Render personal desktop configs from Ansible templates so public dotfiles no longer expose real identities or mail addresses. Update the bootstrap workflow to consume the rendered mail config and extend the encrypted vault schema for the new private values.
Disable automatic iCloud keyring initialization by default and add a repo-local bootstrap script that reads .mbsyncrc, stores mail secrets in GNOME Keyring, guides Proton Bridge certificate export, and initializes mail sync/indexing.
Install Emacs and copy the desktop .emacs.d config so the editor setup is managed with the rest of desktop dotfiles. Add vterm/build/debug dependencies plus C/C++ and Go tooling needed by the configured workflow.
