Remove superfluous changelog and todos file

modified:   README.md
	modified:   bash/dot-bashrc
	modified:   git/dot-config/git/config
	new file:   helix/dot-config/helix/config.toml
	modified:   pet/dot-config/pet/snippet.toml
	renamed:    run.sh -> setup.sh

README.md

@@ -1,25 +1,47 @@
-# Some Notes
+# Dotfiles
-__  To be worked into a setup script at some point __
+
-## Clone repo
+Personal dotfiles and more
+
+## Installation
+
+Install [GNU stow](https://gnu.org/software/stow/). 
+You **will** want a version >= 8. September 2024! See [here](https://cgit.git.savannah.gnu.org/cgit/stow.git/tree/NEWS). 
+This is so `dot-*` named files (or dirs) are handled correctly!
+
+See `run.sh`. Use it as taskfile to install stow.
+
+Then, to make sure that stow is correctly handling `dot-*` named dirs, run
+
+```bash
+stow --dotfiles --verbose stow
 ```
-git clone git@github.com:sebaschi/dotfiles.git ~/.dotfiles
+This installs the `dot-stowrc` and global ignore list. 
+
+## Installing configs
+```sh
+stow <config-pkg-name>
+```
+`<config-pkg-name>` is just one of the directories of this repo.
+To see what the effect would be without applying anything (dry-run):
+```sh
+stow -n <config-pkg-name>
 ```
 
-## Symlink files to correct locations
+## Included Configurations
-```
-ln -s ~/.dotfiles/git/gitconfig ~/.gitconfig
-```
-```
-ln -s ~/.dotfiles/vim/vimrc ~/.vimrc
-```
-```
-ln -s ~/.dotfiles/bash/bashrc ~/.bashrc
-```
-## Apps/Tools I use
-* 'exa' as replacement for 'ls'
-* starship.io
-* 'neofetch' CLI for system (OS mostly) info
-* 'ncdu" CLI disk use info
-* 'htop' process/cpu info. replacement for 'top'
-* neovim with lazy.nvim
 
+* **Shells**: Bash, Fish, Zsh
+* **Terminal**: Tmux, Zellij, Ghostty
+* **Editors**: Vim, Neovim (with lazy.nvim)
+* **Tools**: Git, Starship prompt, Borg backup, Fossil (**TODO**)
+* **Utilities**: Rsync filters
+
+## Tools Tools
+
+* `eza` - Modern replacement for `ls`
+* `starship.io` - Cross-shell prompt
+* `neofetch` - System information tool
+* `ncdu` - Disk usage analyzer
+* `btop` - Interactive process viewer (replacement for `top`)
+* `neovim` - Enhanced vim editor
+> [!note]
+> TODO: add more tools!

bash/dot-bash_logout

@@ -0,0 +1,7 @@
+# ~/.bash_logout: executed by bash(1) when login shell exits.
+
+# when leaving the console clear the screen to increase privacy
+
+if [ "$SHLVL" = 1 ]; then
+    [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
+fi

bash/dot-bashrc

@@ -0,0 +1,161 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color|*-256color) color_prompt=yes;;
+esac
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='eza --color'
+    alias dir='dir --color'
+    alias vdir='vdir --color'
+
+    # using ugrep instead of grep
+    alias grep='ug -G --color'
+    alias fgrep='ug -F --color'
+    alias egrep='ug -E --color'
+fi
+
+# colored GCC warnings and errors
+export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -hF'
+
+# Add an "alert" alias for long running commands.  Use like so:
+#   sleep 10; alert
+alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# Source bash env list
+source $HOME/.local/share/bash/bash_env
+
+# Pet snippet manager
+# register previous command 
+function prev() {
+    PREV=$(echo $(history | tail -n2 | head -n1) | sed 's/[0-9]* //')
+    sh -c "pet new $(printf %q "$PREV")"
+}
+
+# TODO if [ -d ~/.bashrc.d ]; then
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+. "$HOME/.cargo/env"
+
+
+# Starship init
+eval "$(starship init bash)"
+
+# Homebrew
+eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
+
+# Pagers
+#export PAGER="$(which moar)"
+# export MANPAGER="$PAGER"
+
+# Github CLI aliases
+alias ghce="gh copilot explain"
+alias ghcs="gh copilot suggest"
+
+# Util Aliases
+# broot does this now
+# alias fcd='cd "$(dirname "$(fzf)")"'
+alias st='systemctl-tui'
+alias task='./task.py'
+
+# BEGIN hcloud
+source <(hcloud completion bash)
+# END hcloud
+
+source /home/seb/.config/broot/launcher/bash/br
+
+[ -f "/home/seb/.ghcup/env" ] && . "/home/seb/.ghcup/env" # ghcup-env
+
+alias nodeman='ssh hwsec nodeman'

ghostty/dot-config/ghostty/config

@@ -7,7 +7,7 @@ window-width = 140
 window-height = 35
 window-save-state = always
 auto-update = download
-command = /home/linuxbrew/.linuxbrew/bin/nu
+# command = /home/linuxbrew/.linuxbrew/bin/nu
 keybind = ctrl+shift+l=goto_split:right
 keybind = ctrl+shift+h=goto_split:left
 keybind = ctrl+shift+j=goto_split:bottom

git/dot-config/git/config

@@ -0,0 +1,9 @@
+[user]
+	name = Sebastian Lenzlinger
+	email = s.m.lenzlinger@student.vu.nl
+[init]
+	defaultBranch = devel
+[core]
+	editor = nvim
+[gpg "ssh"]
+	allowedSignersFile = /home/seb/.ssh/allowed_signers

git/dot-config/git/ignore

@@ -0,0 +1,17 @@
+.claude/
+.claude
+.claude/**
+Claude.md
+*.o
+*.log
+cache/
+logs/
+build/
+
+# Python stuff
+__pycache__/
+*.pyc
+
+
+# Environement/ 12 Factor
+.env

git/gitconfig

@@ -1,10 +0,0 @@
-[user]
-    email = 74497638+sebaschi@users.noreply.github.com
-    name = Sebastian Lenzlinger
-[http]
-	sslVerify = false
-[filter "lfs"]
-	clean = git-lfs clean -- %f
-	smudge = git-lfs smudge -- %f
-	process = git-lfs filter-process
-	required = true

gtk-3.0/dot-config/gtk-3.0/README.md

@@ -0,0 +1,4 @@
+# `lm-xia-cinnamon-1.css`
+**Issue**: When tab switching windows in "show window" mode, it was hard to tell which window was the active window.
+This gtk css config manages to give active windows a boarder, and additionally creates a shadow when tabbing through windows, where the non active windows are darker/dimmed
+

gtk-3.0/dot-config/gtk-3.0/lm-xia-cinnamon-1.css

@@ -0,0 +1,120 @@
+/* Active window colors */
+@define-color active_window_bg_color @theme_selected_bg_color;
+@define-color active_window_fg_color @theme_selected_fg_color;
+
+/* Inactive window colors */
+@define-color inactive_window_fg_color @theme_unfocused_fg_color;
+@define-color inactive_window_bg_color @theme_unfocused_bg_color;
+
+headerbar {
+    box-shadow: none;
+}
+
+headerbar:not(:backdrop),
+headerbar:not(:backdrop) button:not(:backdrop) {
+    color: @active_window_fg_color;
+    background-color: @active_window_bg_color;
+    background-image: none;
+    border-color: @active_window_bg_color;
+    text-shadow: none;
+    -gtk-icon-shadow: none;
+}
+
+headerbar:backdrop,
+headerbar:backdrop button:backdrop {
+    color: @inactive_window_fg_color;
+    background-color: @inactive_window_bg_color;
+    background-image: none;
+    border-color: @inactive_window_bg_color;
+}
+
+
+/* Disables the circle image around the close button,
+   as well the "shadow" image of inactive window icons
+   for Mint-Y-Legacy themes.
+ */
+headerbar button.titlebutton,
+.titlebar button.titlebutton {
+    background-image: none;
+}
+
+
+headerbar button.titlebutton:not(:backdrop) {
+    color: @active_window_fg_color;
+}
+
+headerbar button.titlebutton:backdrop {
+    color: @inactive_window_fg_color;
+}
+
+/* Hover over icons will invert the image with a square image. */
+headerbar button.titlebutton:hover:not(:backdrop){
+    color: @active_window_bg_color;
+    background-image: -gtk-gradient(radial, center center, 0, center center, 0.8, to(@active_window_fg_color), to(transparent));
+}
+
+headerbar button:hover:not(:backdrop){
+    color: @active_window_bg_color;
+    background-color: @active_window_fg_color;
+}
+
+/* Clicking an icon will change the hover representation from circle to square. */
+headerbar button.titlebutton:active:not(:backdrop) {
+    color: @active_window_bg_color;
+    background-image: -gtk-gradient(radial, center center, 0, center center, 0.5, to(@active_window_fg_color), to(transparent));
+}
+
+/* Hover over icons will invert the image with a square image. */
+headerbar button.titlebutton:hover:backdrop {
+    color: @inactive_window_bg_color;
+    background-image: -gtk-gradient(radial, center center, 0, center center, 0.8, to(@inactive_window_fg_color), to(transparent));
+}
+
+headerbar button:hover:backdrop {
+    color: @inactive_window_bg_color;
+    background-color: @inactive_window_fg_color;
+}
+
+/* Clicking an icon will change the hover representation from circle to square. */
+headerbar button.titlebutton:active:backdrop {
+    color: @inactive_window_bg_color;
+    background-image: -gtk-gradient(radial, center center, 0, center center, 0.5, to(@inactive_window_fg_color), to(transparent));
+}
+
+/* Prevent dark squares appearing around unfocused
+   OSD app icons in new Mint-Y themes. */
+.titlebar button.titlebutton.maximize:hover,
+.titlebar button.titlebutton.minimize:hover,
+.titlebar button.titlebutton.close:hover {
+    background-image: none;
+}
+
+/* Hover over the window close button makes it RED */
+.titlebar button.titlebutton.close:hover {
+    background-color: #fc4f4f;
+    color: white;
+}
+
+/* Makes the border of the active window the same color as the selected theme's bg color and adds a black border on the inactive windows*/
+.ssd decoration {
+    box-shadow: 0 1px 1px rgba(0, 0, 0, 0.16), 0 0 0 1px @active_window_bg_color;
+    border: none;
+}
+.ssd decoration:backdrop {
+    box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.16), 0 0 0 1px #000000;
+}
+
+/* Uncomment this section to increase the size of the icons. */
+/*
+headerbar {
+    min-height: 36px;
+}
+
+headerbar button.titlebutton,
+headerbar button.titlebutton image {
+    min-width: 30px;
+    min-height: 30px;
+    -gtk-icon-transform: scale(1.5);
+    background-size: 28px 28px;
+}
+*/

helix/dot-config/helix/config.toml

@@ -0,0 +1,5 @@
+theme = "yellowed"
+
+[editor.cursor-shape]
+insert = "bar"
+

kanidm-eval/dot-config/eval_quickstart.md

@@ -0,0 +1,317 @@
+::: {#mdbook-help-container}
+::: {#mdbook-help-popup}
+## Keyboard shortcuts {#keyboard-shortcuts .mdbook-help-title}
+
+<div>
+
+Press [←]{.kbd} or [→]{.kbd} to navigate between chapters
+
+Press [S]{.kbd} or [/]{.kbd} to search in the book
+
+Press [?]{.kbd} to show this help
+
+Press [Esc]{.kbd} to hide this help
+
+</div>
+:::
+:::
+
+::: {#body-container}
+::: {#sidebar-resize-handle .sidebar-resize-handle}
+::: sidebar-resize-indicator
+:::
+:::
+
+::: {#page-wrapper .page-wrapper}
+::: page
+::: {#menu-bar-hover-placeholder}
+:::
+
+::: {#menu-bar .menu-bar .sticky}
+::: left-buttons
+
+-   Auto
+-   Light
+-   Rust
+-   Coal
+-   Navy
+-   Ayu
+:::
+
+# Kanidm Administration {#kanidm-administration .menu-title}
+
+::: right-buttons
+[](print.html "Print this book"){aria-label="Print this book"}
+[](https://github.com/kanidm/kanidm "Git repository"){aria-label="Git repository"}
+[](https://github.com/kanidm/kanidm/edit/master/book/src/evaluation_quickstart.md "Suggest an edit"){aria-label="Suggest an edit"}
+:::
+:::
+
+::: {#search-wrapper .hidden}
+::: {#searchresults-outer .searchresults-outer .hidden}
+::: {#searchresults-header .searchresults-header}
+:::
+:::
+:::
+
+::: {#content .content}
+::: {role="main"}
+# [Evaluation Quickstart](#evaluation-quickstart){.header}
+
+This section will guide you through a quick setup of Kanidm for
+evaluation. It\'s recommended that for a production deployment you
+follow the steps in the [installation
+chapter](installing_the_server.html) instead as there are a number of
+security considerations you should be aware of for production
+deployments.
+
+## [Requirements](#requirements){.header}
+
+The only thing you\'ll need for this is Docker, Podman, or a compatible
+containerd environment installed and running.
+
+## [Get the software](#get-the-software){.header}
+
+``` bash
+docker pull docker.io/kanidm/server:latest
+```
+
+## [Create your configuration](#create-your-configuration){.header}
+
+Create `server.toml`. The important parts are the `domain` and `origin`.
+For this example, if you use `localhost` and `https://localhost:8443`
+this will match later commands.
+
+``` toml
+# The server configuration file version.
+version = "2"
+
+#   The webserver bind address. Requires TLS certificates.
+#   If the port is set to 443 you may require the
+#   NET_BIND_SERVICE capability.
+#   Defaults to "127.0.0.1:8443"
+bindaddress = "[::]:8443"
+#
+#   The read-only ldap server bind address. Requires
+#   TLS certificates. If set to 636 you may require
+#   the NET_BIND_SERVICE capability.
+#   Defaults to "" (disabled)
+# ldapbindaddress = "[::]:3636"
+#
+#   The path to the kanidm database.
+db_path = "/data/kanidm.db"
+#
+#   If you have a known filesystem, kanidm can tune the
+#   database page size to match. Valid choices are:
+#   [zfs, other]
+#   If you are unsure about this leave it as the default
+#   (other). After changing this
+#   value you must run a vacuum task.
+#   - zfs:
+#     * sets database pagesize to 64k. You must set
+#       recordsize=64k on the zfs filesystem.
+#   - other:
+#     * sets database pagesize to 4k, matching most
+#       filesystems block sizes.
+# db_fs_type = "zfs"
+#
+#   The number of entries to store in the in-memory cache.
+#   Minimum value is 256. If unset
+#   an automatic heuristic is used to scale this.
+#   You should only adjust this value if you experience
+#   memory pressure on your system.
+# db_arc_size = 2048
+#
+#   TLS chain and key in pem format. Both must be present.
+#   If the server receives a SIGHUP, these files will be
+#   re-read and reloaded if their content is valid.
+tls_chain = "/data/chain.pem"
+tls_key = "/data/key.pem"
+#
+#   The log level of the server. May be one of info, debug, trace
+#
+#   NOTE: this can be overridden by the environment variable
+#   `KANIDM_LOG_LEVEL` at runtime
+#   Defaults to "info"
+# log_level = "info"
+#
+#   The DNS domain name of the server. This is used in a
+#   number of security-critical contexts
+#   such as webauthn, so it *must* match your DNS
+#   hostname. It is used to create
+#   security principal names such as `william@idm.example.com`
+#   so that in a (future) trust configuration it is possible
+#   to have unique Security Principal Names (spns) throughout
+#   the topology.
+#
+#   ⚠️  WARNING ⚠️
+#
+#   Changing this value WILL break many types of registered
+#   credentials for accounts including but not limited to
+#   webauthn, oauth tokens, and more.
+#   If you change this value you *must* run
+#   `kanidmd domain rename` immediately after.
+domain = "idm.example.com"
+#
+#   The origin for webauthn. This is the url to the server,
+#   with the port included if it is non-standard (any port
+#   except 443). This must match or be a descendent of the
+#   domain name you configure above. If these two items are
+#   not consistent, the server WILL refuse to start!
+#   origin = "https://idm.example.com"
+origin = "https://idm.example.com:8443"
+
+#   HTTPS requests can be reverse proxied by a loadbalancer.
+#   To preserve the original IP of the caller, these systems
+#   will often add a header such as "Forwarded" or
+#   "X-Forwarded-For". Some other proxies can use the PROXY
+#   protocol v2 header.
+#   This setting allows configuration of the list of trusted
+#   IPs or IP ranges which can supply this header information,
+#   and which format the information is provided in.
+#   Defaults to "none" (no trusted sources)
+#   Only one option can be used at a time.
+# [http_client_address_info]
+# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
+#   # OR
+# x-forward-for = ["127.0.0.1", "127.0.0.0/8"]
+
+#   LDAPS requests can be reverse proxied by a loadbalancer.
+#   To preserve the original IP of the caller, these systems
+#   can add a header such as the PROXY protocol v2 header.
+#   This setting allows configuration of the list of trusted
+#   IPs or IP ranges which can supply this header information,
+#   and which format the information is provided in.
+#   Defaults to "none" (no trusted sources)
+# [ldap_client_address_info]
+# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
+
+[online_backup]
+#   The path to the output folder for online backups
+path = "/data/kanidm/backups/"
+#   The schedule to run online backups (see https://crontab.guru/)
+#   every day at 22:00 UTC (default)
+schedule = "00 22 * * *"
+#    four times a day at 3 minutes past the hour, every 6th hours
+# schedule = "03 */6 * * *"
+#   We also support non standard cron syntax, with the following format:
+#   sec  min   hour   day of month   month   day of week   year
+#   (it's very similar to the standard cron syntax, it just allows to specify the seconds
+#   at the beginning and the year at the end)
+#   Number of backups to keep (default 7)
+# versions = 7
+```
+
+## [Start the container](#start-the-container){.header}
+
+First we create a docker volume to store the data, then we start the
+container.
+
+``` bash
+docker volume create kanidmd
+docker create --name kanidmd \
+  -p '443:8443' \
+  -p '636:3636' \
+  -v kanidmd:/data \
+  docker.io/kanidm/server:latest
+```
+
+## [Copy the configuration to the container](#copy-the-configuration-to-the-container){.header}
+
+``` bash
+docker cp server.toml kanidmd:/data/server.toml
+```
+
+## [Generate evaluation certificates](#generate-evaluation-certificates){.header}
+
+``` bash
+docker run --rm -i -t -v kanidmd:/data \
+  docker.io/kanidm/server:latest \
+  kanidmd cert-generate
+```
+
+## [Start Kanidmd Container](#start-kanidmd-container){.header}
+
+``` bash
+docker start kanidmd
+```
+
+## [Recover the Admin Role Passwords](#recover-the-admin-role-passwords){.header}
+
+The `admin` account is used to configure Kanidm itself.
+
+``` bash
+docker exec -i -t kanidmd \
+  kanidmd recover-account admin
+```
+
+The `idm_admin` account is used to manage persons and groups.
+
+``` shell
+docker exec -i -t kanidmd \
+  kanidmd recover-account idm_admin
+```
+
+## [Setup the client configuration](#setup-the-client-configuration){.header}
+
+This happens on your computer, not in the container.
+
+``` toml
+# ~/.config/kanidm
+
+uri = "https://localhost:8443"
+verify_ca = false
+```
+
+## [Check you can login](#check-you-can-login){.header}
+
+``` bash
+kanidm login --name idm_admin
+```
+
+## [Create an account for yourself](#create-an-account-for-yourself){.header}
+
+``` shell
+kanidm person create <your username> <Your Displayname>
+```
+
+## [Set up your account credentials](#set-up-your-account-credentials){.header}
+
+``` shell
+kanidm person credential create-reset-token <your username>
+```
+
+Then follow the presented steps.
+
+## [What next?](#what-next){.header}
+
+You\'ll probably want to set it up properly, so that other computers can
+access it, so [choose a domain name](choosing_a_domain_name.html) and
+complete the full server installation.
+
+Alternatively you might like to try configurig one of these:
+
+-   [OAuth2](./integrations/oauth2.html) for web services
+-   [PAM and nsswitch](./integrations/pam_and_nsswitch.html) for
+    authentication to Linux systems
+-   [Replication](repl/), if one Kanidm instance isn\'t enough
+:::
+
+[](introduction_to_kanidm.html "Previous chapter"){.mobile-nav-chapters
+.previous rel="prev" aria-label="Previous chapter"
+aria-keyshortcuts="Left"}
+[](supported_features.html "Next chapter"){.mobile-nav-chapters .next
+rel="next prefetch" aria-label="Next chapter" aria-keyshortcuts="Right"}
+
+::: {style="clear: both"}
+:::
+:::
+:::
+
+[](introduction_to_kanidm.html "Previous chapter"){.nav-chapters
+.previous rel="prev" aria-label="Previous chapter"
+aria-keyshortcuts="Left"}
+[](supported_features.html "Next chapter"){.nav-chapters .next
+rel="next prefetch" aria-label="Next chapter" aria-keyshortcuts="Right"}
+:::
+:::

kanidm-eval/dot-config/evaluation_quickstart.html

@@ -0,0 +1,481 @@
+<!DOCTYPE HTML>
+<html lang="en" class="light sidebar-visible" dir="ltr">
+    <head>
+        <!-- Book generated using mdBook -->
+        <meta charset="UTF-8">
+        <title>Evaluation Quickstart - Kanidm Administration</title>
+
+
+        <!-- Custom HTML head -->
+
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <meta name="theme-color" content="#ffffff">
+
+        <link rel="shortcut icon" href="favicon.png">
+        <link rel="stylesheet" href="css/variables.css">
+        <link rel="stylesheet" href="css/general.css">
+        <link rel="stylesheet" href="css/chrome.css">
+        <link rel="stylesheet" href="css/print.css" media="print">
+
+        <!-- Fonts -->
+        <link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
+        <link rel="stylesheet" href="fonts/fonts.css">
+
+        <!-- Highlight.js Stylesheets -->
+        <link rel="stylesheet" id="highlight-css" href="highlight.css">
+        <link rel="stylesheet" id="tomorrow-night-css" href="tomorrow-night.css">
+        <link rel="stylesheet" id="ayu-highlight-css" href="ayu-highlight.css">
+
+        <!-- Custom theme stylesheets -->
+
+
+        <!-- Provide site root and default themes to javascript -->
+        <script>
+            const path_to_root = "";
+            const default_light_theme = "light";
+            const default_dark_theme = "navy";
+        </script>
+        <!-- Start loading toc.js asap -->
+        <script src="toc.js"></script>
+    </head>
+    <body>
+    <div id="mdbook-help-container">
+        <div id="mdbook-help-popup">
+            <h2 class="mdbook-help-title">Keyboard shortcuts</h2>
+            <div>
+                <p>Press <kbd>←</kbd> or <kbd>→</kbd> to navigate between chapters</p>
+                <p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
+                <p>Press <kbd>?</kbd> to show this help</p>
+                <p>Press <kbd>Esc</kbd> to hide this help</p>
+            </div>
+        </div>
+    </div>
+    <div id="body-container">
+        <!-- Work around some values being stored in localStorage wrapped in quotes -->
+        <script>
+            try {
+                let theme = localStorage.getItem('mdbook-theme');
+                let sidebar = localStorage.getItem('mdbook-sidebar');
+
+                if (theme.startsWith('"') && theme.endsWith('"')) {
+                    localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
+                }
+
+                if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
+                    localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
+                }
+            } catch (e) { }
+        </script>
+
+        <!-- Set the theme before any content is loaded, prevents flash -->
+        <script>
+            const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
+            let theme;
+            try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
+            if (theme === null || theme === undefined) { theme = default_theme; }
+            const html = document.documentElement;
+            html.classList.remove('light')
+            html.classList.add(theme);
+            html.classList.add("js");
+        </script>
+
+        <input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
+
+        <!-- Hide / unhide sidebar before it is displayed -->
+        <script>
+            let sidebar = null;
+            const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
+            if (document.body.clientWidth >= 1080) {
+                try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
+                sidebar = sidebar || 'visible';
+            } else {
+                sidebar = 'hidden';
+            }
+            sidebar_toggle.checked = sidebar === 'visible';
+            html.classList.remove('sidebar-visible');
+            html.classList.add("sidebar-" + sidebar);
+        </script>
+
+        <nav id="sidebar" class="sidebar" aria-label="Table of contents">
+            <!-- populated by js -->
+            <mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
+            <noscript>
+                <iframe class="sidebar-iframe-outer" src="toc.html"></iframe>
+            </noscript>
+            <div id="sidebar-resize-handle" class="sidebar-resize-handle">
+                <div class="sidebar-resize-indicator"></div>
+            </div>
+        </nav>
+
+        <div id="page-wrapper" class="page-wrapper">
+
+            <div class="page">
+                <div id="menu-bar-hover-placeholder"></div>
+                <div id="menu-bar" class="menu-bar sticky">
+                    <div class="left-buttons">
+                        <label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
+                            <i class="fa fa-bars"></i>
+                        </label>
+                        <button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
+                            <i class="fa fa-paint-brush"></i>
+                        </button>
+                        <ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
+                            <li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
+                        </ul>
+                        <button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
+                            <i class="fa fa-search"></i>
+                        </button>
+                    </div>
+
+                    <h1 class="menu-title">Kanidm Administration</h1>
+
+                    <div class="right-buttons">
+                        <a href="print.html" title="Print this book" aria-label="Print this book">
+                            <i id="print-button" class="fa fa-print"></i>
+                        </a>
+                        <a href="https://github.com/kanidm/kanidm" title="Git repository" aria-label="Git repository">
+                            <i id="git-repository-button" class="fa fa-github"></i>
+                        </a>
+                        <a href="https://github.com/kanidm/kanidm/edit/master/book/src/evaluation_quickstart.md" title="Suggest an edit" aria-label="Suggest an edit">
+                            <i id="git-edit-button" class="fa fa-edit"></i>
+                        </a>
+
+                    </div>
+                </div>
+
+                <div id="search-wrapper" class="hidden">
+                    <form id="searchbar-outer" class="searchbar-outer">
+                        <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
+                    </form>
+                    <div id="searchresults-outer" class="searchresults-outer hidden">
+                        <div id="searchresults-header" class="searchresults-header"></div>
+                        <ul id="searchresults">
+                        </ul>
+                    </div>
+                </div>
+
+                <!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
+                <script>
+                    document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
+                    document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
+                    Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
+                        link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
+                    });
+                </script>
+
+                <div id="content" class="content">
+                    <main>
+                        <style>
+.mdbook-alerts {
+  padding: 8px 16px;
+  margin-bottom: 16px;
+  border-left: 0.25em solid var(--mdbook-alerts-color);
+}
+
+.mdbook-alerts > *:first-child {
+  margin-top: 0;
+}
+
+.mdbook-alerts > *:last-child {
+  margin-bottom: 0;
+}
+
+.mdbook-alerts-title {
+  display: flex;
+  font-weight: 600;
+  align-items: center;
+  line-height: 1;
+  color: var(--mdbook-alerts-color);
+  text-transform: capitalize;
+}
+
+.mdbook-alerts-icon {
+  display: inline-block;
+  width: 1em;
+  height: 1em;
+  margin-right: 0.2em;
+  background-color: currentColor;
+  -webkit-mask: no-repeat center / 100%;
+  mask: no-repeat center / 100%;
+  -webkit-mask-image: var(--mdbook-alerts-icon);
+  mask-image: var(--mdbook-alerts-icon);
+}
+
+.mdbook-alerts-note {
+  --mdbook-alerts-color: rgb(9, 105, 218);
+  /* https://icon-sets.iconify.design/material-symbols/info-outline-rounded/ */
+  --mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 17q.425 0 .713-.288T13 16v-4q0-.425-.288-.712T12 11q-.425 0-.712.288T11 12v4q0 .425.288.713T12 17m0-8q.425 0 .713-.288T13 8q0-.425-.288-.712T12 7q-.425 0-.712.288T11 8q0 .425.288.713T12 9m0 13q-2.075 0-3.9-.788t-3.175-2.137q-1.35-1.35-2.137-3.175T2 12q0-2.075.788-3.9t2.137-3.175q1.35-1.35 3.175-2.137T12 2q2.075 0 3.9.788t3.175 2.137q1.35 1.35 2.138 3.175T22 12q0 2.075-.788 3.9t-2.137 3.175q-1.35 1.35-3.175 2.138T12 22m0-2q3.35 0 5.675-2.325T20 12q0-3.35-2.325-5.675T12 4Q8.65 4 6.325 6.325T4 12q0 3.35 2.325 5.675T12 20m0-8"%2F%3E%3C%2Fsvg%3E');
+}
+
+.mdbook-alerts-tip {
+  --mdbook-alerts-color: rgb(26, 127, 55);
+  /* https://icon-sets.iconify.design/material-symbols/lightbulb-outline-rounded/ */
+  --mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 22q-.825 0-1.412-.587T10 20h4q0 .825-.587 1.413T12 22m-3-3q-.425 0-.712-.288T8 18q0-.425.288-.712T9 17h6q.425 0 .713.288T16 18q0 .425-.288.713T15 19zm-.75-3q-1.725-1.025-2.738-2.75T4.5 9.5q0-3.125 2.188-5.312T12 2q3.125 0 5.313 2.188T19.5 9.5q0 2.025-1.012 3.75T15.75 16zm.6-2h6.3q1.125-.8 1.738-1.975T17.5 9.5q0-2.3-1.6-3.9T12 4Q9.7 4 8.1 5.6T6.5 9.5q0 1.35.613 2.525T8.85 14M12 14"%2F%3E%3C%2Fsvg%3E');
+}
+
+.mdbook-alerts-important {
+  --mdbook-alerts-color: rgb(130, 80, 223);
+  /* https://icon-sets.iconify.design/material-symbols/chat-info-outline-rounded/ */
+  --mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 7q.425 0 .713-.288T13 6q0-.425-.288-.712T12 5q-.425 0-.712.288T11 6q0 .425.288.713T12 7m0 8q.425 0 .713-.288T13 14v-4q0-.425-.288-.712T12 9q-.425 0-.712.288T11 10v4q0 .425.288.713T12 15m-6 3l-2.3 2.3q-.475.475-1.088.213T2 19.575V4q0-.825.588-1.412T4 2h16q.825 0 1.413.588T22 4v12q0 .825-.587 1.413T20 18zm-.85-2H20V4H4v13.125zM4 16V4z"%2F%3E%3C%2Fsvg%3E');
+}
+
+.mdbook-alerts-warning {
+  --mdbook-alerts-color: rgb(154, 103, 0);
+  /* https://icon-sets.iconify.design/material-symbols/warning-outline-rounded/ */
+  --mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M2.725 21q-.275 0-.5-.137t-.35-.363q-.125-.225-.137-.488t.137-.512l9.25-16q.15-.25.388-.375T12 3q.25 0 .488.125t.387.375l9.25 16q.15.25.138.513t-.138.487q-.125.225-.35.363t-.5.137zm1.725-2h15.1L12 6zM12 18q.425 0 .713-.288T13 17q0-.425-.288-.712T12 16q-.425 0-.712.288T11 17q0 .425.288.713T12 18m0-3q.425 0 .713-.288T13 14v-3q0-.425-.288-.712T12 10q-.425 0-.712.288T11 11v3q0 .425.288.713T12 15m0-2.5"%2F%3E%3C%2Fsvg%3E');
+}
+
+.mdbook-alerts-caution {
+  --mdbook-alerts-color: rgb(207, 34, 46);
+  /* https://icon-sets.iconify.design/material-symbols/brightness-alert-outline-rounded/ */
+  --mdbook-alerts-icon: url('data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cpath fill="currentColor" d="M12 17q.425 0 .713-.288T13 16q0-.425-.288-.712T12 15q-.425 0-.712.288T11 16q0 .425.288.713T12 17m0-4q.425 0 .713-.288T13 12V8q0-.425-.288-.712T12 7q-.425 0-.712.288T11 8v4q0 .425.288.713T12 13m-3.35 7H6q-.825 0-1.412-.587T4 18v-2.65L2.075 13.4q-.275-.3-.425-.662T1.5 12q0-.375.15-.737t.425-.663L4 8.65V6q0-.825.588-1.412T6 4h2.65l1.95-1.925q.3-.275.663-.425T12 1.5q.375 0 .738.15t.662.425L15.35 4H18q.825 0 1.413.588T20 6v2.65l1.925 1.95q.275.3.425.663t.15.737q0 .375-.15.738t-.425.662L20 15.35V18q0 .825-.587 1.413T18 20h-2.65l-1.95 1.925q-.3.275-.662.425T12 22.5q-.375 0-.737-.15t-.663-.425zm.85-2l2.5 2.5l2.5-2.5H18v-3.5l2.5-2.5L18 9.5V6h-3.5L12 3.5L9.5 6H6v3.5L3.5 12L6 14.5V18zm2.5-6"%2F%3E%3C%2Fsvg%3E');
+}
+
+</style>
+<h1 id="evaluation-quickstart"><a class="header" href="#evaluation-quickstart">Evaluation Quickstart</a></h1>
+<p>This section will guide you through a quick setup of Kanidm for evaluation. It's recommended that
+for a production deployment you follow the steps in the
+<a href="installing_the_server.html">installation chapter</a> instead as there are a number of security
+considerations you should be aware of for production deployments.</p>
+<h2 id="requirements"><a class="header" href="#requirements">Requirements</a></h2>
+<p>The only thing you'll need for this is Docker, Podman, or a compatible containerd environment
+installed and running.</p>
+<h2 id="get-the-software"><a class="header" href="#get-the-software">Get the software</a></h2>
+<pre><code class="language-bash">docker pull docker.io/kanidm/server:latest
+</code></pre>
+<h2 id="create-your-configuration"><a class="header" href="#create-your-configuration">Create your configuration</a></h2>
+<p>Create <code>server.toml</code>. The important parts are the <code>domain</code> and <code>origin</code>. For this example, if you
+use <code>localhost</code> and <code>https://localhost:8443</code> this will match later commands.</p>
+<pre><code class="language-toml"># The server configuration file version.
+version = "2"
+
+#   The webserver bind address. Requires TLS certificates.
+#   If the port is set to 443 you may require the
+#   NET_BIND_SERVICE capability.
+#   Defaults to "127.0.0.1:8443"
+bindaddress = "[::]:8443"
+#
+#   The read-only ldap server bind address. Requires
+#   TLS certificates. If set to 636 you may require
+#   the NET_BIND_SERVICE capability.
+#   Defaults to "" (disabled)
+# ldapbindaddress = "[::]:3636"
+#
+#   The path to the kanidm database.
+db_path = "/data/kanidm.db"
+#
+#   If you have a known filesystem, kanidm can tune the
+#   database page size to match. Valid choices are:
+#   [zfs, other]
+#   If you are unsure about this leave it as the default
+#   (other). After changing this
+#   value you must run a vacuum task.
+#   - zfs:
+#     * sets database pagesize to 64k. You must set
+#       recordsize=64k on the zfs filesystem.
+#   - other:
+#     * sets database pagesize to 4k, matching most
+#       filesystems block sizes.
+# db_fs_type = "zfs"
+#
+#   The number of entries to store in the in-memory cache.
+#   Minimum value is 256. If unset
+#   an automatic heuristic is used to scale this.
+#   You should only adjust this value if you experience
+#   memory pressure on your system.
+# db_arc_size = 2048
+#
+#   TLS chain and key in pem format. Both must be present.
+#   If the server receives a SIGHUP, these files will be
+#   re-read and reloaded if their content is valid.
+tls_chain = "/data/chain.pem"
+tls_key = "/data/key.pem"
+#
+#   The log level of the server. May be one of info, debug, trace
+#
+#   NOTE: this can be overridden by the environment variable
+#   `KANIDM_LOG_LEVEL` at runtime
+#   Defaults to "info"
+# log_level = "info"
+#
+#   The DNS domain name of the server. This is used in a
+#   number of security-critical contexts
+#   such as webauthn, so it *must* match your DNS
+#   hostname. It is used to create
+#   security principal names such as `william@idm.example.com`
+#   so that in a (future) trust configuration it is possible
+#   to have unique Security Principal Names (spns) throughout
+#   the topology.
+#
+#   ⚠️  WARNING ⚠️
+#
+#   Changing this value WILL break many types of registered
+#   credentials for accounts including but not limited to
+#   webauthn, oauth tokens, and more.
+#   If you change this value you *must* run
+#   `kanidmd domain rename` immediately after.
+domain = "idm.example.com"
+#
+#   The origin for webauthn. This is the url to the server,
+#   with the port included if it is non-standard (any port
+#   except 443). This must match or be a descendent of the
+#   domain name you configure above. If these two items are
+#   not consistent, the server WILL refuse to start!
+#   origin = "https://idm.example.com"
+origin = "https://idm.example.com:8443"
+
+#   HTTPS requests can be reverse proxied by a loadbalancer.
+#   To preserve the original IP of the caller, these systems
+#   will often add a header such as "Forwarded" or
+#   "X-Forwarded-For". Some other proxies can use the PROXY
+#   protocol v2 header.
+#   This setting allows configuration of the list of trusted
+#   IPs or IP ranges which can supply this header information,
+#   and which format the information is provided in.
+#   Defaults to "none" (no trusted sources)
+#   Only one option can be used at a time.
+# [http_client_address_info]
+# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
+#   # OR
+# x-forward-for = ["127.0.0.1", "127.0.0.0/8"]
+
+#   LDAPS requests can be reverse proxied by a loadbalancer.
+#   To preserve the original IP of the caller, these systems
+#   can add a header such as the PROXY protocol v2 header.
+#   This setting allows configuration of the list of trusted
+#   IPs or IP ranges which can supply this header information,
+#   and which format the information is provided in.
+#   Defaults to "none" (no trusted sources)
+# [ldap_client_address_info]
+# proxy-v2 = ["127.0.0.1", "127.0.0.0/8"]
+
+[online_backup]
+#   The path to the output folder for online backups
+path = "/data/kanidm/backups/"
+#   The schedule to run online backups (see https://crontab.guru/)
+#   every day at 22:00 UTC (default)
+schedule = "00 22 * * *"
+#    four times a day at 3 minutes past the hour, every 6th hours
+# schedule = "03 */6 * * *"
+#   We also support non standard cron syntax, with the following format:
+#   sec  min   hour   day of month   month   day of week   year
+#   (it's very similar to the standard cron syntax, it just allows to specify the seconds
+#   at the beginning and the year at the end)
+#   Number of backups to keep (default 7)
+# versions = 7
+</code></pre>
+<h2 id="start-the-container"><a class="header" href="#start-the-container">Start the container</a></h2>
+<p>First we create a docker volume to store the data, then we start the container.</p>
+<pre><code class="language-bash">docker volume create kanidmd
+docker create --name kanidmd \
+  -p '443:8443' \
+  -p '636:3636' \
+  -v kanidmd:/data \
+  docker.io/kanidm/server:latest
+</code></pre>
+<h2 id="copy-the-configuration-to-the-container"><a class="header" href="#copy-the-configuration-to-the-container">Copy the configuration to the container</a></h2>
+<pre><code class="language-bash">docker cp server.toml kanidmd:/data/server.toml
+</code></pre>
+<h2 id="generate-evaluation-certificates"><a class="header" href="#generate-evaluation-certificates">Generate evaluation certificates</a></h2>
+<pre><code class="language-bash">docker run --rm -i -t -v kanidmd:/data \
+  docker.io/kanidm/server:latest \
+  kanidmd cert-generate
+</code></pre>
+<h2 id="start-kanidmd-container"><a class="header" href="#start-kanidmd-container">Start Kanidmd Container</a></h2>
+<pre><code class="language-bash">docker start kanidmd
+</code></pre>
+<h2 id="recover-the-admin-role-passwords"><a class="header" href="#recover-the-admin-role-passwords">Recover the Admin Role Passwords</a></h2>
+<p>The <code>admin</code> account is used to configure Kanidm itself.</p>
+<pre><code class="language-bash">docker exec -i -t kanidmd \
+  kanidmd recover-account admin
+</code></pre>
+<p>The <code>idm_admin</code> account is used to manage persons and groups.</p>
+<pre><code class="language-shell">docker exec -i -t kanidmd \
+  kanidmd recover-account idm_admin
+</code></pre>
+<h2 id="setup-the-client-configuration"><a class="header" href="#setup-the-client-configuration">Setup the client configuration</a></h2>
+<p>This happens on your computer, not in the container.</p>
+<pre><code class="language-toml"># ~/.config/kanidm
+
+uri = "https://localhost:8443"
+verify_ca = false
+</code></pre>
+<h2 id="check-you-can-login"><a class="header" href="#check-you-can-login">Check you can login</a></h2>
+<pre><code class="language-bash">kanidm login --name idm_admin
+</code></pre>
+<h2 id="create-an-account-for-yourself"><a class="header" href="#create-an-account-for-yourself">Create an account for yourself</a></h2>
+<pre><code class="language-shell">kanidm person create &lt;your username&gt; &lt;Your Displayname&gt;
+</code></pre>
+<h2 id="set-up-your-account-credentials"><a class="header" href="#set-up-your-account-credentials">Set up your account credentials</a></h2>
+<pre><code class="language-shell">kanidm person credential create-reset-token &lt;your username&gt;
+</code></pre>
+<p>Then follow the presented steps.</p>
+<h2 id="what-next"><a class="header" href="#what-next">What next?</a></h2>
+<p>You'll probably want to set it up properly, so that other computers can access it, so
+<a href="choosing_a_domain_name.html">choose a domain name</a> and complete the full server installation.</p>
+<p>Alternatively you might like to try configurig one of these:</p>
+<ul>
+<li><a href="./integrations/oauth2.html">OAuth2</a> for web services</li>
+<li><a href="./integrations/pam_and_nsswitch.html">PAM and nsswitch</a> for authentication to Linux systems</li>
+<li><a href="repl/">Replication</a>, if one Kanidm instance isn't enough</li>
+</ul>
+
+                    </main>
+
+                    <nav class="nav-wrapper" aria-label="Page navigation">
+                        <!-- Mobile navigation buttons -->
+                            <a rel="prev" href="introduction_to_kanidm.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
+                                <i class="fa fa-angle-left"></i>
+                            </a>
+
+                            <a rel="next prefetch" href="supported_features.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
+                                <i class="fa fa-angle-right"></i>
+                            </a>
+
+                        <div style="clear: both"></div>
+                    </nav>
+                </div>
+            </div>
+
+            <nav class="nav-wide-wrapper" aria-label="Page navigation">
+                    <a rel="prev" href="introduction_to_kanidm.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
+                        <i class="fa fa-angle-left"></i>
+                    </a>
+
+                    <a rel="next prefetch" href="supported_features.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
+                        <i class="fa fa-angle-right"></i>
+                    </a>
+            </nav>
+
+        </div>
+
+
+
+
+        <script>
+            window.playground_copyable = true;
+        </script>
+
+
+        <script src="elasticlunr.min.js"></script>
+        <script src="mark.min.js"></script>
+        <script src="searcher.js"></script>
+
+        <script src="clipboard.min.js"></script>
+        <script src="highlight.js"></script>
+        <script src="book.js"></script>
+
+        <!-- Custom JS scripts -->
+        <script src="mermaid.min.js"></script>
+        <script src="mermaid-init.js"></script>
+
+
+    </div>
+    </body>
+</html>

kanidm-eval/dot-config/kanidm

@@ -0,0 +1,2 @@
+uri = "https://localhost:8443"
+verify_ca = false

kanidm-eval/dot-config/tasks

@@ -0,0 +1,171 @@
+#!/usr/bin/env bash
+
+# Source the task library for help functionality
+TASKLIB_PATH="${TASKLIB_PATH:-${HOME}/.local/lib/shellib/tasklib.sh}"
+if [[ -f "$TASKLIB_PATH" ]]; then
+    source "$TASKLIB_PATH"
+fi
+
+# Configuration variables with defaults
+# URLs and remote resources
+KANIDM_SERVER_CONFIG_URL="${KANIDM_SERVER_CONFIG_URL:-https://raw.githubusercontent.com/kanidm/kanidm/master/examples/server.toml}"
+KANIDM_DOCKER_IMAGE="${KANIDM_DOCKER_IMAGE:-docker.io/kanidm/server:latest}"
+
+# File paths
+SERVER_CONFIG_FILE="${SERVER_CONFIG_FILE:-server.toml}"
+SERVER_LOCALHOST_CONFIG="${SERVER_LOCALHOST_CONFIG:-server_localhost.toml}"
+CLIENT_CONFIG_FILE="${CLIENT_CONFIG_FILE:-./kanidm}"
+
+# Container and volume settings
+CONTAINER_NAME="${CONTAINER_NAME:-kanidmd}"
+VOLUME_NAME="${VOLUME_NAME:-kanidmd}"
+CONTAINER_DATA_PATH="${CONTAINER_DATA_PATH:-/data}"
+
+# Network settings
+HTTPS_PORT="${HTTPS_PORT:-8443}"
+LDAP_PORT="${LDAP_PORT:-3636}"
+KANIDM_URI="${KANIDM_URI:-https://localhost:8443}"
+
+# Domain settings
+ORIGINAL_DOMAIN="${ORIGINAL_DOMAIN:-idm.example.com}"
+TARGET_DOMAIN="${TARGET_DOMAIN:-localhost}"
+
+# Account names
+ADMIN_ACCOUNT="${ADMIN_ACCOUNT:-admin}"
+IDM_ADMIN_ACCOUNT="${IDM_ADMIN_ACCOUNT:-idm_admin}"
+
+# Package lists
+FEDORA_SYSTEM_DEPS="${FEDORA_SYSTEM_DEPS:-systemd-devel sqlite-devel openssl-devel pam-devel clang lld}"
+FEDORA_WEBUI_DEPS="${FEDORA_WEBUI_DEPS:-perl-FindBin perl-File-Compare}"
+
+
+fedora_build_notes () {
+	# Usage: Display build requirements and notes for Fedora systems
+	echo "NOTE: clang and lld are required to build Kanidm for performance"
+	echo "Rustup toolchain is needed"
+
+}
+install_system_lib_deps_fedora () {
+	# Usage: Install system library dependencies required for building Kanidm on Fedora
+	dnf install ${FEDORA_SYSTEM_DEPS}
+}
+
+install_webui_additional_pkgs () {
+	# Usage: Install additional packages required for the Kanidm web UI on Fedora
+	dnf install ${FEDORA_WEBUI_DEPS}
+}
+
+get_server_dev_config () {
+	# Usage: Download the example server configuration file from the Kanidm repository
+	wget "${KANIDM_SERVER_CONFIG_URL}"
+}
+
+make_localhost_config () {
+	# Usage: Create a localhost version of the server config by replacing the domain
+	if [[ -f "${SERVER_CONFIG_FILE}" ]];then
+		sed "s/${ORIGINAL_DOMAIN}/${TARGET_DOMAIN}/g" "${SERVER_CONFIG_FILE}" > "${SERVER_LOCALHOST_CONFIG}"
+	else
+		echo "First get example ${SERVER_CONFIG_FILE}!"
+	fi
+}
+
+get_the_software () {
+	# Usage: Pull the Kanidm Docker image using podman
+	podman pull "${KANIDM_DOCKER_IMAGE}"
+}
+
+create_eval_config () {
+	# Usage: Download and configure the server config file for evaluation
+	get_server_dev_config && make_localhost_config
+}
+
+create_kanidmd_volume () {
+	# Usage: Create a podman volume for persistent Kanidm data storage
+	# First create volume for the data!
+	podman volume create "${VOLUME_NAME}"
+}
+
+start_eval_container () {
+	# Usage: Create the Kanidm container with proper ports and volume mappings
+	create_kanidmd_volume && podman create --name "${CONTAINER_NAME}" \
+		-p "${HTTPS_PORT}:${HTTPS_PORT}" \
+		-p "${LDAP_PORT}:${LDAP_PORT}" \
+		-v "${VOLUME_NAME}:${CONTAINER_DATA_PATH}" \
+		"${KANIDM_DOCKER_IMAGE}"
+}
+
+copy_config_to_container () {
+	# Usage: Copy the localhost configuration file into the container
+	podman cp "${SERVER_LOCALHOST_CONFIG}" "${CONTAINER_NAME}:${CONTAINER_DATA_PATH}/${SERVER_CONFIG_FILE}"
+}
+
+generate_eval_certs () {
+	# Usage: Generate self-signed certificates for the evaluation server
+	podman run --rm -i -t -v "${VOLUME_NAME}:${CONTAINER_DATA_PATH}" \
+		"${KANIDM_DOCKER_IMAGE}" \
+		kanidmd cert-generate
+}
+
+recover_admin_pw () {
+	# Usage: Recover/reset the admin account password
+	podman exec -i -t "${CONTAINER_NAME}" \
+		kanidmd recover-account "${ADMIN_ACCOUNT}"
+}
+
+recover_idm_admin_pw () {
+	# Usage: Recover/reset the idm_admin account password
+	podman exec -i -t "${CONTAINER_NAME}" \
+		kanidmd recover-account "${IDM_ADMIN_ACCOUNT}"
+}
+
+setup_eval_client_config () {
+	# Usage: Create a client configuration file for connecting to the evaluation server
+	cat <<EOF > "${CLIENT_CONFIG_FILE}"
+uri = "${KANIDM_URI}"
+verify_ca = false
+EOF
+}
+
+check_can_login () {
+	# Usage: Test if the kanidm client can login to the server
+	if ! command -v kanidm > /dev/null; then
+		echo "First install kanidm client tools!"
+	else
+		kanidm login --name "${IDM_ADMIN_ACCOUNT}"
+	fi
+}
+
+create_account () {
+	# Usage: Create a new user account in Kanidm
+	# Usage:
+	#	kanidm person create <username> <Display Name>
+
+	echo "Implement create_account"
+}
+
+setup_account_credentials () {
+	# Usage: Set up credentials for a user account
+	# Usage:
+	#	kanidm person credential create-reset-token <username>
+	echo "Implement setup_account_credentials"
+}
+
+help() {
+	# Usage: Show this help message
+	if declare -f show_task_help >/dev/null 2>&1; then
+		show_task_help "$0"
+	else
+		echo "Task library not found. Available tasks:"
+		declare -F | awk '{print $3}' | grep -v '^_' | sort
+	fi
+}
+
+# make it runnable
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+	if [[ $# -eq 0 ]] || [[ "$1" == "help" ]] || [[ "$1" == "--help" ]] || [[ "$1" == "-h" ]]; then
+		help
+	else
+		"$@"
+	fi
+fi
+

neovim/dot-config/stylua.toml

@@ -0,0 +1,3 @@
+indent_type = "Spaces"
+indent_width = 4
+column_width = 120

nvim/.neoconf.json

@@ -1,15 +0,0 @@
-{
-  "neodev": {
-    "library": {
-      "enabled": true,
-      "plugins": true
-    }
-  },
-  "neoconf": {
-    "plugins": {
-      "lua_ls": {
-        "enabled": true
-      }
-    }
-  }
-}

nvim/LICENSE

@@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

nvim/README.md

@@ -1,4 +0,0 @@
-# 💤 LazyVim
-
-A starter template for [LazyVim](https://github.com/LazyVim/LazyVim).
-Refer to the [documentation](https://lazyvim.github.io/installation) to get started.

nvim/stylua.toml

@@ -1,3 +0,0 @@
-indent_type = "Spaces"
-indent_width = 2
-column_width = 120

pet/dot-config/pet/config.toml

@@ -0,0 +1,37 @@
+
+[GHEGist]
+  Public = false
+  access_token = ""
+  auto_sync = false
+  base_url = ""
+  file_name = ""
+  gist_id = ""
+  upload_url = ""
+
+[General]
+  Backend = "gist"
+  Cmd = []
+  Color = false
+  Column = 40
+  Editor = "sensible-editor"
+  Format = "[$description]: $command $tags"
+  SelectCmd = "fzf --ansi --layout=reverse --border --height=90% --pointer=* --cycle --prompt=Snippets:"
+  SnippetDirs = []
+  SnippetFile = "/home/seb/.config/pet/snippet.toml"
+  SortBy = ""
+
+[Gist]
+  Public = false
+  access_token = ""
+  auto_sync = false
+  file_name = "pet-snippet.toml"
+  gist_id = ""
+
+[GitLab]
+  ID = ""
+  Url = ""
+  Visibility = "private"
+  access_token = ""
+  auto_sync = false
+  file_name = "pet-snippet.toml"
+  skip_ssl = false

pet/dot-config/pet/notes.md

@@ -0,0 +1,5 @@
+# IMPORTANT
+The two `prev.{bash, zsh}` functions need to go into `.bashrc` or `.zshrc` respectively.
+The `pet-slect.*` need to be put in the rc EXACTLY AS IS!!!. Else the keys aren't rebound.
+Those files are taken from [this](https://github.com/knqyf263/pet) Readme. As such, 
+that repos license might apply!

pet/dot-config/pet/pre-select.bash

@@ -0,0 +1,6 @@
+function pet-select() {
+  BUFFER=$(pet search --query "$READLINE_LINE")
+  READLINE_LINE=$BUFFER
+  READLINE_POINT=${#BUFFER}
+}
+bind -x '"\C-x\C-r": pet-select'

pet/dot-config/pet/pre-select.zsh

@@ -0,0 +1,8 @@
+function pet-select() {
+  BUFFER=$(pet search --query "$LBUFFER")
+  CURSOR=$#BUFFER
+  zle redisplay
+}
+zle -N pet-select
+stty -ixon
+bindkey '^s' pet-select

pet/dot-config/pet/prev.bash

@@ -0,0 +1,4 @@
+function prev() {
+  PREV=$(echo `history | tail -n2 | head -n1` | sed 's/[0-9]* //')
+  sh -c "pet new `printf %q "$PREV"`"
+}

pet/dot-config/pet/prev.zsh

@@ -0,0 +1,4 @@
+function prev() {
+  PREV=$(fc -lrn | head -n 1)
+  sh -c "pet new `printf %q "$PREV"`"
+}

pet/dot-config/pet/snippet.toml

@@ -0,0 +1,12 @@
+
+[[Snippets]]
+  Description = "Get root shell while preserving environment variables."
+  Output = ""
+  Tag = ["superuser", "bash", "sh", "envvar"]
+  command = "sudo -E --shell"
+
+[[Snippets]]
+  Description = "Preprocess slabinfo header so that columns align correctly"
+  Output = ""
+  Tag = []
+  command = "sed 's/# //' /proc/slabinfo | column -t"

pijul/config.toml

@@ -0,0 +1,13 @@
+colors = "always"
+pager = "always"
+unrecorded_changes = 1
+
+[author]
+name = "sebaschi"
+full_name = "Sebastian Lenzlinger"
+email = "eswer@eswo.ch"
+key_path = "/home/seb/.ssh/id_ed25519.pub"
+
+[ignore_kinds]
+rust = ["target", "*.perf"]
+python = [ "dist", "build", "eggs", "__pycache__"]

resources/PYTHON-INSTALL-IMPROVEMENTS.md

@@ -0,0 +1,24 @@
+# Python Dot-Install Improvements
+
+## Key Improvements
+
+1. Centralized config registry system that makes adding new configs much easier
+2. Each config only needs to be registered once with its source, destination, and optional post-actions  
+3. XDG_CONFIG_HOME is properly used if available
+4. Directory creation is handled automatically as part of the installation process
+5. Commands are generated dynamically from the registry
+6. Maintains the same command structure as the original script
+
+## Adding New Configurations
+
+To add a new configuration, simply register it using the `register_config` function:
+
+```python
+register_config(
+    'new_config',                           # Name
+    DOTFILES_DIR / "path" / "to" / "file",  # Source path (or list of paths)
+    CONFIG_DIR / "destination" / "path",    # Destination path (or list of paths)
+    [optional_post_action_functions],       # Optional post-installation actions
+    "Description of this configuration"     # Description (for help text)
+)
+```

resources/dot-install

@@ -0,0 +1,268 @@
+#!/bin/sh
+# dot-install: Create symlinks for dotfiles configurations
+
+set -e
+
+DOTFILES_DIR="$(cd "$(dirname "$0")" && pwd)"
+CONFIG_DIR="${HOME}/.config"
+
+# Print usage info
+usage() {
+    echo "Usage: dot-install [PACKAGE...] [all]"
+    echo
+    echo "Available packages:"
+    echo "  bash                - Bash configuration files (all)"
+    echo "  bash:aliases        - Bash aliases only"
+    echo "  bash:completion     - Bash completion only"
+    echo "  bash:env            - Bash environment only"
+    echo "  bash:functions      - Bash functions only"
+    echo "  bash:fedora         - Fedora specific bash aliases"
+    echo "  borg                - Borg backup profiles"
+    echo "  fish                - Fish shell configuration"
+    echo "  ghostty             - Ghostty terminal configuration"
+    echo "  git                 - Git configuration"
+    echo "  nvim                - Neovim configuration"
+    echo "  rsync               - Rsync filter rules"
+    echo "  starship            - Starship prompt configuration"
+    echo "  tmux                - Tmux configuration"
+    echo "  vim                 - Vim configuration"
+    echo "  zellij              - Zellij terminal multiplexer configuration" 
+    echo "  zsh                 - Zsh configuration"
+    echo "  all                 - Install all packages"
+    echo
+    echo "Example: dot-install bash:aliases git nvim"
+    exit 1
+}
+
+# Create parent directories if they don't exist
+ensure_dir() {
+    if [ ! -d "$1" ]; then
+        mkdir -p "$1"
+        echo "Created directory: $1"
+    fi
+}
+
+# Create a symlink and handle existing files
+link_file() {
+    local src="$1"
+    local dest="$2"
+    
+    # Check if destination already exists
+    if [ -e "$dest" ]; then
+        if [ -L "$dest" ]; then
+            # If it's already a symlink, check if it points to our file
+            if [ "$(readlink "$dest")" = "$src" ]; then
+                echo "Link already exists: $dest -> $src"
+                return 0
+            else
+                echo "Removing existing link: $dest"
+                rm "$dest"
+            fi
+        else
+            # If it's a regular file or directory
+            echo "Backing up existing file: $dest -> ${dest}.bak"
+            mv "$dest" "${dest}.bak"
+        fi
+    fi
+    
+    # Create the symlink
+    ln -s "$src" "$dest"
+    echo "Created link: $dest -> $src"
+}
+
+# Add source command to bashrc if needed
+add_source_to_bashrc() {
+    local file="$1"
+    local config_path="$CONFIG_DIR/bash/$file"
+
+    if [ -f "$HOME/.bashrc" ]; then
+        if ! grep -q "source \$HOME/.config/bash/$file" "$HOME/.bashrc"; then
+            echo "Adding source command for $file to .bashrc"
+            echo "[ -f \$HOME/.config/bash/$file ] && source \$HOME/.config/bash/$file" >> "$HOME/.bashrc"
+        fi
+    else
+        echo "Warning: $HOME/.bashrc does not exist. You'll need to manually source $file."
+    fi
+}
+
+install_bash_aliases() {
+    echo "Installing bash aliases..."
+    
+    ensure_dir "$CONFIG_DIR/bash"
+    link_file "$DOTFILES_DIR/bash/bash_aliases" "$CONFIG_DIR/bash/bash_aliases"
+    add_source_to_bashrc "bash_aliases"
+}
+
+install_bash_completion() {
+    echo "Installing bash completion..."
+    
+    ensure_dir "$CONFIG_DIR/bash"
+    link_file "$DOTFILES_DIR/bash/bash_completion" "$CONFIG_DIR/bash/bash_completion"
+    add_source_to_bashrc "bash_completion"
+}
+
+install_bash_env() {
+    echo "Installing bash environment..."
+    
+    ensure_dir "$CONFIG_DIR/bash"
+    link_file "$DOTFILES_DIR/bash/bash_env" "$CONFIG_DIR/bash/bash_env"
+    add_source_to_bashrc "bash_env"
+}
+
+install_bash_functions() {
+    echo "Installing bash functions..."
+    
+    ensure_dir "$CONFIG_DIR/bash"
+    link_file "$DOTFILES_DIR/bash/bash_functions" "$CONFIG_DIR/bash/bash_functions"
+    add_source_to_bashrc "bash_functions"
+}
+
+install_bash_fedora() {
+    echo "Installing fedora aliases..."
+    
+    ensure_dir "$CONFIG_DIR/bash"
+    link_file "$DOTFILES_DIR/bash/fedora_aliases" "$CONFIG_DIR/bash/fedora_aliases"
+    add_source_to_bashrc "fedora_aliases"
+}
+
+install_bash() {
+    echo "Installing all bash configuration..."
+    
+    install_bash_aliases
+    install_bash_completion
+    install_bash_env
+    install_bash_functions
+    install_bash_fedora
+    
+    # Create a .bash_dir symlink in home directory for compatibility
+    link_file "$CONFIG_DIR/bash" "$HOME/.bash_dir"
+}
+
+install_borg() {
+    echo "Installing borg backup profiles..."
+    
+    ensure_dir "$CONFIG_DIR/borg"
+    link_file "$DOTFILES_DIR/borg-backup-profiles" "$CONFIG_DIR/borg"
+}
+
+install_fish() {
+    echo "Installing fish configuration..."
+    
+    ensure_dir "$CONFIG_DIR"
+    link_file "$DOTFILES_DIR/fish" "$CONFIG_DIR/fish"
+}
+
+install_ghostty() {
+    echo "Installing ghostty configuration..."
+    
+    ensure_dir "$CONFIG_DIR"
+    link_file "$DOTFILES_DIR/ghostty" "$CONFIG_DIR/ghostty"
+}
+
+install_git() {
+    echo "Installing git configuration..."
+    
+    link_file "$DOTFILES_DIR/git/gitconfig" "$HOME/.gitconfig"
+}
+
+install_nvim() {
+    echo "Installing neovim configuration..."
+    
+    ensure_dir "$CONFIG_DIR"
+    link_file "$DOTFILES_DIR/nvim" "$CONFIG_DIR/nvim"
+}
+
+install_rsync() {
+    echo "Installing rsync filter rules..."
+    
+    link_file "$DOTFILES_DIR/sync-filter-fedora/dot-rsync-filter-home" "$HOME/.rsync-filter-home"
+}
+
+install_starship() {
+    echo "Installing starship configuration..."
+    
+    ensure_dir "$CONFIG_DIR"
+    link_file "$DOTFILES_DIR/dot-config/starship.toml" "$CONFIG_DIR/starship.toml"
+}
+
+install_tmux() {
+    echo "Installing tmux configuration..."
+    
+    link_file "$DOTFILES_DIR/tmux/tmux.conf" "$HOME/.tmux.conf"
+}
+
+install_vim() {
+    echo "Installing vim configuration..."
+    
+    link_file "$DOTFILES_DIR/vim/vimrc" "$HOME/.vimrc"
+    
+    ensure_dir "$HOME/.vim"
+    link_file "$DOTFILES_DIR/vim/initvim" "$HOME/.vim/init.vim"
+}
+
+install_zellij() {
+    echo "Installing zellij configuration..."
+    
+    ensure_dir "$CONFIG_DIR/zellij"
+    link_file "$DOTFILES_DIR/dot-config/zellij.kdl" "$CONFIG_DIR/zellij/config.kdl"
+}
+
+install_zsh() {
+    echo "Installing zsh configuration..."
+    
+    link_file "$DOTFILES_DIR/zsh/zshrc" "$HOME/.zshrc"
+}
+
+# Install vimconfig as config for neovim
+install_vim_neovim() {
+	echo "Installing init.vim as config for *neovim*"
+
+	ensure_dir "$CONFIG_DIR/nvim"
+	link_file "$DOTFILES_DIR/vim/initvim" "$CONFIG_DIR/nvim/init.vim"
+}
+
+install_all() {
+    install_bash
+    install_borg
+    install_fish
+    install_ghostty
+    install_git
+    install_nvim
+    install_rsync
+    install_starship
+    install_tmux
+    install_vim
+    install_zellij
+    install_zsh
+}
+
+if [ $# -eq 0 ]; then
+    usage
+fi
+
+for arg in "$@"; do
+    case "$arg" in
+        bash)           install_bash ;;
+        bash:aliases)   install_bash_aliases ;;
+        bash:completion) install_bash_completion ;;
+        bash:env)       install_bash_env ;;
+        bash:functions) install_bash_functions ;;
+        bash:fedora)    install_bash_fedora ;;
+        borg)           install_borg ;;
+        fish)           install_fish ;;
+        ghostty)        install_ghostty ;;
+        git)            install_git ;;
+        nvim)           install_nvim ;;
+	vimnvim)	install_vim_neovim ;;
+        rsync)          install_rsync ;;
+        starship)       install_starship ;;
+        tmux)           install_tmux ;;
+        vim)            install_vim ;;
+        zellij)         install_zellij ;;
+        zsh)            install_zsh ;;
+        all)            install_all ;;
+        *)              echo "Unknown package: $arg"; usage ;;
+    esac
+done
+
+echo "Installation complete!"

resources/dot-install.py

@@ -0,0 +1,354 @@
+#!/usr/bin/env python3
+"""
+dot-install: Create symlinks for dotfiles configurations
+"""
+
+import os
+import sys
+import click
+import shutil
+from pathlib import Path
+
+
+# Global variables
+DOTFILES_DIR = Path(__file__).resolve().parent
+CONFIG_DIR = Path(os.environ.get('XDG_CONFIG_HOME', '')) if os.environ.get('XDG_CONFIG_HOME') else Path.home() / ".config"
+
+
+# Config registry to hold all configurations
+CONFIG_REGISTRY = {}
+
+
+def register_config(name, src_paths, dest_paths, post_actions=None, description=None):
+    """Register a configuration in the central registry"""
+    if not isinstance(src_paths, list):
+        src_paths = [src_paths]
+    if not isinstance(dest_paths, list):
+        dest_paths = [dest_paths]
+    
+    CONFIG_REGISTRY[name] = {
+        'src_paths': src_paths,
+        'dest_paths': dest_paths,
+        'post_actions': post_actions or [],
+        'description': description or f"Install {name} configuration"
+    }
+
+
+# Helper functions
+def ensure_dir(directory):
+    """Create directory if it doesn't exist"""
+    if not directory.exists():
+        directory.mkdir(parents=True)
+        click.echo(f"Created directory: {directory}")
+
+
+def link_file(src, dest):
+    """Create a symlink and handle existing files"""
+    # Check if destination already exists
+    if dest.exists():
+        if dest.is_symlink():
+            # If it's already a symlink, check if it points to our file
+            if dest.resolve() == src.resolve():
+                click.echo(f"Link already exists: {dest} -> {src}")
+                return
+            else:
+                click.echo(f"Removing existing link: {dest}")
+                dest.unlink()
+        else:
+            # If it's a regular file or directory
+            backup = Path(f"{dest}.bak")
+            click.echo(f"Backing up existing file: {dest} -> {backup}")
+            shutil.move(dest, backup)
+    
+    # Create the symlink
+    dest.symlink_to(src)
+    click.echo(f"Created link: {dest} -> {src}")
+
+
+def add_source_to_bashrc(file):
+    """Add source command to bashrc if needed"""
+    bashrc = Path.home() / ".bashrc"
+    config_path = f"$HOME/.config/bash/{file}"
+    
+    if bashrc.exists():
+        with open(bashrc, 'r') as f:
+            content = f.read()
+        
+        if f"source {config_path}" not in content:
+            click.echo(f"Adding source command for {file} to .bashrc")
+            with open(bashrc, 'a') as f:
+                f.write(f"\n[ -f {config_path} ] && source {config_path}\n")
+    else:
+        click.echo(f"Warning: {bashrc} does not exist. You'll need to manually source {file}.")
+
+
+def install_config(name):
+    """Install a configuration from the registry"""
+    if name not in CONFIG_REGISTRY:
+        click.echo(f"Unknown configuration: {name}")
+        return
+    
+    cfg = CONFIG_REGISTRY[name]
+    click.echo(f"Installing {name} configuration...")
+    
+    # Ensure directories exist for all destination paths
+    for dest in cfg['dest_paths']:
+        ensure_dir(dest.parent)
+    
+    # Create symlinks
+    for src, dest in zip(cfg['src_paths'], cfg['dest_paths']):
+        link_file(src, dest)
+    
+    # Run any post-installation actions
+    for action in cfg['post_actions']:
+        action()
+
+
+# Register bash components
+def register_bash_configs():
+    # Bash aliases
+    register_config(
+        'bash:aliases',
+        DOTFILES_DIR / "bash" / "bash_aliases",
+        CONFIG_DIR / "bash" / "bash_aliases",
+        [lambda: add_source_to_bashrc("bash_aliases")],
+        "Install bash aliases"
+    )
+    
+    # Bash completion
+    register_config(
+        'bash:completion',
+        DOTFILES_DIR / "bash" / "bash_completion",
+        CONFIG_DIR / "bash" / "bash_completion",
+        [lambda: add_source_to_bashrc("bash_completion")],
+        "Install bash completion"
+    )
+    
+    # Bash environment
+    register_config(
+        'bash:env',
+        DOTFILES_DIR / "bash" / "bash_env",
+        CONFIG_DIR / "bash" / "bash_env",
+        [lambda: add_source_to_bashrc("bash_env")],
+        "Install bash environment"
+    )
+    
+    # Bash functions
+    register_config(
+        'bash:functions',
+        DOTFILES_DIR / "bash" / "bash_functions",
+        CONFIG_DIR / "bash" / "bash_functions",
+        [lambda: add_source_to_bashrc("bash_functions")],
+        "Install bash functions"
+    )
+    
+    # Fedora aliases
+    register_config(
+        'bash:fedora',
+        DOTFILES_DIR / "bash" / "fedora_aliases",
+        CONFIG_DIR / "bash" / "fedora_aliases",
+        [lambda: add_source_to_bashrc("fedora_aliases")],
+        "Install fedora aliases"
+    )
+    
+    # Full bash (meta-configuration)
+    register_config(
+        'bash',
+        [],  # No direct files, will call each component
+        [],  # No direct destinations
+        [
+            lambda: install_config('bash:aliases'),
+            lambda: install_config('bash:completion'),
+            lambda: install_config('bash:env'),
+            lambda: install_config('bash:functions'),
+            lambda: install_config('bash:fedora'),
+            lambda: link_file(CONFIG_DIR / "bash", Path.home() / ".bash_dir")
+        ],
+        "Install all bash configuration"
+    )
+
+
+# Register all other configurations
+def register_all_configs():
+    register_bash_configs()
+    
+    # Borg backup profiles
+    register_config(
+        'borg',
+        DOTFILES_DIR / "borg-backup-profiles",
+        CONFIG_DIR / "borg",
+        description="Install borg backup profiles"
+    )
+    
+    # Fish shell
+    register_config(
+        'fish',
+        DOTFILES_DIR / "fish",
+        CONFIG_DIR / "fish",
+        description="Install fish shell configuration"
+    )
+    
+    # Ghostty terminal
+    register_config(
+        'ghostty',
+        DOTFILES_DIR / "ghostty",
+        CONFIG_DIR / "ghostty",
+        description="Install ghostty terminal configuration"
+    )
+    
+    # Git
+    register_config(
+        'git',
+        DOTFILES_DIR / "git" / "gitconfig",
+        Path.home() / ".gitconfig",
+        description="Install git configuration"
+    )
+    
+    # Neovim
+    register_config(
+        'nvim',
+        DOTFILES_DIR / "nvim",
+        CONFIG_DIR / "nvim",
+        description="Install neovim configuration"
+    )
+    
+    # Rsync filter rules
+    register_config(
+        'rsync',
+        DOTFILES_DIR / "sync-filter-fedora" / "dot-rsync-filter-home",
+        Path.home() / ".rsync-filter-home",
+        description="Install rsync filter rules"
+    )
+    
+    # Starship prompt
+    register_config(
+        'starship',
+        DOTFILES_DIR / "dot-config" / "starship.toml",
+        CONFIG_DIR / "starship.toml",
+        description="Install starship prompt configuration"
+    )
+    
+    # Tmux
+    register_config(
+        'tmux',
+        DOTFILES_DIR / "tmux" / "tmux.conf",
+        Path.home() / ".tmux.conf",
+        description="Install tmux configuration"
+    )
+    
+    # Vim
+    register_config(
+        'vim',
+        [
+            DOTFILES_DIR / "vim" / "vimrc",
+            DOTFILES_DIR / "vim" / "initvim"
+        ],
+        [
+            Path.home() / ".vimrc",
+            Path.home() / ".vim" / "init.vim"
+        ],
+        description="Install vim configuration"
+    )
+    
+    # Vim config as neovim config
+    register_config(
+        'vimnvim',
+        DOTFILES_DIR / "vim" / "initvim",
+        CONFIG_DIR / "nvim" / "init.vim",
+        description="Install vim config as config for neovim"
+    )
+    
+    # Zellij
+    register_config(
+        'zellij',
+        DOTFILES_DIR / "dot-config" / "zellij.kdl",
+        CONFIG_DIR / "zellij" / "config.kdl",
+        description="Install zellij configuration"
+    )
+    
+    # Zsh
+    register_config(
+        'zsh',
+        DOTFILES_DIR / "zsh" / "zshrc",
+        Path.home() / ".zshrc",
+        description="Install zsh configuration"
+    )
+    
+    # All (meta-configuration)
+    all_configs = [
+        'bash', 'borg', 'fish', 'ghostty', 'git', 'nvim',
+        'rsync', 'starship', 'tmux', 'vim', 'zellij', 'zsh'
+    ]
+    
+    register_config(
+        'all',
+        [],
+        [],
+        [lambda cfg=cfg: install_config(cfg) for cfg in all_configs],
+        "Install all configurations"
+    )
+
+
+# Register all configurations
+register_all_configs()
+
+
+# Main CLI command group
+@click.group(invoke_without_command=True)
+@click.pass_context
+def cli(ctx):
+    """Create symlinks for dotfiles configurations"""
+    # If no subcommand is provided, show help
+    if ctx.invoked_subcommand is None:
+        click.echo(ctx.get_help())
+
+
+# Dynamically create commands for each configuration
+for name, cfg in CONFIG_REGISTRY.items():
+    # Skip bash sub-commands to handle them specially
+    if ':' in name:
+        continue
+    
+    # Create a command function dynamically
+    def make_command(name=name):
+        @cli.command(name=name)
+        def cmd():
+            install_config(name)
+        cmd.__doc__ = cfg['description']
+        return cmd
+    
+    # Add the command to the CLI
+    make_command()
+
+
+# Create bash command group
+@cli.group()
+def bash():
+    """Bash configuration files"""
+    pass
+
+
+# Create bash subcommands
+for name, cfg in CONFIG_REGISTRY.items():
+    if name.startswith('bash:'):
+        sub_name = name.split(':')[1]
+        
+        def make_subcommand(name=name, sub_name=sub_name):
+            @bash.command(name=sub_name)
+            def cmd():
+                install_config(name)
+            cmd.__doc__ = cfg['description']
+            return cmd
+        
+        make_subcommand()
+
+
+# Add bash "all" command
+@bash.command('all')
+def bash_all():
+    """Install all bash configurations"""
+    install_config('bash')
+
+
+if __name__ == "__main__":
+    cli()

resources/test-dot-install

@@ -0,0 +1,145 @@
+#!/bin/sh
+# test-dot-install: Test the dot-install script in an isolated environment
+
+set -e
+
+# Create temporary test environment
+TEST_HOME=$(mktemp -d)
+TEST_CONFIG="$TEST_HOME/.config"
+ORIGINAL_HOME=$HOME
+DOTFILES_DIR="$(cd "$(dirname "$0")" && pwd)"
+SCRIPT="$DOTFILES_DIR/dot-install"
+
+# Ensure cleanup of test environment
+cleanup() {
+  HOME=$ORIGINAL_HOME
+  rm -rf "$TEST_HOME"
+  echo "Cleaned up test environment"
+}
+trap cleanup EXIT
+
+# Color output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+
+# Helper functions
+assert() {
+  if [ "$1" = "$2" ]; then
+    printf "${GREEN}✓ PASS:${NC} $3\n"
+  else
+    printf "${RED}✗ FAIL:${NC} $3 (Expected '$2', got '$1')\n"
+    FAILED=1
+  fi
+}
+
+assert_file_exists() {
+  if [ -e "$1" ]; then
+    printf "${GREEN}✓ PASS:${NC} File exists: $1\n"
+  else
+    printf "${RED}✗ FAIL:${NC} File does not exist: $1\n"
+    FAILED=1
+  fi
+}
+
+assert_symlink() {
+  if [ -L "$1" ]; then
+    local target=$(readlink "$1")
+    if [ "$target" = "$2" ]; then
+      printf "${GREEN}✓ PASS:${NC} Symlink correct: $1 -> $2\n"
+    else
+      printf "${RED}✗ FAIL:${NC} Symlink target mismatch for $1. Expected: $2, Got: $target\n"
+      FAILED=1
+    fi
+  else
+    printf "${RED}✗ FAIL:${NC} Not a symlink: $1\n"
+    FAILED=1
+  fi
+}
+
+# Start testing
+echo "Starting dot-install tests in isolated environment: $TEST_HOME"
+FAILED=0
+HOME="$TEST_HOME"
+mkdir -p "$TEST_CONFIG"
+
+# Create a mock .bashrc for testing source additions
+echo "# Mock .bashrc file" > "$TEST_HOME/.bashrc"
+
+# Test 1: Install bash aliases only
+echo "\nTest 1: Installing bash:aliases only"
+"$SCRIPT" bash:aliases
+
+assert_file_exists "$TEST_CONFIG/bash"
+assert_file_exists "$TEST_CONFIG/bash/bash_aliases"
+assert_symlink "$TEST_CONFIG/bash/bash_aliases" "$DOTFILES_DIR/bash/bash_aliases"
+
+# Check .bashrc was updated
+grep -q "source \$HOME/.config/bash/bash_aliases" "$TEST_HOME/.bashrc"
+if [ $? -eq 0 ]; then
+  printf "${GREEN}✓ PASS:${NC} .bashrc correctly updated for bash_aliases\n"
+else
+  printf "${RED}✗ FAIL:${NC} .bashrc not updated for bash_aliases\n"
+  FAILED=1
+fi
+
+# Test 2: Install full bash
+echo "\nTest 2: Installing full bash package"
+"$SCRIPT" bash
+
+assert_file_exists "$TEST_CONFIG/bash/bash_aliases"
+assert_file_exists "$TEST_CONFIG/bash/bash_completion" 
+assert_file_exists "$TEST_CONFIG/bash/bash_env"
+assert_file_exists "$TEST_CONFIG/bash/bash_functions"
+assert_file_exists "$TEST_CONFIG/bash/fedora_aliases"
+assert_symlink "$HOME/.bash_dir" "$TEST_CONFIG/bash"
+
+# Test 3: Install nvim
+echo "\nTest 3: Installing nvim package"
+"$SCRIPT" nvim
+
+assert_symlink "$TEST_CONFIG/nvim" "$DOTFILES_DIR/nvim"
+
+# Test 4: Install git
+echo "\nTest 4: Installing git package"
+"$SCRIPT" git
+
+assert_symlink "$TEST_HOME/.gitconfig" "$DOTFILES_DIR/git/gitconfig"
+
+# Test 5: Install starship
+echo "\nTest 5: Installing starship package" 
+"$SCRIPT" starship
+
+assert_symlink "$TEST_CONFIG/starship.toml" "$DOTFILES_DIR/dot-config/starship.toml"
+
+# Test 6: Install zellij
+echo "\nTest 6: Installing zellij package"
+"$SCRIPT" zellij
+
+assert_file_exists "$TEST_CONFIG/zellij"
+assert_symlink "$TEST_CONFIG/zellij/config.kdl" "$DOTFILES_DIR/dot-config/zellij.kdl"
+
+# Test 7: Test idempotence (installing twice)
+echo "\nTest 7: Testing idempotence (installing twice)"
+# Redirect output to suppress it during the second run
+"$SCRIPT" git > /dev/null
+
+assert_symlink "$TEST_HOME/.gitconfig" "$DOTFILES_DIR/git/gitconfig"
+
+# Test 8: Test backup functionality
+echo "\nTest 8: Testing backup functionality"
+echo "test content" > "$TEST_HOME/.tmux.conf"
+"$SCRIPT" tmux
+
+assert_file_exists "$TEST_HOME/.tmux.conf.bak"
+assert_symlink "$TEST_HOME/.tmux.conf" "$DOTFILES_DIR/tmux/tmux.conf"
+
+# Report results
+echo "\nTest Summary:"
+if [ $FAILED -eq 0 ]; then
+  printf "${GREEN}All tests passed!${NC}\n"
+  exit 0
+else
+  printf "${RED}$FAILED tests failed!${NC}\n"
+  exit 1
+fi

setup.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+source ./shellib/dot-local/lib/shellib/tasklib.sh
+
+get_gnu_stow_latest_tar_gz() {
+	wget --secure-protocol=auto https://ftpmirror.gnu.org/gnu/stow/stow-latest.tar.gz || {
+		echo "Error: Failed to download GNU Stow" >&2
+		return 1
+	}
+}
+
+unpack_stow_tar_gz_archive() {
+	if [[ ! -f "stow-latest.tar.gz" ]]; then
+		echo "Error: stow-latest.tar.gz not found" >&2
+		return 1
+	fi
+	tar xvf stow-latest.tar.gz
+}
+
+install_stow_latest_from_source() {
+	local stow_dir=$(find . -name "stow-*" -type d | head -1)
+	if [[ -z "$stow_dir" ]]; then
+		echo "Error: Stow source directory not found" >&2
+		return 1
+	fi
+	
+	cd "$stow_dir" || return 1
+	./configure --prefix="$HOME/.local" || return 1
+	make || return 1
+	make install || return 1
+	cd - > /dev/null
+}
+
+install_gnu_stow() {
+	if grep -q 'ID=fedora' /etc/os-release 2>/dev/null; then
+		sudo dnf install -y stow
+	else
+		get_gnu_stow_latest_tar_gz && \
+		unpack_stow_tar_gz_archive && \
+		install_stow_latest_from_source
+	fi
+}
+
+
+"@"

shellib/dot-local/lib/shellib/libseb.sh

@@ -0,0 +1,12 @@
+log() {
+  # Write msg to stderr.
+  # Taken from https://github.com/oils-for-unix/oils/blob/master/stdlib/osh/two.sh
+  echo "$@" >&2
+}
+
+die() {
+  # Write error msg with script name and exit with status 1.
+  # Taken from https://github.com/oils-for-unix/oils/blob/master/stdlib/osh/two.sh
+  log "$@: fatal $@"
+  exit 1
+}

shellib/dot-local/lib/shellib/tasklib.sh

@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+# Task library - provides help functionality for task files
+
+# List all functions defined in the current environment
+list_functions() {
+    declare -F | awk '{print $3}'
+}
+
+# Extract usage information from a function
+get_function_usage() {
+    local func_name="$1"
+    local file="${2:-$0}"
+    
+    # Get the function definition and extract Usage: comments
+    awk -v funcname="$func_name" '
+    /^[[:space:]]*'"$func_name"'[[:space:]]*\(\)/ {
+        in_func = 1
+        next
+    }
+    in_func && /^[[:space:]]*}[[:space:]]*$/ {
+        in_func = 0
+    }
+    in_func && /^[[:space:]]*#[[:space:]]*Usage:/ {
+        sub(/^[[:space:]]*#[[:space:]]*/, "", $0)
+        print $0
+    }
+    ' "$file"
+}
+
+# Display help for all functions in a task file
+show_task_help() {
+    local file="${1:-$0}"
+    local func_list=$(list_functions | sort)
+    
+    echo "Available tasks:"
+    echo "================"
+    echo
+    
+    for funcname in $func_list; do
+        # Skip internal functions and the help function itself
+        if [[ ! "$funcname" =~ ^(_|show_task_help|list_functions|get_function_usage) ]]; then
+            local usage=$(get_function_usage "$funcname" "$file")
+            if [[ -n "$usage" ]]; then
+                printf "%-30s %s\n" "$funcname" "- $usage"
+            else
+                printf "%-30s\n" "$funcname"
+            fi
+        fi
+    done
+    echo
+    echo "Run any task by calling it directly: ./tasks <task_name>"
+}
+
+# Alternative: Show detailed help for a specific function
+show_function_help() {
+    local func_name="$1"
+    local file="${2:-$0}"
+    
+    if ! declare -f "$func_name" >/dev/null 2>&1; then
+        echo "Error: Function '$func_name' not found" >&2
+        return 1
+    fi
+    
+    echo "Help for: $func_name"
+    echo "==================="
+    
+    local usage=$(get_function_usage "$func_name" "$file")
+    if [[ -n "$usage" ]]; then
+        echo "$usage"
+    else
+        echo "No usage information available"
+    fi
+}

stow/dot-stow-global-ignore

@@ -0,0 +1,23 @@
+# Comments and blank lines are allowed.
+
+RCS
+.+,v
+
+CVS
+\.\#.+       # CVS conflict files / emacs lock files
+\.cvsignore
+
+\.svn
+_darcs
+\.hg
+
+\.git
+\.gitignore
+\.gitmodules
+
+.+~          # emacs backup files
+\#.*\#       # emacs autosave files
+
+^/README.*
+^/LICENSE.*
+^/COPYING

stow/dot-stowrc

@@ -0,0 +1,5 @@
+--dotfiles
+--dir=${HOME}/dotfiles
+--target=${HOME}
+--no-folding
+--verbose