7f32352c8d9de841e9e07cd63e8acf711 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Wed, 25 Feb 2026 23:53:51 -0600 Subject: chore: add ssh config, update todo, add Berkeley Mono NF web fonts Add deepsat GitHub Enterprise host to ssh config, reorganize todo.org with GitHub release prep tasks, add Berkeley Mono Nerd Font woff/woff2 variants, and move podman notes to outbox. Co-Authored-By: Claude Opus 4.6 --- todo.org | 161 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 138 insertions(+), 23 deletions(-) (limited to 'todo.org') diff --git a/todo.org b/todo.org index 13fe210..03a0386 100644 --- a/todo.org +++ b/todo.org @@ -4,6 +4,106 @@ * Archsetup Open Work +** TODO [#A] Prepare for GitHub open-source release +Remove personal info, credentials, and code quality issues before publishing. + +*** TODO [#A] Remove credentials and secrets from dotfiles +- =.config/.tidal-dl.token.json= — active Tidal API token with userId +- =.config/calibre/smtp.py.json= — hex-encoded relay password, personal email mappings (family Kindle accounts) +- =.config/transmission/settings.json= — bcrypt-hashed RPC password +- =.msmtprc= — mail server credentials (gpg password references) +- =.mbsyncrc= — ProtonBridge IMAP credentials +Add all to =.gitignore=, remove from git tracking, create =.example= templates where appropriate. + +*** TODO [#A] Remove/template personal information from scripts +- =archsetup= lines 2-3: personal email and website in header +- =archsetup= lines 141-146: hardcoded =git.cjennings.net= repository URLs — make configurable via conf +- =scripts/post-install.sh=: personal git repos (finances, documents, danneel-*, nextjob, etc.) +- =scripts/gitrepos.sh=: personal server URLs +- =init= line 8: hardcoded password =welcome= + +*** TODO [#A] Remove/template personal info from dotfiles +- =.gitconfig=: hardcoded name, email, GitHub username +- =.config/musicpd.conf=: hardcoded =~cjennings/= paths (use =~/= instead) +- =.ssh/config=: personal host configuration +- =.config/yt-dlp/config=: personal domain reference +- =hyprland.conf= line 3: personal attribution + +*** TODO [#A] Scrub git history of secrets (or start fresh) +Even after removing files, secrets remain in git history. +Options: =git filter-repo= to rewrite history, or start a fresh repo for the GitHub remote. +Recommend: fresh repo for GitHub (keep cjennings.net remote with full history). + +*** TODO [#B] Remove device-specific configuration +=archsetup= lines 1458-1463: Logitech BRIO webcam udev rule — move to optional/configurable section. + +*** DONE [#B] Fix unsafe sed patterns with user input +CLOSED: [2026-02-23 Sun] +Quoted =$username= in sed replacement, switched locale and wireless-regdom sed +patterns to pipe delimiter to avoid conflicts with path/encoding characters. + +*** DONE [#B] Fix unsafe heredoc variable expansion +CLOSED: [2026-02-23 Sun] +Quoted =UDEVEOF= heredoc and used placeholder + sed replacement pattern (same as hyprpm hook). + +*** TODO [#B] Add README.md for GitHub +Project description, features, requirements, installation instructions, +configuration guide (archsetup.conf), security considerations, +contributing guidelines (or separate CONTRIBUTING.md), and license. + +*** TODO [#B] Add LICENSE file +Currently no license — must choose one before open-source release. + +*** TODO [#B] Remove binary font files from repo +PragmataPro and Apple Color Emoji fonts in =dotfiles/common/.local/share/fonts/=. +Add to =.gitignore=, document font installation separately. +May have licensing issues for redistribution. + +*** TODO [#B] Make claude-code installation optional +Line 1781: =curl | sh= from claude.ai — should be behind a config flag. +Not all users want AI tooling; curl-pipe-bash is a red flag for reviewers. + +*** TODO [#B] Add input validation for username and paths +Variables like ~$username~, ~$source_dir~, and paths are not validated. +Special characters or malicious input could break the script or cause security issues. +Should validate inputs match expected patterns (alphanumeric, valid paths, etc.). + +*** TODO [#B] Bulk shellcheck cleanup +Reviewed 2026-01-24: ~128 warnings, mostly acceptable patterns or low-priority style issues. +- SC2024 (sudo redirects) - acceptable, script runs as root +- SC2174 (mkdir -p -m) - reviewed, not a practical issue +- Various quoting warnings - high-priority ones already fixed +Focus on warnings that matter for public code review. + +*** TODO [#B] Document testing process in README +Help future maintainers and contributors understand and modify test infrastructure. + +*** TODO [#C] Add guard for rm -rf on constructed paths +Lines 236, 466, 905: validate directory exists and is in expected location before =rm -rf=. + +*** DONE [#C] Add mountpoint check before ramdisk mount +CLOSED: [2026-02-23 Sun] +Added =mountpoint -q= guard before mount; skips with info message if already mounted. + +*** TODO [#C] Improve error handling in chained commands +Line 820: three operations chained with =&&= reported as single failure. +Break into separate error-handled steps. + +*** DONE [#C] Add comments on complex logic +CLOSED: [2026-02-23 Sun] +Added comments explaining wireless region locale-to-ISO3166 mapping and +archsetup clone strategy (why symlinks need user-owned repo). + +*** TODO [#C] Standardize boolean comparison style +Mixed =[ "$var" = "true" ]= vs =$var= evaluation — pick one pattern. + +*** TODO [#D] Replace eval with safer alternatives +Line 434: =eval "$cmd"= — use arrays or direct execution. + +*** DONE [#D] Validate reserved usernames +CLOSED: [2026-02-23 Sun] +Added check against list of reserved system usernames (root, bin, daemon, sys, etc.). + ** TODO [#A] Ensure sleep/suspend works on laptops Critical functionality for laptop use - current battery drain unacceptable **NOTE:** This applies to Framework Laptop (velox), not Framework Desktop (ratio) @@ -46,13 +146,6 @@ Removed conflicting setxkbmap statements, gdm, and keyd configs - still didn't w ** TODO [#B] All error messages should be actionable with recovery steps Currently just reports errors without guidance on how to fix them -** TODO [#B] Full install logs should contain timestamps -Verify timestamps exist for debugging failures - -** TODO [#B] Add input validation for username and paths -Variables like ~$username~, ~$source_dir~, and paths are not validated -Special characters or malicious input could break the script or cause security issues -Should validate inputs match expected patterns (alphanumeric, valid paths, etc.) ** TODO [#B] Enable TLP power management for laptops TLP manages power-saving modes for Wi-Fi, USB, PCIe, Bluetooth, CPU scheduler @@ -202,13 +295,30 @@ Detect NVIDIA GPU and warn user about potential Wayland issues: - Document required env vars (LIBVA_DRIVER_NAME, GBM_BACKEND, etc.) - Prompt to continue or abort if NVIDIA detected -** TODO [#B] Validate DESKTOP_ENV default behavior -Confirm that defaulting DESKTOP_ENV to "dwm" when unassigned is the right choice. -Consider: should it prompt interactively instead? Or fail with a clear message? -** TODO [#B] Test archsetup username/password prompts -Test the username and password prompt functionality added to archsetup. -Verify prompts work correctly on fresh install simulation. +** TODO [#B] Add org-capture popup frame on keyboard shortcut +Set up a quick-capture popup using emacsclient that opens a small floating +org-capture frame, with Hyprland window rules to float, size, and center it. +Frame should auto-close on finalize (C-c C-c) or abort (C-c C-k). + +Implementation: +1. Create =~/.local/bin/quick-capture= script: + - =emacsclient -c -F '((name . "org-capture") (width . 80) (height . 20))' -e '(org-capture)'= + - Requires Emacs daemon running (already configured via systemd) +2. Add Hyprland window rules to =hyprland.conf=: + - =windowrulev2 = float, title:^(org-capture)$= + - =windowrulev2 = size 800 400, title:^(org-capture)$= + - =windowrulev2 = center, title:^(org-capture)$= + - =windowrulev2 = stayfocused, title:^(org-capture)$= +3. Add keybind in =hyprland.conf= (choose available key combo) +4. Add Elisp hook to auto-delete the frame after capture: + =(defun my/org-capture-delete-frame () + (when (equal (frame-parameter nil 'name) "org-capture") + (delete-frame))) + (add-hook 'org-capture-after-finalize-hook #'my/org-capture-delete-frame)= +5. Notes go directly into existing org capture templates — zero new infrastructure + +Reference: Protesilaos Stavrou's popup frame pattern for emacsclient. ** TODO Check linux-lts version until 6.18+ SCHEDULED: <2026-02-23 Mon +3w> @@ -229,9 +339,6 @@ The goal is a single place to edit each config, not two. ** TODO [#C] Create Chrome theme with dupre colors Create a Chrome browser theme using the dupre color palette. Plan saved in [[file:docs/PLAN-browser-themes.org][docs/PLAN-browser-themes.org]]. -** TODO [#C] Document testing process in README -Help future maintainers understand and modify test infrastructure - ** TODO [#C] Monitor and optimize test execution time Keep test runs performant as installs and post-install tests grow (target < 2 hours) @@ -323,11 +430,19 @@ pacman_install and aur_install have retry logic, but git_install doesn't cpupower service configures the default CPU scheduler (powersave or performance) Install cpupower, configure /etc/default/cpupower, enable service: ~systemctl enable --now cpupower.service~ -** TODO [#D] Bulk shellcheck cleanup -Reviewed 2026-01-24: ~128 warnings, mostly acceptable patterns or low-priority style issues. -- SC2024 (sudo redirects) - acceptable, script runs as root -- SC2174 (mkdir -p -m) - reviewed, not a practical issue -- Various quoting warnings - high-priority ones already fixed -Run =shellcheck archsetup= periodically to check for new issues, but bulk cleanup is low priority. - * Archsetup Resolved + +** DONE [#B] Full install logs should contain timestamps +CLOSED: [2026-02-23 Sun] +Log filename includes timestamp via =date +'%Y-%m-%d-%H-%M-%S'=. +Functions =error_warn()=, =error_fatal()=, and =display()= all output timestamps via =date +'%T'=. + +** DONE [#B] Validate DESKTOP_ENV default behavior +CLOSED: [2026-02-23 Sun] +Defaults to =hyprland= silently via =desktop_env="${desktop_env:-hyprland}"=. +Overridable via config file or =DESKTOP_ENV= environment variable. + +** DONE [#B] Test archsetup username/password prompts +CLOSED: [2026-02-23 Sun] +Username prompt with regex validation (lines 320-332) and password prompt +with confirmation (lines 339-353) implemented and functional. -- cgit v1.2.3