dotfiles - My linux config and rc files

	Commit message (Collapse)	Author	Age	Files	Lines
*	feat(remote-dev): add zoxide/clang-tools/node/uv/AI agents; bring git+ssh; ↵	sommerfeld	2026-05-14	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	SSH-format signing home.nix: - Add zoxide (fixes 'command not found' on shell start), clang-tools (no compiler driver), nodejs (Mason npm LSPs), uv (Mason python LSPs; does not install python3 in PATH, so Ubuntu's /usr/bin/python3 stays the system default), claude-code, github-copilot-cli. - Refine the leaf-tools policy comment: explicit denylist of build- toolchain binaries that would shadow Ubuntu's via PATH, plus a carve-out for editor/AI runtimes (node, uv, clang-tools). - Symlink ~/.config/git/{config,attributes,ignore} and ~/.ssh/config from the dotfiles tree. dot_config/zsh/dot_zshrc: guard direnv/zoxide/fzf inits with 'command -v X >/dev/null &&' so a fresh machine without one of them no longer prints a stderr error on every shell start. dot_config/git/config: append unconditional '[include] path = ~/.config/git/config.local' for machine-local overrides (used on the remote-dev VM to switch to SSH-format signing via the forwarded agent). Git silently skips missing include files. remote-dev/README.md: document the update flow (config-only vs HM rebuild), the single-shell leaf-tools policy, and the one-time VM setup for SSH-format commit signing (allowed_signers + config.local, ForwardAgent yes on the host).
*	feat(git): pre-push checks Co-authored-by trailers for agents	sommerfeld	2026-05-13	1	-5/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Same substring blacklist (copilot, claude, codex, ...) is now also applied to every Co-authored-by trailer in the commit message, not just the author header. Agents commonly slip in via that route. Trailers extracted with %(trailers:key=Co-authored-by,valueonly, unfold,separator=%x1f) and split in awk on \037, which can't appear in identity strings, so the tab-delimited record format stays unambiguous. To fix a flagged trailer use git commit --amend / interactive rebase to drop the Co-authored-by line; --reset-author won't help here.
*	feat(git): pre-push also rejects coding-agent authors	sommerfeld	2026-05-13	1	-14/+42
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Block commits where the author name/email contains any of: copilot, claude, codex, chatgpt, cursor, aider, devin, [bot], @openai., @anthropic. Use plain index() substring matching in awk to dodge regex-escaping pitfalls (an earlier draft using regex turned \[bot\] into a char class via -v escape processing and false-matched 'o' in 'com'). Fix: rebase with --reset-author re-stamps you as author while keeping the agent as it was (or drop them entirely). Documented in the failure message.
*	feat(git): pre-push also rejects commits with foreign committer	sommerfeld	2026-05-13	1	-8/+34
\| \| \| \| \| \| \| \| \| \| \| \| \|	Now flags any commit whose committer name+email doesn't match the local user.name / user.email (which respects the includeIf rules in ~/.config/git/config, so per-tree work/personal identities work). Author is left free: pulling someone else's commit and rebasing it locally re-stamps the committer to you, satisfies this gate, and the original author is preserved in the commit metadata. Both checks (signature + committer) run in one rev-list pass with tab-separated fields so awk parses unambiguously.
*	feat(git): global pre-push hook rejecting unsigned commits	sommerfeld	2026-05-13	2	-0/+60
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Activated via core.hooksPath = ~/.config/git/hooks in the global git config. The hook walks each ref being pushed (range: remote..local or, for new branches, local --not --remotes) and checks %G? on every commit. Accepts G/U/X/Y (good signature variants), rejects N/B/E/R (no signature, bad, missing key, revoked). Bypass: git push --no-verify This repo overrides hooksPath to .githooks/ for its just-check pre-commit gate, so a thin .githooks/pre-push delegates to the global hook to keep the policy enforced here too.
*	fix(git): allow self-signed cert for ProtonMail Bridge SMTP	sommerfeld	2026-05-13	1	-0/+1
\| \| \| \| \| \| \| \| \|	The Bridge presents a self-signed cert on its 127.0.0.1:1025 STARTTLS listener, so git send-email's default cert verification fails with SSL_verify_cert. Setting smtpSslCertPath to empty disables chain verification for this single, loopback-only endpoint. Per https://git-send-email.io/#step-2 (Proton Bridge note).
*	feat(git): configure git send-email via ProtonMail Bridge	sommerfeld	2026-05-13	1	-0/+13
\| \| \| \| \| \| \| \| \| \| \|	Add a [sendemail] block targeting the local Bridge SMTP listener (127.0.0.1:1025, STARTTLS) and a credential helper scoped to that URL that fetches the password from pass (proton/bridge-smtp). The helper command is public; the secret stays in the password store. The bridge SMTP username (sensitive but not secret) goes in the per-identity private overlay (~/doxfiles), not here. Also pull in the Perl SMTP modules git send-email needs at runtime.
*	refactor: restructure to chezmoi source state	sommerfeld	2026-04-21	3	-0/+182
	Rename home/ contents to chezmoi naming conventions: - dot_ prefix for dotfiles and dot-dirs - private_dot_ for .gnupg and .ssh directories - private_ for 0600 files (nym.pub) - executable_ for scripts in .local/bin and display-toggle.sh - symlink_ for mimeapps.list symlink