open

.editorconfig

@@ -0,0 +1,21 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
+
+[*.sh]
+indent_style = space
+indent_size = 4
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: [cashpilotthrive-hue]

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug Report
+about: Report a problem with the setup scripts or configuration
+title: "[Bug] "
+labels: bug
+assignees: ''
+---
+
+## Description
+
+A clear description of the bug.
+
+## Environment
+
+- **Linux Distribution**: (e.g., Ubuntu 22.04, Fedora 39, Arch Linux)
+- **Package Manager**: (apt / dnf / pacman)
+- **Shell**: (e.g., bash 5.1)
+
+## Steps to Reproduce
+
+1. Run `./setup.sh`
+2. ...
+
+## Expected Behavior
+
+What you expected to happen.
+
+## Actual Behavior
+
+What actually happened.
+
+## Logs / Error Output
+
+```
+Paste relevant output here
+```
+
+## Additional Context
+
+Any other information that may help diagnose the issue.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Security Issues
+    url: https://hackerone.com/github
+    about: Please report security vulnerabilities through the GitHub Security Bug Bounty.
+  - name: GitHub Actions Questions
+    url: https://github.community/c/code-to-cloud/github-actions
+    about: Ask questions about GitHub Actions on the Community Forum.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature Request
+about: Suggest an improvement or new feature
+title: "[Feature] "
+labels: enhancement
+assignees: ''
+---
+
+## Summary
+
+A brief description of the feature you would like.
+
+## Motivation
+
+Why is this feature needed? What problem does it solve?
+
+## Proposed Solution
+
+Describe how you think this should work.
+
+## Alternatives Considered
+
+Any alternative approaches you have thought about.
+
+## Additional Context
+
+Any other relevant information, screenshots, or references.

.github/copilot-instructions.md

@@ -0,0 +1,39 @@
+# Copilot Instructions
+
+## Project Overview
+
+This is a `.github` organization repository that provides default community health files, GitHub Actions workflows, and Linux system setup scripts for the `cashpilotthrive-hue` organization.
+
+## Repository Structure
+
+- `setup.sh` / `install.sh` — Main setup and quick-install entry points
+- `scripts/` — Modular shell scripts for packages, dev tools, dotfiles, and system config
+- `dotfiles/` — Shell, editor, and terminal configuration files
+- `config/` — Package lists and other configuration data
+- `.github/workflows/` — CI/CD and automation workflows
+
+## Coding Conventions
+
+- All shell scripts use `#!/bin/bash` and `set -e`
+- Variables are quoted: `"$VAR"` not `$VAR`
+- Scripts support multiple package managers: apt (Debian/Ubuntu), dnf (Fedora), pacman (Arch)
+- Idempotent operations — scripts check before acting (e.g., `command -v` before installing)
+- Colored output uses ANSI escape codes via variables (`$RED`, `$GREEN`, `$YELLOW`, `$NC`)
+
+## Workflow Conventions
+
+- Workflows use `permissions: contents: read` (least privilege)
+- Use `actions/checkout@v3` for repository checkout
+- Keep workflow `on:` triggers explicit and minimal
+
+## Testing
+
+- Shell script syntax is validated with `bash -n`
+- Repository structure is validated in CI (directories, required files)
+- Full installation testing requires a real Linux system and is not run in CI
+
+## Security
+
+- Never commit secrets or credentials
+- Workflow permissions should follow least privilege
+- Review third-party actions before use

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "ci"

.github/pull_request_template.md

@@ -0,0 +1,18 @@
+## Description
+
+A brief summary of the changes in this pull request.
+
+## Type of Change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Documentation update
+- [ ] Configuration change
+- [ ] Other (describe below)
+
+## Checklist
+
+- [ ] I have tested the changes locally
+- [ ] Shell scripts pass syntax validation (`bash -n`)
+- [ ] Documentation has been updated (if applicable)
+- [ ] No secrets or sensitive data are included

.github/pull_requests_closed.md

@@ -0,0 +1 @@
+Closed pull request #75 with comment: Closing as duplicate — superseded by the consolidated idempotency work. Please use the latest open PR for this feature.

.github/workflows/domain-realtime.yml

@@ -0,0 +1,100 @@
+name: Domain Realtime Test + Deploy
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+  schedule:
+    - cron: "*/5 * * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: domain-realtime
+  cancel-in-progress: true
+
+jobs:
+  generate-solutions:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        provider: [cloudflare, route53, namecheap]
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Generate provider snippet
+        run: |
+          mkdir -p generated/providers
+          cat > "generated/providers/${{ matrix.provider }}.txt" <<TXT
+          provider=${{ matrix.provider }}
+          domain=$(tr -d '\r\n' < CNAME)
+          target=<org-or-user>.github.io
+          TXT
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: dns-solution-${{ matrix.provider }}
+          path: generated/providers/${{ matrix.provider }}.txt
+
+  test-and-build:
+    runs-on: ubuntu-latest
+    needs: generate-solutions
+    outputs:
+      domain: ${{ steps.meta.outputs.domain }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Install DNS tools
+        run: sudo apt-get update && sudo apt-get install -y dnsutils
+      - name: Run domain tests
+        run: ./scripts/test_domain.sh
+      - name: Generate multi-solution docs/json
+        run: ./scripts/generate_solutions.sh
+      - name: Build status payload
+        id: meta
+        run: |
+          DOMAIN=$(tr -d '\r\n' < CNAME)
+          A_RECORDS=$(dig +short A "$DOMAIN" | paste -sd ',' -)
+          AAAA_RECORDS=$(dig +short AAAA "$DOMAIN" | paste -sd ',' -)
+          NOW=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          mkdir -p site
+          cp generated/solutions.md site/solutions.md
+          cp generated/solutions.json site/solutions.json
+          cat > site/status.json <<JSON
+          {
+            "domain": "$DOMAIN",
+            "checked_at_utc": "$NOW",
+            "a_records": "${A_RECORDS}",
+            "aaaa_records": "${AAAA_RECORDS}",
+            "result": "pass"
+          }
+          JSON
+          echo "domain=$DOMAIN" >> "$GITHUB_OUTPUT"
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: site-build
+          path: |
+            site
+
+  deploy-status-page:
+    if: github.event_name != 'pull_request'
+    runs-on: ubuntu-latest
+    needs: test-and-build
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: site-build
+          path: .
+      - name: Setup Pages
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+      - name: Upload Pages artifact
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+        with:
+          path: ./site
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

.github/workflows/revenue-ops.yml

@@ -0,0 +1,98 @@
+name: Revenue Ops Automation
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Target environment"
+        required: true
+        default: "production"
+        type: choice
+        options:
+          - production
+          - staging
+      run_settlement_reconciliation:
+        description: "Run settlement reconciliation checks"
+        required: true
+        default: true
+        type: boolean
+  schedule:
+    - cron: "15 * * * *"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: revenue-ops-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  provider-health:
+    runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.environment || 'production' }}
+    steps:
+      - name: Validate required baseline configuration
+        run: |
+          missing=0
+          for var in BILLING_PROVIDER CRM_PROVIDER ANALYTICS_PROVIDER DEFAULT_CURRENCY; do
+            if [ -z "${!var}" ]; then
+              echo "Missing variable: $var"
+              missing=1
+            fi
+          done
+
+          if [ "$missing" -eq 1 ]; then
+            echo "One or more required variables are missing."
+            exit 1
+          fi
+
+          echo "Baseline configuration validated."
+        env:
+          BILLING_PROVIDER: ${{ vars.BILLING_PROVIDER }}
+          CRM_PROVIDER: ${{ vars.CRM_PROVIDER }}
+          ANALYTICS_PROVIDER: ${{ vars.ANALYTICS_PROVIDER }}
+          DEFAULT_CURRENCY: ${{ vars.DEFAULT_CURRENCY }}
+
+      - name: Stripe API health check (optional)
+        if: ${{ secrets.STRIPE_API_KEY != '' }}
+        run: |
+          curl -sS https://api.stripe.com/v1/balance \
+            -u "${STRIPE_API_KEY}:" > /tmp/stripe-response.json
+          test -s /tmp/stripe-response.json
+          echo "Stripe API responded successfully."
+        env:
+          STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
+
+      - name: Paddle API health check (optional)
+        if: ${{ secrets.PADDLE_API_KEY != '' }}
+        run: |
+          status_code=$(curl -sS -o /tmp/paddle-response.json -w "%{http_code}" \
+            -H "Authorization: Bearer ${PADDLE_API_KEY}" \
+            https://api.paddle.com/notification-settings)
+
+          if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 400 ]; then
+            echo "Paddle API check failed with status: $status_code"
+            exit 1
+          fi
+
+          echo "Paddle API responded successfully."
+        env:
+          PADDLE_API_KEY: ${{ secrets.PADDLE_API_KEY }}
+
+  settlement-reconciliation:
+    if: ${{ github.event_name == 'schedule' || github.event.inputs.run_settlement_reconciliation == 'true' }}
+    needs: provider-health
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate reconciliation summary
+        run: |
+          echo "Revenue settlement reconciliation stub"
+          echo "Date: $(date -u +%Y-%m-%dT%H:%M:%SZ)"
+          echo "Billing provider: ${BILLING_PROVIDER}"
+          echo "Default currency: ${DEFAULT_CURRENCY}"
+          echo "Threshold alert: ${REVENUE_ALERT_THRESHOLD:-not-set}"
+          echo "Integrate your finance data pull script here."
+        env:
+          BILLING_PROVIDER: ${{ vars.BILLING_PROVIDER }}
+          DEFAULT_CURRENCY: ${{ vars.DEFAULT_CURRENCY }}
+          REVENUE_ALERT_THRESHOLD: ${{ vars.REVENUE_ALERT_THRESHOLD }}