feat: 1Password SSH agent auto-setup and SSH config template

- Add 1Password SSH agent socket symlink creation in setup.sh
- Copy ssh/example template to ~/.ssh/config on fresh install
- Update Brewfile with additional packages (bun, pnpm, qq, teamviewer, etc.)
- Update documentation (CHECKLIST, MIGRATION_GUIDE, README)

Brewfile

@@ -1,8 +1,8 @@
 tap "anomalyco/tap"
 tap "farion1231/ccswitch"
 tap "minio/stable"
+tap "oven-sh/bun"
 tap "vitobotta/tap"
-brew "act"
 brew "argocd"
 brew "asciinema"
 brew "autojump"
@@ -43,8 +43,8 @@ brew "neovim"
 brew "nexttrace"
 brew "ripgrep"
 brew "opencode"
+brew "pnpm"
 brew "postgresql@17", restart_service: :changed
-brew "rclone"
 brew "redis", restart_service: :changed
 brew "rustup"
 brew "starship"
@@ -56,6 +56,7 @@ brew "wget"
 brew "xcbeautify"
 brew "zsh"
 brew "minio/stable/mc"
+brew "oven-sh/bun/bun"
 brew "vitobotta/tap/hetzner_k3s"
 cask "1password"
 cask "alacritty"
@@ -83,23 +84,29 @@ cask "notion"
 cask "obsidian"
 cask "only-switch"
 cask "orbstack"
+cask "qq"
 cask "raycast"
 cask "spotify"
 cask "stats"
+cask "teamviewer"
 cask "telegram"
 cask "typeless"
 cask "visual-studio-code@insiders"
 cask "wechat"
+cask "wechatwork"
+cask "wpsoffice-cn"
 mas "1Password for Safari", id: 1569813296
 mas "GarageBand", id: 682658836
 mas "iMovie", id: 408981434
 mas "Keynote", id: 409183694
 mas "Numbers", id: 409203825
 mas "Pages", id: 409201541
+vscode "alefragnani.project-manager"
 vscode "anthropic.claude-code"
 vscode "donjayamanne.githistory"
 vscode "dreamecho.git-blame-lens"
 vscode "eamodio.gitlens"
+vscode "esbenp.prettier-vscode"
 vscode "github.copilot-chat"
 vscode "golang.go"
 vscode "gruntfuggly.todo-tree"
@@ -115,6 +122,7 @@ vscode "openai.chatgpt"
 vscode "redhat.vscode-yaml"
 vscode "rust-lang.rust-analyzer"
 vscode "vscodevim.vim"
+vscode "vue.volar"
 vscode "wakatime.vscode-wakatime"
 go "rsc.io/2fa"
 go "golang.org/x/tools/cmd/callgraph"

CHECKLIST.md

@@ -39,6 +39,8 @@
 - [ ] **自动** ~/.config/wezterm 软链接
 - [ ] **自动** ~/.config/starship.toml 软链接
 - [ ] **自动** ~/.gitconfig 软链接
+- [ ] **自动** 如不存在则用 `ssh/example` 初始化 ~/.ssh/config
+- [ ] **自动** 如可用则创建 ~/.1password/agent.sock 符号链接
 - [ ] **自动** Git 全局配置 (excludesfile, defaultBranch)
 - [ ] **自动** fzf 安装和配置
 
@@ -74,6 +76,7 @@ cat ~/.ssh/id_ed25519.pub | pbcopy
 - [ ] **手动** 生成 SSH 密钥
 - [ ] **手动** 添加密钥到 1Password
 - [ ] **手动** 添加公钥到代码托管平台
+- [ ] **手动** 按需调整 ~/.ssh/config 中的主机配置
 
 ### 验证 Git 配置
 ```bash

MIGRATION_GUIDE.md

@@ -33,6 +33,7 @@
 | `starship.toml` | Starship 配置 | Shell 提示符 |
 | `Brewfile` | Homebrew 包列表 | 所有工具和应用 |
 | `setup.sh` | 安装脚本 | 一键配置 |
+| `ssh/example` | SSH 配置模板 | 初始化 `~/.ssh/config` |
 | `CHECKLIST.md` | 检查清单 | 配置验证 |
 | `QUICKSTART.md` | 快速开始 | 3-5 分钟配置 |
 | `README.md` | 完整文档 | 使用说明 |
@@ -67,7 +68,7 @@ secrets.txt        # 密钥文件
 - [ ] Git 用户信息 (name, email)
 - [ ] 1Password SSH Agent
 - [ ] Kubeconfig (工作集群配置)
-- [ ] SSH config (如果有自定义主机)
+- [ ] SSH config 中的自定义主机条目（如需额外调整）
 
 ### 需要单独备份的
 
@@ -98,6 +99,7 @@ cd ~/.dotfiles
 - ✅ zsh antigen 安装
 - ✅ asdf 版本管理器安装
 - ✅ dotfiles 软链接创建
+- ✅ 如 `~/.ssh/config` 不存在，则用模板初始化
 - ✅ Git 基础配置
 - ✅ fzf 安装
 
@@ -129,7 +131,7 @@ cat ~/.ssh/id_ed25519.pub
 #### 1Password SSH Agent (如果使用)
 
 ```bash
-# 创建符号链接
+# 如果 install 没自动创建，再手动创建符号链接
 mkdir -p ~/.1password
 ln -s ~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock ~/.1password/agent.sock
 

README.md

@@ -313,6 +313,7 @@ MIT
 |------|------|-----------|
 | **Brewfile** | Homebrew 包列表 | ✅ |
 | **SSH 公钥** | `~/.ssh/*.pub` | ⚠️ 不提交 |
+| **SSH 配置备份** | `~/.ssh/config` | ⚠️ 不提交 |
 | **Git 配置摘要** | 用户信息（脱敏） | ⚠️ 不提交 |
 | **1Password 配置** | SSH Agent 设置 | ✅ |
 | **VSCode 扩展** | 已安装扩展列表 | ✅ |
@@ -336,6 +337,8 @@ git commit -m 'backup: update dotfiles'
 
 - ⚠️ **不要提交**: `.git_config_summary.txt`, `ssh_backup_*/`
 - ✅ **可以提交**: `Brewfile`, `.1password_config.txt`, `.vscode_extensions.txt`
+- `./setup.sh install` / `./setup.sh full-recover` 会在 `~/.ssh/config` 不存在时，用 `ssh/example` 初始化一份本地配置
+- `./setup.sh install` 也会在检测到 1Password socket 后，自动创建 `~/.1password/agent.sock`
 
 ---
 

setup.sh

@@ -191,6 +191,28 @@ function cmd_install() {
     mkdir -p "$HOME_DIR/.config"
     mkdir -p "$HOME_DIR/.ssh"
     mkdir -p "$HOME_DIR/.kube"
+    mkdir -p "$HOME_DIR/.1password"
+
+    local op_agent_target="$HOME_DIR/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
+    local op_agent_link="$HOME_DIR/.1password/agent.sock"
+    if [ -S "$op_agent_target" ]; then
+        if [ -L "$op_agent_link" ]; then
+            local op_link_target
+            op_link_target=$(readlink "$op_agent_link")
+            if [ "$op_link_target" = "$op_agent_target" ]; then
+                print_success "1Password SSH agent link already exists"
+            else
+                print_warning "~/.1password/agent.sock points elsewhere; leaving it unchanged"
+            fi
+        elif [ -e "$op_agent_link" ]; then
+            print_warning "~/.1password/agent.sock already exists; leaving it unchanged"
+        else
+            ln -s "$op_agent_target" "$op_agent_link"
+            print_success "Linked 1Password SSH agent"
+        fi
+    else
+        print_warning "1Password SSH agent socket not found yet"
+    fi
     
     # Link files
     print_warning "Linking files..."
@@ -228,6 +250,28 @@ function cmd_install() {
             print_warning "Not found: $from"
         fi
     done
+
+    # Install SSH config from template without symlinking it into the repo.
+    local ssh_template="$WORKING_DIR/ssh/example"
+    local ssh_target="$HOME_DIR/.ssh/config"
+    if [ -f "$ssh_template" ]; then
+        if [ -L "$ssh_target" ]; then
+            local ssh_link_target
+            ssh_link_target=$(readlink "$ssh_target")
+            if [ "$ssh_link_target" = "$WORKING_DIR/ssh/config" ] || [ "$ssh_link_target" = "$ssh_template" ]; then
+                rm "$ssh_target"
+                cp "$ssh_template" "$ssh_target"
+                print_success "Copied SSH config from template"
+            else
+                print_warning "~/.ssh/config is a custom symlink; leaving it unchanged"
+            fi
+        elif [ -f "$ssh_target" ]; then
+            print_warning "~/.ssh/config already exists; leaving it unchanged"
+        else
+            cp "$ssh_template" "$ssh_target"
+            print_success "Copied SSH config from template"
+        fi
+    fi
     
     # Initialize git config excludesfile
     print_warning "Configuring git..."
@@ -518,6 +562,8 @@ function cmd_full_recover() {
     echo "  git config --file ~/.gitconfig user.email 'your@email.com'"
     echo "  git config --file ~/.gitconfig user.signingkey 'your-ssh-key'"
     echo ""
+    echo "  # SSH config template is in ~/.dotfiles/ssh/example"
+    echo "  # 1Password SSH agent symlink should exist at ~/.1password/agent.sock"
     echo "  # Generate new SSH keys"
     echo "  ssh-keygen -t ed25519 -C 'your@email.com'"
     echo ""

ssh/example

@@ -1,7 +1,6 @@
-Host *
+Include ~/.orbstack/ssh/config
-    #HostkeyAlgorithms +ssh-rsa
-    #PubkeyAcceptedAlgorithms +ssh-rsa
 
+Host *
     IdentityAgent "~/.1password/agent.sock"
     ServerAliveInterval 60
     TCPKeepAlive yes
@@ -10,11 +9,9 @@ Host github.com
     Hostname ssh.github.com
     Port 443
     User git
-    # set to personal by default
     IdentityFile ~/.ssh/Personal.pub
     IdentitiesOnly yes
 
-# Personal
 Host personalgit
     Hostname ssh.github.com
     Port 443
@@ -22,7 +19,6 @@ Host personalgit
     IdentityFile ~/.ssh/Personal.pub
     IdentitiesOnly yes
 
-# Work
 Host workgit
     Hostname ssh.github.com
     Port 443