refactor: migrate private domain to encrypted file and improve configuration

- Replace interactive prompt with encrypted domain.txt.age file
- Move encryption config to top level in .chezmoi.toml.tmpl
- Add platform-specific shell configuration for chezmoi cd command
- Remove unused Perl PATH configuration from commonrc
- Add commit-staged slash command for git workflow
- Enable nushell banner and improve init_pre.ts logging
- Clean up deprecated installation scripts (ovpn, gitconfig)
- Update hishtory server configuration to use encrypted domain

home/.chezmoi.toml.tmpl

@@ -33,7 +33,7 @@
 {{-   $wsl = (.chezmoi.kernel.osrelease | lower | contains "microsoft") -}}
 {{- end -}}
 
-{{ $privateDomain := promptStringOnce . "privateDomain" "What is the private domain" }}
+encryption = "age"
 
 [merge]
 command = "bash"
@@ -43,7 +43,6 @@ args = [
 ]
 
 [data]
-	privateDomain = {{ $privateDomain | quote }}
 	chassis = {{ $chassisType | quote }}
 	wsl = {{ $wsl }}
 
@@ -58,8 +57,6 @@ args = [
 	identity = "{{ .chezmoi.homeDir }}/key.txt"
 	recipient = "age1s3ctpj9lafl6qwyvd89sn448us7gdzd53d8yyhsc7zny78c0k4sqerrkze"
 
-encryption = "age"
-
 [doppler]
 	project = "dotfiles"
 	config = "production"
@@ -70,3 +67,11 @@ encryption = "age"
 [hooks.update.pre]
 	command = "bun"
 	args = ["{{ .chezmoi.sourceDir }}/hooks/.update_pre.ts"]
+
+{{ if eq .chezmoi.os "windows" }}
+[cd]
+	command = "nu"
+{{ else }}
+[cd]
+	command = "bash"
+{{ end }}

home/.chezmoitemplates/scripts/commonrc.sh.tmpl

@@ -11,7 +11,7 @@ export TERM=xterm-256color  # fixes terminal colors when ssh'ing into laptop
 export OPENAI_API_KEY="{{ dopplerProjectJson.OPENAI_CHATGPT_CLI }}"
 
 # hishtory
-export HISHTORY_SERVER="https://hsh.{{ .data.privateDomain }}"
+export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}"
 export PATH="$PATH:$HOME/.hishtory"
 {{ if eq .shell "zsh" -}}
 source $HOME/.hishtory/config.zsh
@@ -83,15 +83,6 @@ case ":$PATH:" in
   *) export PATH="$PNPM_HOME:$PATH" ;;
 esac
 
-# perl
-if [ -d "$HOME/perl5" ]; then
-    PATH="$HOME/perl5/bin${PATH:+:${PATH}}"; export PATH;
-    PERL5LIB="$HOME/perl5/lib/perl5${PERL5LIB:+:${PERL5LIB}}"; export PERL5LIB;
-    PERL_LOCAL_LIB_ROOT="$HOME/perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}"; export PERL_LOCAL_LIB_ROOT;
-    PERL_MB_OPT="--install_base \"$HOME/perl5\""; export PERL_MB_OPT;
-    PERL_MM_OPT="INSTALL_BASE=$HOME/perl5"; export PERL_MM_OPT;
-fi
-
 # spicetify
 if [ -d "$HOME/.spicetify" ]; then
     export PATH=$PATH:$HOME/.spicetify

home/dot_claude/commands/commit-staged.md

@@ -0,0 +1,17 @@
+---
+allowed-tools: Bash(git status:*), Bash(git diff:*), Bash(git log:*), Bash(git commit:*)
+description: Create a git commit (staged files only)
+---
+
+## Context
+
+- Current git status: !`git status`
+- Current git diff (staged changes only): !`git diff --cached`
+- Current branch: !`git branch --show-current`
+- Recent commits: !`git log --oneline -10`
+
+## Your task
+
+Based on the above staged changes, create a single git commit.
+
+You have the capability to call multiple tools in a single response. Create the commit using a single message. Do not stage any additional files. Do not use any other tools or do anything else. Do not send any other text or messages besides these tool calls.

home/dot_config/nushell/config.nu.tmpl

@@ -148,7 +148,7 @@ let light_theme = {
 
 # The default config record. This is where much of your global configuration is setup.
 $env.config = {
-    show_banner: false # true or false to enable or disable the welcome banner at startup
+    show_banner: true # true or false to enable or disable the welcome banner at startup
 
     ls: {
         use_ls_colors: true # use the LS_COLORS environment variable to colorize output

home/encrypted_domain.txt.age

@@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRkRzdi9vOXZDNkJHcXIr
+czB2SzhxdWhsSy9zbCs5L2txNXRpYm0waUVjCnRha0VmblBsTW40c1BUWmp4TGxk
+eGJXSFhxNDlZeTBLbUYzRTBwenlrMUUKLS0tIEJjNm1ZYzBTelhkTzB4ZnhMWHg2
+SGtJUGZoaitZMTZYbHMzZ0pRRFk0K2MKF/zTT3k3qDpyc48t7VImOtWKnhWkjUKh
+xLoFy9B+8X/ivtWpDJX1DFKym0YhYA==
+-----END AGE ENCRYPTED FILE-----

home/hooks/.init_pre.ts

@@ -1,15 +1,19 @@
 #!/usr/bin/env bun
-console.log("init_pre.ts");
 
 import { exists } from "node:fs/promises";
 import { join } from "node:path";
 import { homedir } from "node:os";
 import { $ } from "bun";
 
+// Type-safe wrapper around console.log that prepends [init_pre]
+const log = (...args: any[]): void => {
+  console.log("[init_pre]", ...args);
+};
+
 const filePath = join(homedir(), "key.txt");
 
 if (await exists(filePath)) {
-  console.log("key.txt already exists");
+  log("key.txt already exists");
   process.exit(0);
 }
 
@@ -24,4 +28,4 @@ if (result.exitCode !== 0) {
 
 // Write the secret to a file
 await Bun.write(filePath, result.stdout);
-console.log("key.txt bootstrapped");
+log("key.txt bootstrapped");

home/run_install_ovpn_config.sh.tmpl

@@ -1,43 +0,0 @@
-#!/bin/bash
-set -eu
-{{/* This script pulls down the OpenVPN-Config.ovpn file. It will do so once per week. */ -}}
-
-FILE=~/.config/ovpn/Local.ovpn
-ONE_WEEK=604800
-
-function displaytime {
-    local T=$1
-    local D=$((T / 60 / 60 / 24))
-    local H=$((T / 60 / 60 % 24))
-    local M=$((T / 60 % 60))
-    local S=$((T % 60))
-    (($D > 0)) && printf '%d days ' $D
-    (($H > 0)) && printf '%d hours ' $H
-    (($M > 0)) && printf '%d minutes ' $M
-    (($D > 0 || $H > 0 || $M > 0)) && printf 'and '
-    printf '%d seconds\n' $S
-}
-
-download() {
-    echo "Downloading OpenVPN-Config.ovpn"
-    TEMP_FILE=$(mktemp)
-    if doppler secrets get OPENVPN_CONFIG --plain >> "$TEMP_FILE"; then
-        mkdir -p "$(dirname "$FILE")"
-        mv "$TEMP_FILE" "$FILE"
-    else
-        echo "Failed to download OpenVPN-Config.ovpn"
-    fi
-}
-
-# Check if file exists
-if [ -f "$FILE" ]; then
-    FILE_ABSOLUTE=$(realpath "$FILE")
-    RELATIVE_SECONDS=$(expr $EPOCHSECONDS - $(stat -c %Y -- "$FILE_ABSOLUTE"))
-
-    if ! test "$RELATIVE_SECONDS" -lt $ONE_WEEK; then
-        echo "File is older than a week, redownloading (last downloaded $(displaytime $RELATIVE_SECONDS) ago)"
-        download
-    fi
-else
-    download
-fi

home/run_onchange_gitconfig.sh.tmpl

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-# We just need to have access to the Git repository
-cd {{ .chezmoi.sourceDir }}
-# The path is relative to the .git/config file
-git config --local include.path ../.gitconfig

home/run_onchange_install-packages.sh.tmpl

@@ -48,7 +48,7 @@ fi
 # Install hishtory
 if ! type -P hishtory; then
     echo "chezmoi: Installing hishtory"
-    export HISHTORY_SERVER="https://hsh.{{ .privateDomain }}"
+    export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}"
     export HISHTORY_SKIP_INIT_IMPORT='true'
     curl https://hishtory.dev/install.py | python3 - --offline --skip-config-modification
 fi