refactor: modular .bashrc.d/ structure

- Rewrite .bashrc as minimal loader (34 lines → loads .bashrc.d/*.sh)
- Clean .bash_profile: single source, Apple Silicon/Intel brew path
- Add .bashrc.d/ with 7 topic modules:
    00_env.sh      PS1, OSTYPE, colors, pyenv
    10_aliases.sh  universal aliases
    20_functions.sh proxy, dbash, git helpers
    30_work.sh     work-host detection, LDAP, AWX, Juniper tools
                   (+ unified-hub-login with env-var creds)
    40_k8s.sh      kubectl completion + aliases
    50_ai_env.sh   WORKSPACE/DATA_ROOT/MODEL_ROOT paths
    60_dotfiles.sh dotfiles manager aliases, zet shortcuts
- Secrets (SN_PASSWORD, LDAP bind PWs, Unified Hub token) moved
  to ~/.bashrc.local (gitignored, written by setup script)
- Update .dotfiles_manifest to track .bashrc.d directory

.bashrc.d/00_env.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# 00_env.sh — Core environment: prompt, editor, OS detection, terminal colors
+# Shared across all machines. No secrets. No machine-specific paths.
+# ============================================================================
+
+export PS1='\h:\w\$ '
+export PS2='> '
+export FTP_PASSIVE_MODE=YES
+export RSYNC_RSH=ssh
+
+# Use short hostname consistently (macOS and Linux)
+HOSTNAME=$(hostname -s)
+HOSTDOMAIN=$(hostname -d 2>/dev/null || true)
+export HOSTNAME HOSTDOMAIN
+
+EDITOR=vim
+export EDITOR
+set -o vi
+
+# -----------------------------------------------------------------------
+# OS-specific
+# -----------------------------------------------------------------------
+_OSTYPE=$(uname -s)
+
+case $_OSTYPE in
+Linux)
+    alias ls='ls -F'
+    alias pst='ps axjf'
+    if type "$EDITOR" >/dev/null 2>&1; then
+        alias vi="${EDITOR}"
+    else
+        EDITOR=vi
+    fi
+    export PAGER=$(type less >/dev/null 2>&1 && echo less || echo more)
+
+    function yaml2json {
+        python -c 'import sys, yaml, json; print(json.dumps(yaml.safe_load(sys.stdin.read())))'
+    }
+    ;;
+Darwin)
+    alias pst='pstree'
+    export CLICOLOR=1
+    export DOCKER_DEFAULT_PLATFORM=linux/amd64
+    export BASH_SILENCE_DEPRECATION_WARNING=1
+
+    # pyenv — only init if installed
+    if command -v pyenv >/dev/null 2>&1; then
+        export PYENV_ROOT="$HOME/.pyenv"
+        export PATH="$PYENV_ROOT/bin:$PATH"
+        eval "$(pyenv init --path)"
+        eval "$(pyenv init -)"
+    fi
+    ;;
+FreeBSD)
+    export CLICOLOR=1
+    export LSCOLORS=fxgxcxdxbxegedabagacad
+    ;;
+esac
+
+# -----------------------------------------------------------------------
+# Terminal-specific
+# -----------------------------------------------------------------------
+case $TERM in
+xterm*)
+    export LS_COLORS='no=00:fi=00:di=00;35:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;31:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:*.pl=00;32:'
+    alias ls='ls -F --color'
+    ;;
+esac

.bashrc.d/10_aliases.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# 10_aliases.sh — Universal aliases, safe on all machines and profiles
+# ============================================================================
+
+# Navigation / file listing
+alias l='less'
+alias t='tail -f'
+alias la='ls -a'
+alias lf='ls -FA'
+alias ll='ls -lAh | more'
+alias lt='ls -tlAh | more'
+alias a='alias'
+alias h='history 25'
+
+# Screen
+alias sl='screen -list'
+alias sr='screen -r'
+
+# Process inspection
+alias psg='pstree | grep'
+alias ps-m='ps aux --sort -rss'
+
+# Docker — short forms
+alias d='docker'
+alias di='docker images'
+alias dp='docker ps'
+alias dr='docker run'
+alias db='docker build'
+
+# Git helpers
+alias giturl='git config --get remote.origin.url'
+alias gitresetpw='git config --global credential.helper osxkeychain'
+alias git-clean='git-prune-branches'

.bashrc.d/20_functions.sh

@@ -0,0 +1,131 @@
+#!/usr/bin/env bash
+# 20_functions.sh — Universal shell functions, safe on all machines
+# ============================================================================
+
+# -----------------------------------------------------------------------
+# Proxy management
+# -----------------------------------------------------------------------
+function proxy_on() {
+    export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
+
+    if (($# > 0)); then
+        export http_proxy="http://$1/"
+        export https_proxy=$http_proxy
+        export ftp_proxy=$http_proxy
+        export rsync_proxy=$http_proxy
+        export HTTP_PROXY=$http_proxy
+        export HTTPS_PROXY=$http_proxy
+        echo "Proxy set to: $http_proxy"
+        return 0
+    fi
+
+    echo -n "username (leave blank if none): "
+    read -r username
+    local pre=""
+    if [[ $username != "" ]]; then
+        echo -n "password: "
+        read -rs password; echo
+        pre="$username:$password@"
+    fi
+
+    echo -n "server: "
+    read -r server
+    echo -n "port: "
+    read -r port
+
+    export http_proxy="http://${pre}${server}:${port}/"
+    export https_proxy=$http_proxy
+    export ftp_proxy=$http_proxy
+    export rsync_proxy=$http_proxy
+    export HTTP_PROXY=$http_proxy
+    export HTTPS_PROXY=$http_proxy
+    export FTP_PROXY=$http_proxy
+    export RSYNC_PROXY=$http_proxy
+    echo "Proxy environment set."
+}
+
+function proxy_off() {
+    unset http_proxy https_proxy ftp_proxy rsync_proxy
+    unset HTTP_PROXY HTTPS_PROXY FTP_PROXY RSYNC_PROXY
+    echo "Proxy environment cleared."
+}
+
+# -----------------------------------------------------------------------
+# Docker helpers
+# -----------------------------------------------------------------------
+function dbash() {
+    docker exec -it "$1" bash
+}
+
+function curl_time() {
+    curl -w "@curl-format.txt" -o /dev/null -s "$1"
+}
+
+# -----------------------------------------------------------------------
+# Git: prune merged/orphaned local branches
+# -----------------------------------------------------------------------
+function git-prune-branches() {
+    echo "🌿 Git Branch Cleanup"
+    echo "===================="
+    echo
+
+    if ! git rev-parse --git-dir >/dev/null 2>&1; then
+        echo "❌ Not in a git repository"; return 1
+    fi
+
+    local main_branch
+    main_branch=$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@')
+    [[ -z "$main_branch" ]] && main_branch="main"
+
+    echo "📡 Fetching and pruning..."
+    git fetch --all --prune
+    echo
+
+    local merged_branches
+    merged_branches=$(git branch --merged "$main_branch" | grep -v "^\*" | grep -v "$main_branch" | grep -v "master" || true)
+    echo "🗑️  Merged branches:"
+    if [[ -z "$merged_branches" ]]; then
+        echo "   (none)"
+    else
+        echo "$merged_branches"
+        echo
+        read -r -p "Delete merged branches? (y/N): " -n 1
+        echo
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+            echo "$merged_branches" | xargs -n 1 git branch -d
+            echo "✅ Deleted."
+        fi
+    fi
+
+    echo
+    local orphaned
+    orphaned=$(git branch -vv | grep ': gone]' | awk '{print $1}' || true)
+    echo "🗑️  Orphaned branches (remote deleted):"
+    if [[ -z "$orphaned" ]]; then
+        echo "   (none)"
+    else
+        echo "$orphaned"
+        echo
+        read -r -p "Delete orphaned branches? (y/N): " -n 1
+        echo
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+            echo "$orphaned" | xargs -n 1 git branch -D
+            echo "✅ Deleted."
+        fi
+    fi
+
+    echo
+    echo "📊 Remaining branches:"
+    git branch -vv
+    echo
+    echo "✨ Done."
+}
+
+# -----------------------------------------------------------------------
+# SSH key distribution helper
+# -----------------------------------------------------------------------
+function copy_pub_key() {
+    # Usage: copy_pub_key user@host
+    cat ~/.ssh/authorized_keys.kenjim-protected | \
+        ssh "$1" 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys && echo "Key copied"'
+}

.bashrc.d/30_work.sh

@@ -0,0 +1,211 @@
+#!/usr/bin/env bash
+# 30_work.sh — Work / Juniper environment config
+#
+# Loaded when MACHINE_PROFILE=work OR hostname matches work patterns.
+# Secrets (passwords, tokens, API keys) are NOT stored here.
+# They live in ~/.bashrc.local on each work machine.
+# ============================================================================
+
+# -----------------------------------------------------------------------
+# Host detection helper — true on work Mac and all work servers
+# -----------------------------------------------------------------------
+_is_work_host() {
+    # Check MACHINE_PROFILE first (set in .bashrc.local on managed machines)
+    [[ "${MACHINE_PROFILE:-}" == "work" ]] && return 0
+    # Fallback hostname pattern for work servers where .bashrc.local may not exist
+    case "$(hostname -s)" in
+        kenjim-mbp*|etqc-*|etbg-*|engtech-dev-*|zet*) return 0 ;;
+        *) return 1 ;;
+    esac
+}
+
+_is_work_host || return 0   # exit this file silently on personal machines
+
+# -----------------------------------------------------------------------
+# PATH additions (work only)
+# -----------------------------------------------------------------------
+PATH="${HOME}/bin:${HOME}/.local/bin:${PATH}"
+export PATH
+
+# Juniper lab tools (Linux work servers)
+if [[ -d /volume/labtools/bin ]]; then
+    export PATH="${PATH}:/volume/labtools/bin"
+fi
+
+# -----------------------------------------------------------------------
+# Domain: Juniper
+# -----------------------------------------------------------------------
+case "${HOSTDOMAIN:-}" in
+juniper.net|jnpr.net)
+    export PGUSER=ddladmin
+    export PGHOST=localhost
+    ;;
+esac
+
+# -----------------------------------------------------------------------
+# Work Mac (kenjim-mbp) specific
+# -----------------------------------------------------------------------
+case "$(hostname -s)" in
+kenjim-mbp*)
+    export CLICOLOR=1
+    export RAILS_ENV=development
+    export AWS_SDK_LOAD_CONFIG=1
+
+    # AWS profiles — work Mac uses named profile via ~/.aws/config
+    # Override AWS_PROFILE in ~/.bashrc.local if needed per-project
+    export AWS_PROFILE="${AWS_PROFILE:-kenjim-qnc}"
+
+    alias aws-pgdb-qnc-du="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
+    alias aws-pgdb-bng-du="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
+    alias aws-pgdb-qnc-ls="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive"
+    alias aws-pgdb-bng-ls="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive"
+
+    function k8proxy() {
+        export KUBECONFIG="${HOME}/Juniper/K8_Configs/kenjim-k8-config"
+        export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
+        export http_proxy="socks5://localhost:3133/"
+        export https_proxy=$http_proxy
+        export ftp_proxy=$http_proxy
+        export rsync_proxy=$http_proxy
+        echo "k8s proxy set via localhost:3133"
+    }
+
+    function killcrashplan() {
+        sudo launchctl unload /Library/LaunchDaemons/com.crashplan.engine.plist
+    }
+    ;;
+
+# -----------------------------------------------------------------------
+# Work servers (etqc-*, etbg-*, engtech-dev-*)
+# -----------------------------------------------------------------------
+etqc-*|etbg-*|engtech-dev-*)
+    export AWS_SDK_LOAD_CONFIG=1
+    export AWS_PROFILE=pgdb-qnc
+
+    alias aws-pgdb-qnc-du="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
+    alias aws-pgdb-bng-du="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
+    alias aws-pgdb-qnc-ls="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive"
+    alias aws-pgdb-bng-ls="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive"
+
+    # Bash completion on Linux work servers
+    [ -f /usr/share/bash-completion/bash_completion ] && \
+        source /usr/share/bash-completion/bash_completion
+    ;;
+esac
+
+# -----------------------------------------------------------------------
+# Ansible — Juniper infra-ansible shortcuts
+# -----------------------------------------------------------------------
+_ANSIBLE_CFG="${HOME}/Juniper/git/infra-ansible/ansible_cli.cfg"
+_ANSIBLE_INV="inventory/cmdb_rendered/engtech.yml"
+
+if [[ -f "$_ANSIBLE_CFG" ]]; then
+    alias apy="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=yaml     ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
+    alias aps="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=selective ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
+    alias apa="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=actionable ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
+    alias ai="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible-inventory -i ${_ANSIBLE_INV}"
+    alias ans="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible -i ~/ansible/inventory/cmdb/now.py -i ~/ansible/inventory/engtech_prod"
+fi
+unset _ANSIBLE_CFG _ANSIBLE_INV
+
+# -----------------------------------------------------------------------
+# AWX / Tower
+# -----------------------------------------------------------------------
+alias awxjobs='awx jobs list -f human --filter id,name,limit,failed --all'
+
+function setawx() {
+    echo -n "AWX Host: ";     read -r TOWER_HOST
+    echo -n "AWX Username: "; read -r TOWER_USERNAME
+    echo -n "AWX Password: "; read -r -s TOWER_PASSWORD; echo
+    export TOWER_HOST TOWER_USERNAME TOWER_PASSWORD
+    awx -k -f human login
+    awx config -f human | grep base_url
+}
+
+# -----------------------------------------------------------------------
+# Monit helpers (remote)
+# -----------------------------------------------------------------------
+function tmls()  { ssh "$1" ls /etc/monit.d; }
+function tmlog() { ssh "$1" tail -f /var/log/monit.log; }
+
+# -----------------------------------------------------------------------
+# Postgres shortcuts (Juniper TIM environments)
+# -----------------------------------------------------------------------
+alias pgtimdev='psql -U tim_api tim_api_dev'
+alias pgtimtest='psql -U tim_api tim_api_test'
+alias pgtimqdev='psql -U tim_api -h ttqc-tim-mmonit-02 kenjim_devel'
+alias pgtimint='psql -h ttqc-tim-mm-02.juniper.net -U tim_api tim_api_int'
+alias pgtimint2='psql -h ttsv-db-03.juniper.net -U tim_api tim_api_int2'
+alias pgtimprod='psql -h ttqc-tim-mm-02.juniper.net -p 5432 -U tim_api tim'
+alias pgtimloc='psql -U tim_api kenjim_tim'
+alias pgtimweekly='psql -h ttqc-testdb-01 -U tim_api weekly_systest_live'
+alias pgtimqmm='psql -h ttqc-tim-mmonit-02 -U mmonit mmonit'
+alias pgtimbmm='psql -h ttbg-tim-mmonit-01 -U mmonit mmonit'
+alias pgbdrqc='psql -h ttqc-bdr-db01.juniper.net -U tim_api systest_live'
+alias pgbdrbg='psql -h ttbg-bdr-db01.juniper.net -U tim_api systest_live'
+alias pgdlm='psql -h ttqc-dlm-db-ms.ttglb.juniper.net -U ddladmin systest_live'
+
+# -----------------------------------------------------------------------
+# Juniper proxy shortcut
+# -----------------------------------------------------------------------
+alias j_proxy_on='proxy_on qcwebproxylb.juniper.net:3128'
+
+# -----------------------------------------------------------------------
+# k8configs env (if checked out)
+# -----------------------------------------------------------------------
+[[ -f "${HOME}/k8configs/engtech_k8_env.sh" ]] && \
+    source "${HOME}/k8configs/engtech_k8_env.sh"
+
+# -----------------------------------------------------------------------
+# RVM (Ruby — if installed)
+# -----------------------------------------------------------------------
+alias rvmi='source "$HOME/.rvm/scripts/rvm"; echo "rvm initialized..."'
+
+# -----------------------------------------------------------------------
+# LDAP helpers — credentials injected from ~/.bashrc.local
+# Set JNPR_LDAP_BIND_DN and JNPR_LDAP_BIND_PW in ~/.bashrc.local
+# -----------------------------------------------------------------------
+function ldaps() {
+    local dn="${JNPR_LDAP_BIND_DN:-CN=_eng_jira_bind_new,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}"
+    local pw="${JNPR_LDAP_BIND_PW:?Set JNPR_LDAP_BIND_PW in ~/.bashrc.local}"
+    ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \
+        -h ldap-eqx-lb.jnpr.net \
+        -D "$dn" -w "$pw" \
+        sAMAccountName="$1" | perl -p00e 's/\r?\n //g'
+}
+
+function ldaps2() {
+    local dn="${JNPR_LDAP_BIND_DN2:-CN=_eng_labrsrcmgr_bind,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}"
+    local pw="${JNPR_LDAP_BIND_PW2:?Set JNPR_LDAP_BIND_PW2 in ~/.bashrc.local}"
+    ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \
+        -h ldap-qnc-lb.jnpr.net \
+        -D "$dn" -w "$pw" \
+        sAMAccountName="$1" | perl -p00e 's/\r?\n //g'
+}
+
+# -----------------------------------------------------------------------
+# Network / misc Juniper tools
+# -----------------------------------------------------------------------
+function netseg() {
+    curl -k "https://netseg.juniper.net/api/find_ip?hostname=$1" | jq '.'
+}
+
+# Jira CLI shortcut
+alias jira='jira-cli --v2 view --oneline --search-jql "assignee=kenjim and status!=closed and status!=resolved order by priority desc, created asc"'
+
+# -----------------------------------------------------------------------
+# Unified Hub (Artifactory / unified-hub.juniper.net)
+# Credentials pulled from ~/.bashrc.local:
+#   UNIFIED_HUB_USERNAME  e.g. kenjim@juniper.net
+#   UNIFIED_HUB_TOKEN     base64 API token from Artifactory
+# -----------------------------------------------------------------------
+function unified-hub-login() {
+    local url="unified-hub.juniper.net"
+    local user="${UNIFIED_HUB_USERNAME:-}"
+    local token="${UNIFIED_HUB_TOKEN:-}"
+    if [[ -z "$user" || -z "$token" ]]; then
+        echo "ERROR: UNIFIED_HUB_USERNAME and UNIFIED_HUB_TOKEN must be set (add to ~/.bashrc.local)" >&2
+        return 1
+    fi
+    echo "$token" | docker login -u "$user" --password-stdin "$url"
+}

.bashrc.d/40_k8s.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# 40_k8s.sh — Kubernetes / kubectl aliases and completion
+#
+# Loaded on all machines but only meaningful on work hosts.
+# kubectl must be installed for completion to activate.
+# ============================================================================
+
+command -v kubectl >/dev/null 2>&1 || return 0   # skip silently if not installed
+
+# Bash completion
+source <(kubectl completion bash)
+alias k=kubectl
+complete -o default -F __start_kubectl k
+
+# Config inspection
+alias kc='kubectl config view'
+alias kuc='kubectl config use-context'
+
+# Resource shortcuts
+alias kd='kubectl describe'
+alias ke='kubectl explain'
+alias kg='kubectl get'
+alias kl='kubectl logs -f'
+alias kp='kubectl get pods -o wide'
+alias kq='kubectl describe quota'
+alias ks='kubectl get services'
+alias kpl='kubectl get pods --show-labels'
+alias kdp='kubectl describe pod'
+alias kgs='kubectl get secrets'
+
+# Context / namespace switchers
+alias kx='f() { [ "$1" ] && kubectl config use-context "$1" || kubectl config current-context; }; f'
+alias kn='f() { [ "$1" ] && kubectl config set-context --current --namespace "$1" || kubectl config view --minify | grep namespace | cut -d" " -f6; }; f'

.bashrc.d/50_ai_env.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# 50_ai_env.sh — AI / ML workspace environment variables and aliases
+# Shared across all machines, profile-neutral.
+# ============================================================================
+
+export WORKSPACE="$HOME/workspace"
+export DATA_ROOT="$HOME/data"
+export MODEL_ROOT="$HOME/models"
+
+# HuggingFace cache
+export HF_HOME="$MODEL_ROOT/huggingface"
+
+# Ollama model store
+export OLLAMA_MODELS="$MODEL_ROOT/ollama"
+
+# Navigation shortcuts
+alias ws='cd $WORKSPACE'
+alias src='cd $WORKSPACE/src'
+alias data='cd $DATA_ROOT'
+alias models='cd $MODEL_ROOT'

.bashrc.d/60_dotfiles.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# 60_dotfiles.sh — Dotfiles manager aliases and git server shortcut
+# ============================================================================
+
+export DOTFILES_DIR="$HOME/dotfiles"
+export DOTFILES_REMOTE="http://172.27.0.35:3000/kenjim/dotfiles"
+
+# Main command
+alias dotfiles='bash $HOME/scripts/dotfiles_manager.sh'
+alias dot='bash $HOME/scripts/dotfiles_manager.sh'
+
+# Quick shortcuts
+alias dots-sync='bash $HOME/scripts/dotfiles_manager.sh sync'
+alias dots-push='bash $HOME/scripts/dotfiles_manager.sh push'
+alias dots-status='bash $HOME/scripts/dotfiles_manager.sh status'
+
+# Gitea server shortcut (ssh into the server itself)
+alias zet='ssh zet'
+alias gitea='open http://172.27.0.35:3000 2>/dev/null || echo "http://172.27.0.35:3000"'