chore(scripts): configure git remote in bootstrap

Add a "Configure git remote" step that points origin at the Gitea host
(git@git.lastcloud.io) and pins the host to port 22222 in ~/.ssh/config so
git doesn't default to port 22 and get rejected by the agent offering too many
keys. Idempotent: reuses existing config on re-run. Also adds git to the
prerequisite checks and renumbers the steps to 1-7.

scripts/bootstrap.sh

@@ -55,6 +55,7 @@ check_command() {
 check_command docker "Install Docker Desktop or OrbStack from https://orbstack.dev"
 check_command mkcert "brew install mkcert"
 check_command openssl "Should be preinstalled on macOS"
+check_command git "brew install git"
 
 if ! docker compose version &> /dev/null; then
     error "Docker Compose v2 not available."
@@ -73,9 +74,75 @@ ok "Docker daemon running"
 echo ""
 
 # ────────────────────────────────────────
-# Step 2: Generate TLS certificates
+# Step 2: Configure git remote
 # ────────────────────────────────────────
-info "Step 2: Setting up TLS certificates..."
+info "Step 2: Configuring git remote..."
+
+GIT_REMOTE_URL="git@git.lastcloud.io:ronnibaslund/dezky.git"
+GIT_SSH_HOST="git.lastcloud.io"
+GIT_SSH_PORT="22222"
+
+if [[ -d "$PROJECT_ROOT/.git" ]]; then
+    CURRENT_URL="$(git -C "$PROJECT_ROOT" remote get-url origin 2>/dev/null || true)"
+    if [[ "$CURRENT_URL" == "$GIT_REMOTE_URL" ]]; then
+        ok "Git remote 'origin' already set to $GIT_REMOTE_URL"
+    elif [[ -n "$CURRENT_URL" ]]; then
+        git -C "$PROJECT_ROOT" remote set-url origin "$GIT_REMOTE_URL"
+        ok "Updated git remote 'origin' → $GIT_REMOTE_URL (was $CURRENT_URL)"
+    else
+        git -C "$PROJECT_ROOT" remote add origin "$GIT_REMOTE_URL"
+        ok "Added git remote 'origin' → $GIT_REMOTE_URL"
+    fi
+
+    # Gitea's git SSH listens on a non-standard port. Without an ssh config
+    # entry, git defaults to port 22 and the global "Host *" 1Password agent
+    # offers too many keys — the server rejects the connection before the right
+    # key is tried. Pin the host to port 22222 and the registered key only.
+    if [[ "$(ssh -G "$GIT_SSH_HOST" 2>/dev/null | awk '/^port /{print $2}')" == "$GIT_SSH_PORT" ]]; then
+        ok "SSH config already routes $GIT_SSH_HOST to port $GIT_SSH_PORT"
+    else
+        warn "$GIT_SSH_HOST is not pinned to port $GIT_SSH_PORT in your SSH config"
+        echo ""
+        echo "The following block is needed in ~/.ssh/config so git can reach Gitea:"
+        echo ""
+        echo "  Host $GIT_SSH_HOST"
+        echo "    HostName $GIT_SSH_HOST"
+        echo "    Port $GIT_SSH_PORT"
+        echo "    User git"
+        echo "    IdentityFile ~/.ssh/id_ed25519"
+        echo "    IdentitiesOnly yes"
+        echo ""
+        read -p "Append this block to ~/.ssh/config automatically? [y/N] " -n 1 -r
+        echo ""
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+            mkdir -p "$HOME/.ssh"
+            {
+                echo ""
+                echo "# Gitea (lastcloud) — Git SSH on port $GIT_SSH_PORT. Force the registered"
+                echo "# key only; the global \"Host *\" agent otherwise offers too many keys."
+                echo "Host $GIT_SSH_HOST"
+                echo "  HostName $GIT_SSH_HOST"
+                echo "  Port $GIT_SSH_PORT"
+                echo "  User git"
+                echo "  IdentityFile ~/.ssh/id_ed25519"
+                echo "  IdentitiesOnly yes"
+            } >> "$HOME/.ssh/config"
+            chmod 600 "$HOME/.ssh/config"
+            ok "Appended SSH config block for $GIT_SSH_HOST"
+        else
+            warn "Skipping SSH config — pushes to $GIT_SSH_HOST may fail until you add it"
+        fi
+    fi
+else
+    warn "No .git directory in $PROJECT_ROOT — skipping git remote setup"
+fi
+
+echo ""
+
+# ────────────────────────────────────────
+# Step 3: Generate TLS certificates
+# ────────────────────────────────────────
+info "Step 3: Setting up TLS certificates..."
 
 mkdir -p "$CERTS_DIR"
 cd "$CERTS_DIR"
@@ -103,9 +170,9 @@ cd "$PROJECT_ROOT"
 echo ""
 
 # ────────────────────────────────────────
-# Step 3: Update /etc/hosts
+# Step 4: Update /etc/hosts
 # ────────────────────────────────────────
-info "Step 3: Setting up /etc/hosts entries..."
+info "Step 4: Setting up /etc/hosts entries..."
 
 HOSTS_ENTRIES=(
     "dezky.local"
@@ -151,9 +218,9 @@ fi
 echo ""
 
 # ────────────────────────────────────────
-# Step 4: Generate .env file
+# Step 5: Generate .env file
 # ────────────────────────────────────────
-info "Step 4: Setting up .env file..."
+info "Step 5: Setting up .env file..."
 
 if [[ -f "$PROJECT_ROOT/.env" ]]; then
     ok ".env file already exists"
@@ -190,9 +257,9 @@ fi
 echo ""
 
 # ────────────────────────────────────────
-# Step 5: Pull Docker images
+# Step 6: Pull Docker images
 # ────────────────────────────────────────
-info "Step 5: Pulling Docker images (this may take a few minutes)..."
+info "Step 6: Pulling Docker images (this may take a few minutes)..."
 
 cd "$COMPOSE_DIR"
 docker compose pull
@@ -201,9 +268,9 @@ ok "All images pulled"
 echo ""
 
 # ────────────────────────────────────────
-# Step 6: Start the stack in stages
+# Step 7: Start the stack in stages
 # ────────────────────────────────────────
-info "Step 6: Starting services..."
+info "Step 7: Starting services..."
 
 info "Starting database layer (postgres, mongo, redis)..."
 docker compose up -d postgres mongo redis