diff --git a/.beads/sync_base.jsonl b/.beads/sync_base.jsonl
index 8584226..13a8fb5 100644
--- a/.beads/sync_base.jsonl
+++ b/.beads/sync_base.jsonl
@@ -3,7 +3,7 @@
 {"id":"nixos-configs-0vf","title":"Fix conflicting audio role config","description":"From System Roles evaluation: The audio role has conflicting services.pulseaudio config present while pipewire is enabled. PipeWire replaces PulseAudio, so the pulseaudio config should be removed.","status":"in_review","priority":2,"issue_type":"bug","created_at":"2026-01-10T10:31:25.821735114-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.970343033-08:00"}
 {"id":"nixos-configs-1wd","title":"When building the USB image, find a way to pre-run doom sync","description":"After booting into a live usb, if I want to run emacs I must first run `doom sync` - which also requires internet access. This is time consuming and annoying.","acceptance_criteria":"Upon booting into a live usb image, `emacs -nw` opens emacs to the doom splash screen","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T09:10:21.469199401-08:00","created_by":"johno","updated_at":"2026-01-10T10:47:13.879427741-08:00","closed_at":"2026-01-10T10:30:24.839041681-08:00"}
 {"id":"nixos-configs-265","title":"Mu4e emails sending without body content","notes":"Gitea issue #2: https://git.johnogle.info/johno/nixos-configs/issues/2\n\nNOTE: PR #4 exists as a potential fix for this issue.\nhttps://git.johnogle.info/johno/nixos-configs/pulls/4","status":"closed","priority":2,"issue_type":"bug","created_at":"2026-01-10T12:27:40.01586007-08:00","created_by":"johno","updated_at":"2026-01-10T12:28:20.226268233-08:00","closed_at":"2026-01-10T12:28:20.226268233-08:00","close_reason":"Duplicate - PR #4 already addresses this issue"}
-{"id":"nixos-configs-2eu","title":"Resolve CI open questions: runner config and binary cache","description":"Open questions from CI research (nixos-configs-2hq):\n\n## Questions to Resolve\n\n1. **Runner Configuration**\n   - What labels are configured on the existing runner?\n   - Is Nix available on the runner (host-based or container)?\n   - What's the runner's system architecture?\n\n2. **Binary Cache Decision**\n   - Is a binary cache desired for faster builds?\n   - Options: Cachix (hosted), Attic (self-hosted), none\n   - Trade-off: Setup complexity vs build speed improvement\n\n## Actions\n- Document current runner setup\n- Decide on caching strategy\n- Update research doc with findings\n\nRelated: nixos-configs-2hq (CI enablement)","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-12T21:01:31.34125749-08:00","created_by":"johno","updated_at":"2026-01-12T21:01:31.34125749-08:00"}
+{"id":"nixos-configs-2eu","title":"Resolve CI open questions: runner config and binary cache","description":"Open questions from CI research (nixos-configs-2hq):\n\n## Questions to Resolve\n\n1. **Runner Configuration**\n   - What labels are configured on the existing runner?\n   - Is Nix available on the runner (host-based or container)?\n   - What's the runner's system architecture?\n\n2. **Binary Cache Decision**\n   - Is a binary cache desired for faster builds?\n   - Options: Cachix (hosted), Attic (self-hosted), none\n   - Trade-off: Setup complexity vs build speed improvement\n\n## Actions\n- Document current runner setup\n- Decide on caching strategy\n- Update research doc with findings\n\nRelated: nixos-configs-2hq (CI enablement)","notes":"## Research Findings (2026-01-13)\n\n### Runner Configuration\n- **Type**: DinD (gitea/act_runner:0.2.13-dind)\n- **Labels**: Default (ubuntu-latest)\n- **Architecture**: x86_64/amd64\n- **Resources**: 3Gi RAM, 2 CPU cores\n- **Node affinity**: fast-cpu + fast-storage nodes\n- **Config**: /home/johno/k3s-cluster-config/clusters/oglenet/apps/infrastructure/gitea-actions-runner.yaml\n- **No built-in Nix**: Tools installed on-demand per workflow\n\n### Heirloom Nix Caching Pattern\n- **File**: .gitea/workflows/ci.yml\n- **Installer**: DeterminateSystems/nix-installer-action@main\n- **Cache**: actions/cache@v4\n- **Cached paths**: /nix/store, /nix/var/nix, ~/.cache/nix\n- **Key strategy**: nix-${{ runner.os }}-${{ hashFiles('flake.lock') }}\n- **Restore keys**: nix-${{ runner.os }}-\n\n### Multi-Repo Strategy Options\n1. Copy-paste pattern (simplest)\n2. Reusable composite action (DRY)\n3. Shared cache prefix for common nixpkgs (advanced)","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-12T21:01:31.34125749-08:00","created_by":"johno","updated_at":"2026-01-13T15:37:52.300653105-08:00"}
 {"id":"nixos-configs-2hq","title":"Enable CI for nixos-configs repo","description":"Set up continuous integration for the nixos-configs repository.\n\n## Goals\n- Validate flake.nix syntax and structure on PRs/pushes\n- Run `nix flake check` to catch evaluation errors early\n- Consider building key configurations to catch build failures\n\n## Considerations\n- Choose CI platform (GitHub Actions, etc.)\n- Cache nix store for faster builds\n- Decide which configurations to build (all vs critical subset)","notes":"Research complete: thoughts/beads-nixos-configs-2hq/research.md","status":"in_review","priority":2,"issue_type":"task","created_at":"2026-01-10T11:16:17.069453458-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.93236005-08:00","dependencies":[{"issue_id":"nixos-configs-2hq","depends_on_id":"nixos-configs-q3y","type":"blocks","created_at":"2026-01-12T21:01:37.216499-08:00","created_by":"johno"},{"issue_id":"nixos-configs-2hq","depends_on_id":"nixos-configs-4ht","type":"blocks","created_at":"2026-01-12T21:01:37.283279443-08:00","created_by":"johno"}]}
 {"id":"nixos-configs-2mk","title":"Remove wixos (WSL) configuration","description":"WSL is no longer used. Remove the wixos machine configuration entirely from the flake and any associated home-manager config.","status":"in_review","priority":3,"issue_type":"task","created_at":"2026-01-10T10:31:28.363467309-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.874939972-08:00"}
 {"id":"nixos-configs-4ht","title":"Handle private google-cookie-retrieval input in CI","description":"The flake has a private input at `flake.nix:36-39`:\n\n```nix\ngoogle-cookie-retrieval = {\n  url = \"git+https://git.johnogle.info/johno/google-cookie-retrieval.git\";\n  inputs.nixpkgs.follows = \"nixpkgs\";\n};\n```\n\nThis requires authentication to the private Gitea server during flake evaluation. Options:\n1. Configure CI runner with SSH/token access to private repos\n2. Make the input optional/conditional\n3. Remove the input if unused\n\nResearch needed: Is this input actually used in any configuration?\n\nRelated: nixos-configs-2hq (CI enablement)","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-12T21:01:30.126212873-08:00","created_by":"johno","updated_at":"2026-01-12T21:01:30.126212873-08:00"}
@@ -12,7 +12,7 @@
 {"id":"nixos-configs-9eq","title":"Improve parallel_beads to enforce worktree/branch workflow","description":"## Problem\n\nThe parallel_beads skill documents creating worktrees, but the implementation subagents worked directly on main branch instead of in isolated worktrees.\n\n## What Happened\n- Subagents implemented changes directly in the working directory on main\n- Had to manually create branch and PR after the fact\n- Risk of accidentally committing to main\n\n## Proposed Fix\n\nUpdate parallel_beads skill to:\n1. **Require worktree creation first** before implementation starts\n2. Add explicit checks that we're not on main branch\n3. Consider making worktree creation part of the subagent launch, not optional\n\n## Related Skills\n- `home/roles/development/skills/parallel_beads.md`\n- `home/roles/development/skills/beads_implement.md`","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-13T07:29:59.616023732-08:00","created_by":"johno","updated_at":"2026-01-13T07:29:59.616023732-08:00"}
 {"id":"nixos-configs-9ky","title":"Add john-endesktop as builder machine (similar to zix790prors)","description":"Configure john-endesktop as a remote builder machine in the NixOS configuration, following the same pattern used for zix790prors. This involves:\n- Adding the machine to distributed builds configuration\n- Setting up SSH keys and access\n- Configuring build capabilities (systems, features, speed factor, etc.)","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-12T21:15:42.418032127-08:00","created_by":"johno","updated_at":"2026-01-12T21:24:22.401288859-08:00","closed_at":"2026-01-12T21:24:22.401288859-08:00","close_reason":"Added john-endesktop as builder and documented SSH setup process"}
 {"id":"nixos-configs-9l8","title":"Mu4e emails aren't sending body content","description":"I tried to send an email to Anthony from The Springs and the to, cc, subject all worked as expected. But the body I wrote was totally missing.\n\nSource: Gitea issue #2","status":"in_review","priority":2,"issue_type":"bug","created_at":"2026-01-10T10:07:08.107097147-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.995139475-08:00"}
-{"id":"nixos-configs-alr","title":"Remove duplicate home-manager imports in wixos/zix790prors","description":"From Flake Structure evaluation: wixos and zix790prors configurations include inputs.home-manager.nixosModules.home-manager redundantly (already in nixosModules).","status":"open","priority":3,"issue_type":"bug","created_at":"2026-01-10T10:31:23.349942257-08:00","created_by":"johno","updated_at":"2026-01-10T10:31:23.349942257-08:00"}
+{"id":"nixos-configs-alr","title":"Remove duplicate home-manager imports in wixos/zix790prors","description":"From Flake Structure evaluation: wixos and zix790prors configurations include inputs.home-manager.nixosModules.home-manager redundantly (already in nixosModules).","notes":"PR: https://git.johnogle.info/johno/nixos-configs/pulls/27","status":"in_review","priority":3,"issue_type":"bug","created_at":"2026-01-10T10:31:23.349942257-08:00","created_by":"johno","updated_at":"2026-01-13T14:28:36.637701854-08:00"}
 {"id":"nixos-configs-auw","title":"Evaluate System Roles","description":"# Investigation: System Roles\n\n## Questions to Answer\n- Are roles properly scoped?\n- Is there duplication between roles?\n- Are option patterns consistent?\n\n## Key Files\n- `roles/default.nix` - System role patterns\n- `roles/*/default.nix` - Individual role definitions\n\n## Approach\n1. Use `/humanlayer:research_codebase_nt` to analyze role structure\n2. Identify duplication or inconsistencies\n3. Use `/humanlayer:create_plan_nt` to plan consolidation if needed","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T10:08:22.922593746-08:00","created_by":"johno","updated_at":"2026-01-10T10:12:32.208373693-08:00","closed_at":"2026-01-10T10:12:32.208373693-08:00","close_reason":"# System Roles Evaluation - Complete\n\n## Overview\n\nThe NixOS configuration uses a role-based architecture at `/home/johno/nixos-configs/roles/` with 12 distinct roles for NixOS systems plus a separate Darwin configuration.\n\n## Role Structure Summary\n\n### Top-Level Roles\n| Role | Pattern | Options | Description |\n|------|---------|---------|-------------|\n| audio | mkEnableOption | enable | PipeWire/PulseAudio with audio tools |\n| bluetooth | mkEnableOption | enable | Bluetooth with Blueman |\n| btrfs | Comprehensive | enable, filesystems (nested) | BTRFS management with scrub/dedup/balance |\n| desktop | Composite | enable + suboptions | Desktop environment with X11/Wayland/KDE |\n| kodi | Comprehensive | enable, autologin, wayland, jellyfinScaleFactor, appLauncherServer | Media center setup |\n| nfs-mounts | mkEnableOption | enable, requireMount (TODO) | NFS client mounts |\n| nvidia | mkEnableOption | enable | NVIDIA driver utilities |\n| printing | mkEnableOption | enable | CUPS with Avahi/network printing |\n| remote-build | Multi-config | enableBuilder, builders[], fallbackToLocalBuild | Distributed build client/server |\n| spotifyd | mkEnableOption | enable | Spotify Connect daemon |\n| users | Mixed | enable, extraGroups, kids | User account management |\n| virtualisation | mkEnableOption | enable | Docker + libvirt |\n\n### Desktop Sub-Roles\n- x11.nix - i3 window manager with DDC/CI monitor control\n- wayland.nix - Sway compositor with Wayland tools\n- kde.nix - Plasma 6 desktop\n- sddm.nix - SDDM display manager\n- gaming.nix - Steam, Lutris, emulators\n- programs.nix - Common desktop programs (always enabled when desktop.enable=true)\n- steamos.nix - Jovian/SteamOS for Steam Deck\n\n## Findings\n\n### Strengths\n\n1. **Consistent Option Pattern**: Most roles follow `roles.\u003cname\u003e.enable` with `mkIf cfg.enable` guards\n2. **Proper Scoping**: Each role is self-contained in its own directory/file\n3. **Composability**: Roles can be combined without conflicts (e.g., spotifyd enables audio role)\n4. **Sophisticated Features**: btrfs and remote-build roles have well-designed nested option structures\n\n### Issues and Inconsistencies\n\n1. **Option Pattern Variance**:\n   - Most use `mkEnableOption` (audio, bluetooth, etc.)\n   - remote-build uses `mkOption` for `enableBuilder` (different naming)\n   - desktop suboptions use `mkOption type=bool` instead of mkEnableOption\n   - kodi options lack proper type definitions for some options\n\n2. **Duplication Between roles/default.nix and roles/darwin.nix**:\n   - Both define identical `environment.systemPackages` (git, glances, pciutils, tree, usbutils, vim)\n   - Both have identical nix settings (experimental-features, max-jobs, trusted-users, etc.)\n   - Both have identical gc settings\n   - Both have `nixpkgs.config.allowUnfree = true`\n   - darwin.nix duplicates timezone and commented buildMachines config\n\n3. **Hardcoded Values**:\n   - printing role has hardcoded printer URI (ipp://brother.oglehome/ipp/print)\n   - nfs-mounts hardcodes NFS server IP (10.0.0.43)\n   - virtualisation role hardcodes \"johno\" for docker group\n\n4. **Incomplete Implementations**:\n   - nfs-mounts has TODO: implement requireMount\n   - audio role has conflicting services.pulseaudio config while pipewire is enabled\n   - nvidia role only adds packages, no driver configuration\n\n5. **Missing Type Definitions**:\n   - users.extraGroups and kodi.autologin/wayland lack type annotations\n\n## Role Usage Across Machines\n\n| Machine | Roles Used |\n|---------|------------|\n| zix790prors | audio, bluetooth, desktop (full), nfs-mounts, nvidia, printing, remote-build (builder), users, virtualisation |\n| nix-book | audio, bluetooth, desktop (wayland+kde), nfs-mounts, printing, remote-build (client), spotifyd, users, virtualisation |\n| nix-deck | audio, bluetooth, desktop (wayland+kde+steamos), remote-build (client), users |\n| boxy | audio, bluetooth, desktop (wayland+kde), kodi, nfs-mounts, users |\n| wixos (WSL) | audio, desktop (wayland), users |\n| live-usb | audio, bluetooth, desktop (kde+x11+wayland) |\n| john-endesktop | users only (ZFS server, minimal) |\n\n## Recommendations\n\n1. **Extract common config**: Create a base role for shared NixOS/Darwin settings (packages, nix config, locale, timezone)\n\n2. **Standardize option patterns**:\n   - Use mkEnableOption consistently for boolean enables\n   - Add proper type annotations to all options\n\n3. **Parameterize hardcoded values**:\n   - Make printer URI configurable in printing role\n   - Make NFS server configurable in nfs-mounts role\n   - Make user for docker group configurable\n\n4. **Fix audio role**: Remove conflicting pulseaudio config (pipewire replaces it)\n\n5. **Complete nvidia role**: Should configure hardware.nvidia or reference machine-specific config\n\n6. **Consider steamos.nix location**: Currently requires manual import, could be auto-imported in desktop/default.nix"}
 {"id":"nixos-configs-bli","title":"Move bootstrap/build-liveusb scripts to flake apps","description":"From Scripts \u0026 Utilities evaluation: bootstrap.sh and build-liveusb.sh are standalone scripts at the repo root. Consider moving them to flake apps for consistency with update-doomemacs, update-claude-code, etc.","status":"open","priority":4,"issue_type":"task","created_at":"2026-01-10T10:31:30.737925302-08:00","created_by":"johno","updated_at":"2026-01-10T10:31:30.737925302-08:00"}
 {"id":"nixos-configs-cph","title":"Add Gitea issue tracker integration","description":"## Summary\nAdd Gitea/Forgejo issue tracker integration to beads, following the patterns established by the Linear integration (bidirectional sync) and the GitHub/Jira import examples.\n\n## Context\nThe beads project at ~/src/beads/ already has:\n- **Linear**: Full bidirectional sync in `internal/linear/` (types, client, mapping)\n- **GitHub**: Import-only via `examples/github-import/gh2jsonl.py`\n- **Jira**: Import + partial export via `examples/jira-import/`\n\n## Implementation Structure\nBased on Linear's architecture, create:\n\n```\ninternal/gitea/\n├── types.go          # API response types (Issue, Label, User, Repository)\n├── client.go         # REST client with pagination, auth, rate limiting\n├── mapping.go        # Field conversion (status, priority, labels → beads)\n└── mapping_test.go   # Comprehensive mapping tests\n```\n\n## Key Components\n\n### types.go\n- Gitea REST API response structures\n- ClientConfig (baseURL, token, owner, repo)\n- SyncStats/SyncResult types\n\n### client.go\n- `NewClient(baseURL, token string)` constructor\n- `FetchIssues(ctx, state, pageSize)` - paginated fetch\n- `FetchIssuesSince(ctx, since)` - incremental via `updated_at`\n- `CreateIssue(ctx, ...)` / `UpdateIssue(ctx, ...)` - push support\n\n### mapping.go\n- Status mapping: Gitea (open/closed) → Beads (open/in_progress/closed/blocked)\n- Priority inference from labels (Gitea has no native priority)\n- Type inference from labels (bug, feature, etc.)\n- Hash-based ID generation with collision handling\n\n## Gitea API Specifics\n- REST API: `GET /repos/{owner}/{repo}/issues`\n- Auth: `Authorization: token \u003ctoken\u003e` header\n- Pagination: `page` + `limit` params (not cursor-based)\n- Rate limits: Standard HTTP headers\n\n## Phased Approach\n\n**Phase 1 (MVP):** Import-only\n- REST client + types\n- Basic field mapping\n- Script-based JSONL export (like gh2jsonl.py)\n\n**Phase 2:** Bidirectional sync\n- Push support (create/update)\n- Incremental sync via timestamps\n- RPC integration for `bd sync --gitea`\n\n**Phase 3:** Advanced\n- Issue relations/dependencies\n- Auto-import with file watching\n- Configurable mapping via `bd config`\n\n## References\n- Linear integration: `internal/linear/` (best template for bidirectional)\n- GitHub import: `examples/github-import/gh2jsonl.py`\n- Importer core: `internal/importer/importer.go`","notes":"Phases split into separate beads:\n- Phase 1: nixos-configs-g47 (import-only)\n- Phase 2: nixos-configs-yrc (bidirectional sync)\n- Phase 3: nixos-configs-f7d (advanced features)\n\nPlan for Phase 1: thoughts/beads-nixos-configs-g47/plan.md","status":"closed","priority":2,"issue_type":"feature","created_at":"2026-01-12T20:00:24.253907038-08:00","created_by":"johno","updated_at":"2026-01-12T20:41:43.817012592-08:00","closed_at":"2026-01-12T20:41:43.817012592-08:00","close_reason":"Deprioritized - revisit after more workflow experimentation"}
@@ -22,6 +22,7 @@
 {"id":"nixos-configs-f7d","title":"Gitea integration Phase 3: Advanced features","description":"Advanced Gitea integration features.\n\nDeliverables:\n- Issue relations/dependencies sync\n- Configurable mapping via bd config\n- Auto-import with file watching\n- Milestone/project support\n\nParent: nixos-configs-cph","status":"closed","priority":4,"issue_type":"task","created_at":"2026-01-12T20:31:54.704415817-08:00","created_by":"johno","updated_at":"2026-01-12T20:41:43.8115778-08:00","closed_at":"2026-01-12T20:41:43.8115778-08:00","close_reason":"Deprioritized - revisit after more workflow experimentation","dependencies":[{"issue_id":"nixos-configs-f7d","depends_on_id":"nixos-configs-yrc","type":"blocks","created_at":"2026-01-12T20:32:05.938697843-08:00","created_by":"johno"}]}
 {"id":"nixos-configs-fkt","title":"Parameterize hardcoded values in roles","description":"From System Roles evaluation: Several roles have hardcoded values that should be configurable:\n- printing role: hardcoded printer URI (ipp://brother.oglehome/ipp/print)\n- nfs-mounts: hardcoded NFS server IP (10.0.0.43)\n- virtualisation: hardcoded 'johno' for docker group","status":"in_review","priority":3,"issue_type":"task","created_at":"2026-01-10T10:31:25.104059999-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.910726046-08:00"}
 {"id":"nixos-configs-g47","title":"Gitea integration Phase 1: Import-only Go package","description":"Create internal/gitea/ package with REST client and import support.\n\nTarget: git.johnogle.info\n\nDeliverables:\n- types.go - Gitea API response types\n- client.go - REST client with pagination, auth\n- mapping.go - Field conversion to beads format\n- Import via JSONL generation or direct importer integration\n\nParent: nixos-configs-cph","notes":"Plan: thoughts/beads-nixos-configs-g47/plan.md","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-12T20:31:52.854036374-08:00","created_by":"johno","updated_at":"2026-01-12T20:41:43.786807944-08:00","closed_at":"2026-01-12T20:41:43.786807944-08:00","close_reason":"Deprioritized - revisit after more workflow experimentation"}
+{"id":"nixos-configs-g72","title":"Move import_gitea_issues to user-level skill","notes":"Move the import_gitea_issues skill from project-level (.claude/commands/) to user-level (home/roles/development/skills/).\n\nCurrent location: .claude/commands/import_gitea_issues.md\nTarget location: home/roles/development/skills/import_gitea_issues.md\n\nThe pattern in home/roles/development/default.nix already handles copying skills from the skills/ directory to ~/.claude/commands/ during Home Manager activation.\n\nSteps:\n1. Move .claude/commands/import_gitea_issues.md to home/roles/development/skills/\n2. Delete the project-level file\n3. Rebuild Home Manager to verify it installs correctly","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-13T15:37:21.943582814-08:00","created_by":"johno","updated_at":"2026-01-13T15:38:05.00187434-08:00","closed_at":"2026-01-13T15:38:05.00187434-08:00","close_reason":"Closed"}
 {"id":"nixos-configs-geh","title":"Evaluate Scripts \u0026 Utilities","description":"# Investigation: Scripts \u0026 Utilities\n\n## Questions to Answer\n- Are flake apps organized?\n- Are there automation opportunities?\n- Are scripts discoverable and documented?\n\n## Key Files\n- Flake apps definitions\n- Shell scripts in the repo\n- Utility modules\n\n## Approach\n1. Use `/humanlayer:research_codebase_nt` to analyze scripts and utilities\n2. Identify missing automation opportunities\n3. Use `/humanlayer:create_plan_nt` to plan improvements","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T10:08:26.9906695-08:00","created_by":"johno","updated_at":"2026-01-10T10:11:53.187286416-08:00","closed_at":"2026-01-10T10:11:53.187286416-08:00","close_reason":"# Scripts \u0026 Utilities Evaluation\n\n## Summary\nThe NixOS config repository has a well-organized scripts and utilities system with good practices in place.\n\n## Flake Apps (4 available apps)\nAll apps defined in flake.nix, cross-platform (x86_64-linux, aarch64-linux, aarch64-darwin):\n- update-doomemacs: Updates DoomEmacs to latest commit with SHA256 refresh\n- update-claude-code: Updates claude-code package from Homebrew cask (supports --dry-run)\n- rotate-wallpaper: Cycles through wallpaper index\n- upgrade: Meta-script updating flake + doom + claude + wallpaper\n\n### Architecture Strengths\n- Uses writeShellScriptBin with explicit dependency paths via makeBinPath\n- Common dependencies (curl, jq, nix, git, sed, grep, coreutils, gawk) properly managed\n- All scripts use set -euo pipefail for safety\n\n## Standalone Scripts (2 root-level)\n- bootstrap.sh: Initial system setup from remote flake\n- build-liveusb.sh: Builds live USB ISO\n\n## Custom Packages (/packages/) - 5 packages\n1. claude-code - Multi-platform binary distribution with GCS URLs\n2. tea-rbw - Wrapper around tea integrating with rbw for auth\n3. app-launcher-server - Python HTTP server for launching allowlisted apps\n4. vulkan-hdr-layer - HDR graphics layer\n5. perles - Go-based TUI for Beads issue tracking\n\n## Recommendations\nMedium Priority:\n- Add help flags to all flake apps for consistency\n- Consider adding nix run .#help app listing all available apps\n\nLow Priority:\n- Move bootstrap.sh and build-liveusb.sh to flake apps\n- Add comments to packages/default.nix describing each package\n\n## Missing Automation Opportunities\n1. No auto-update mechanism (could add CI job or systemd timer)\n2. No pre-commit hooks for Nix syntax validation\n3. No flake.lock update notifications\n\n## Conclusion\nWell-designed scripts/utilities system using good Nix idioms. The flake apps pattern provides cross-platform consistency. Main gap is documentation/discoverability (minor for personal config). No blocking issues."}
 {"id":"nixos-configs-is4","title":"Extend nvidia role to include driver configuration","description":"From System Roles evaluation: The current roles.nvidia only handles packages, not driver configuration. The hardware.nvidia block is duplicated in zix790prors and wixos. Extend the role to include driver config with options for open driver, power management, etc.","notes":"Plan created: thoughts/beads-nixos-configs-is4/plan.md - NOTE: Work already completed in commit 9973273 (2026-01-10). Recommend closing bead.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T10:31:24.157222208-08:00","created_by":"johno","updated_at":"2026-01-12T20:48:25.864179759-08:00","closed_at":"2026-01-12T20:48:25.864179759-08:00","close_reason":"Already implemented"}
 {"id":"nixos-configs-ny8","title":"Evaluate Flake Structure","description":"# Investigation: Flake Structure\n\n## Questions to Answer\n- Is flake.nix well-organized?\n- Are inputs minimal and up-to-date?\n- Is module composition clear?\n\n## Key Files\n- `flake.nix` (9.4KB) - Primary target\n\n## Approach\n1. Use `/humanlayer:research_codebase_nt` to analyze flake.nix organization\n2. Identify unnecessary inputs or outdated patterns\n3. Use `/humanlayer:create_plan_nt` to plan improvements if needed","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T10:08:22.006574928-08:00","created_by":"johno","updated_at":"2026-01-10T10:11:04.339971068-08:00","closed_at":"2026-01-10T10:11:04.339971068-08:00","close_reason":"## Flake Structure Evaluation Summary\n\n### Overall Assessment: Well-Organized\n\nThe flake.nix is reasonably well-organized for a personal NixOS configuration managing multiple machines across different platforms (NixOS, Darwin, Steam Deck).\n\n---\n\n### Inputs Analysis (11 inputs)\n\n**Essential Inputs (correctly configured):**\n- `nixpkgs` (25.11 stable) - Primary nixpkgs\n- `nixpkgs-unstable` - For bleeding-edge packages\n- `home-manager` / `home-manager-unstable` - Properly follows respective nixpkgs\n- `nix-darwin` - For macOS support, follows nixpkgs\n- `nixos-wsl` - For WSL support\n\n**Specialized Inputs (justified):**\n- `plasma-manager` / `plasma-manager-unstable` - KDE configuration\n- `jovian` - Steam Deck support (follows nixpkgs-unstable)\n- `beads` - Task management tooling\n\n**Custom/Private Inputs:**\n- `google-cookie-retrieval` - Personal tool from git.johnogle.info\n\n**Note:** All inputs properly use `follows` for nixpkgs deduplication - this is a best practice.\n\n---\n\n### Module Composition\n\n**Good Patterns:**\n1. **Role-based architecture** - Both system (`roles/`) and home-manager (`home/roles/`) use a role pattern with `mkEnableOption`\n2. **Machine separation** - Each machine has its own `configuration.nix` under `machines/\u003cname\u003e/`\n3. **Stable/Unstable separation** - `nixosModules` vs `nixosModulesUnstable` for different base systems\n4. **Platform separation** - `darwinModules` for macOS-specific configuration\n5. **Overlay pattern** - Clean overlay providing `pkgs.unstable` and `pkgs.custom`\n\n**Machine Coverage:**\n- 7 NixOS systems: nix-book, boxy, wixos, zix790prors, live-usb, nix-deck, john-endesktop\n- 1 Darwin system: johno-macbookpro\n\n---\n\n### Observations\n\n**Strengths:**\n1. Consistent structure across all machine definitions\n2. Home-manager properly integrated with `useGlobalPkgs = true`\n3. Custom packages accessible via `pkgs.custom`\n4. Flake apps for common maintenance tasks (update-doomemacs, upgrade, etc.)\n5. Compatibility shim for bitwarden-\u003ebitwarden-desktop rename\n\n**Minor Issues:**\n1. `wixos` and `zix790prors` include `inputs.home-manager.nixosModules.home-manager` twice (already in nixosModules)\n2. Description is generic (\"A very basic flake\") - could be more descriptive\n3. Some code duplication between nixosModules and nixosModulesUnstable overlays\n\n**Not Issues:**\n- Duplicate plasma-manager inputs (stable/unstable) are intentional for different nixpkgs bases\n\n---\n\n### Recommendations (Optional)\n\n1. **Low priority:** Remove duplicate home-manager imports in wixos/zix790prors\n2. **Low priority:** Update flake description to be more meaningful\n3. **Low priority:** Could extract common overlay logic to reduce duplication\n\nNo blocking issues found. The flake is well-structured for its purpose."}
@@ -30,7 +31,7 @@
 {"id":"nixos-configs-q3y","title":"Fix kodi role appLauncherServer type error","description":"The kodi role has a type mismatch that breaks `nix flake check`:\n\n```\nerror: In module `machines/boxy/configuration.nix`,\nyou're trying to define a value of type `bool` rather than an\nattribute set for the option `roles.kodi.appLauncherServer`!\n```\n\nThis blocks CI from passing. The option definition in `roles/kodi/default.nix` expects an attribute set but `boxy` is passing a bool.\n\nBlocking: nixos-configs-2hq (CI enablement)","status":"closed","priority":1,"issue_type":"bug","created_at":"2026-01-12T21:01:29.195402351-08:00","created_by":"johno","updated_at":"2026-01-12T22:11:53.484582299-08:00","closed_at":"2026-01-12T22:11:53.484582299-08:00","close_reason":"Closed"}
 {"id":"nixos-configs-rrb","title":"Evaluate Cross-Platform Patterns","description":"# Investigation: Cross-Platform Patterns\n\n## Questions to Answer\n- Are Darwin/WSL/Steam Deck patterns consistent?\n- Is code reuse maximized across platforms?\n- Are platform-specific concerns properly isolated?\n\n## Key Files\n- Darwin machine configs\n- WSL machine configs\n- Steam Deck configs\n- Platform-conditional role patterns\n\n## Approach\n1. Use `/humanlayer:research_codebase_nt` to analyze cross-platform patterns\n2. Identify platform-specific vs shared code\n3. Use `/humanlayer:create_plan_nt` to plan better code sharing","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T10:08:26.316991479-08:00","created_by":"johno","updated_at":"2026-01-10T10:11:52.982340314-08:00","closed_at":"2026-01-10T10:11:52.982340314-08:00","close_reason":"## Cross-Platform Pattern Evaluation\n\n### Platform Overview\n\nThe repository supports **4 distinct platforms**:\n1. **NixOS** (primary): 6 machines (zix790prors, nix-book, boxy, wixos, nix-deck, john-endesktop)\n2. **Darwin/macOS**: 1 machine (johno-macbookpro/blkfv4yf49kt7)\n3. **WSL (NixOS-WSL)**: 1 machine (wixos)\n4. **Steam Deck**: 1 machine (nix-deck, using Jovian-NixOS)\n\n### Architecture Analysis\n\n#### Are Darwin/WSL/Steam Deck Patterns Consistent?\n\n**MIXED**: The patterns are partially consistent but have notable differences:\n\n**Consistent patterns:**\n- All platforms use home-manager for user configuration\n- All home configs import `./roles` (shared) + platform-specific base role\n- Use of `home.roles` option system across all platforms\n- Common `home.stateVersion = \"24.05\"` across all configs\n\n**Inconsistent patterns:**\n- WSL config embeds NVIDIA/graphics config directly rather than using a role\n- Steam Deck uses `nixosModulesUnstable` (different module set) vs stable for others\n- Darwin uses completely separate `darwinModules` with different role structure\n\n#### Is Code Reuse Maximized?\n\n**PARTIALLY - Rating: 7/10**\n\n**Good reuse:**\n- Home roles are well-factored - most roles work cross-platform\n- `base` role uses `pkgs.stdenv.isLinux` for conditional behavior\n- `emacs` role uses `pkgs.stdenv.isDarwin` to select macport vs standard emacs\n- `aerospace` role properly guards Darwin-only features with assertion\n- Shared wallpaper config across i3, sway, plasma-manager, sketchybar\n\n**Duplication found:**\n1. **roles/default.nix vs roles/darwin.nix**: ~50% duplicated code\n   - Both define: time.timeZone, environment.systemPackages, nix.* settings\n   - Darwin lacks: i18n settings, xserver.xkb, openssh, emergency mode config\n   \n2. **Flake module lists**: nixosModules/nixosModulesUnstable/darwinModules have overlapping overlay configs\n\n3. **Home paths**: Darwin uses `/Users/johno` vs Linux `/home/johno` - handled correctly with mkForce\n\n#### Are Platform-Specific Concerns Properly Isolated?\n\n**GOOD - Rating: 8/10**\n\n**Well isolated:**\n- `home/roles/base-darwin` imports aerospace (Darwin-only)\n- `home/roles/base-linux` imports plasma-manager, i3+sway (Linux-only)\n- `aerospace` role has explicit Darwin assertion\n- System roles (audio, bluetooth, desktop, etc.) are NixOS-only in roles/default.nix\n- Steam Deck config imports `roles/desktop/steamos.nix` for Jovian integration\n\n**Could improve:**\n- WSL-specific config inline in machine config rather than a `wsl` role\n- NVIDIA config duplicated in wixos vs using roles.nvidia\n\n### Key Findings\n\n#### Cross-Platform Role Structure\n```\nhome/roles/\n  default.nix          -- Shared roles (imported by all)\n  base-darwin/         -- Darwin-specific (aerospace)\n  base-linux/          -- Linux-specific (plasma-manager, i3+sway)\n  aerospace/           -- Darwin-only with assertion\n  plasma-manager/      -- Linux-only (imported via base-linux)\n  i3+sway/            -- Linux-only (imported via base-linux)\n  [other roles]        -- Cross-platform\n```\n\n#### Platform Conditionals Found (4 instances)\n1. `packages/claude-code/default.nix:42` - autoPatchelfHook for Linux\n2. `home/roles/emacs/default.nix:23` - emacs-macport vs emacs\n3. `home/roles/base/default.nix:34` - randomizedDelaySec only on Linux\n4. `home/roles/aerospace/default.nix:116` - Darwin-only assertion\n\n### Recommendations\n\n1. **Extract shared system config**: Create `roles/common.nix` for settings shared between NixOS and Darwin (timezone, nix settings, base packages)\n\n2. **Create WSL role**: Move wixos NVIDIA/graphics config to `roles/wsl.nix` for reusability\n\n3. **Consolidate flake overlays**: The overlay configuration is repeated 3x - could extract to a function\n\n4. **Document platform matrix**: Add comments in flake.nix explaining which modules support which platforms\n\n5. **Consider conditional imports**: Some roles (desktop, communication) have Linux-only packages but no guards - could add `lib.optionals pkgs.stdenv.isLinux`"}
 {"id":"nixos-configs-tcu","title":"Add platform compatibility guards to cross-platform roles","description":"From Cross-Platform evaluation: Some roles like desktop and communication contain Linux-only packages but no guards. Add lib.optionals pkgs.stdenv.isLinux where appropriate to prevent issues on Darwin.","status":"in_review","priority":3,"issue_type":"task","created_at":"2026-01-10T10:31:29.864582809-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.818790822-08:00"}
-{"id":"nixos-configs-tdf","title":"Add skill to import Gitea issues as beads","description":"Create a skill that imports open Gitea issues as beads, skipping those already imported","notes":"Plan: thoughts/beads-nixos-configs-tdf/plan.md","status":"in_progress","priority":2,"issue_type":"feature","created_at":"2026-01-10T12:29:28.686736386-08:00","created_by":"johno","updated_at":"2026-01-13T07:02:09.324144066-08:00"}
+{"id":"nixos-configs-tdf","title":"Add skill to import Gitea issues as beads","description":"Create a skill that imports open Gitea issues as beads, skipping those already imported","notes":"Plan: thoughts/beads-nixos-configs-tdf/plan.md","status":"closed","priority":2,"issue_type":"feature","created_at":"2026-01-10T12:29:28.686736386-08:00","created_by":"johno","updated_at":"2026-01-13T14:15:31.197918353-08:00","closed_at":"2026-01-13T14:15:31.197918353-08:00","close_reason":"Skill already exists and verified working - all plan items complete"}
 {"id":"nixos-configs-u81","title":"Add --help flags to all flake apps","description":"From Scripts \u0026 Utilities evaluation: Some flake apps (like update-claude-code) have --help, others don't. Add --help flags to all apps for consistency and discoverability.","status":"in_review","priority":4,"issue_type":"task","created_at":"2026-01-10T10:31:31.672159415-08:00","created_by":"johno","updated_at":"2026-01-13T06:58:34.844385334-08:00"}
 {"id":"nixos-configs-uji","title":"Add and use starship.rs","status":"closed","priority":3,"issue_type":"feature","created_at":"2026-01-10T10:07:07.088523902-08:00","created_by":"johno","updated_at":"2026-01-10T10:13:46.830449555-08:00","closed_at":"2026-01-10T10:13:46.830449555-08:00","close_reason":"Closed"}
 {"id":"nixos-configs-und","title":"Evaluate Custom Packages","description":"# Investigation: Custom Packages\n\n## Questions to Answer\n- Are packages well-structured?\n- Is overlay usage optimal?\n- Are packages up-to-date with nixpkgs conventions?\n\n## Key Files\n- `packages/default.nix` - Custom package overlay\n- `packages/*/default.nix` - Individual package definitions\n\n## Approach\n1. Use `/humanlayer:research_codebase_nt` to analyze package structure\n2. Check overlay patterns and composition\n3. Use `/humanlayer:create_plan_nt` to plan improvements if needed","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-10T10:08:25.566312823-08:00","created_by":"johno","updated_at":"2026-01-10T10:11:22.107817076-08:00","closed_at":"2026-01-10T10:11:22.107817076-08:00","close_reason":"# Custom Packages Evaluation Complete\n\n## Overview\nThe nixos-configs repository contains 5 custom packages, all managed through a single `packages/default.nix` file that exposes them via `pkgs.custom.*` overlay.\n\n## Package-by-Package Analysis\n\n### 1. claude-code (Well-Structured)\n- **Purpose**: Fetches Claude Code CLI directly from Google Cloud Storage, bypassing npm registry (needed for corporate network restrictions)\n- **Structure**: Excellent - uses `stdenv.mkDerivation` with proper multi-platform support (4 platforms)\n- **Update mechanism**: Has automated `update.sh` script that fetches version/hashes from Homebrew cask - very well designed\n- **Documentation**: Includes comprehensive README.md\n- **Usage**: Exposed via overlay to `pkgs.unstable.claude-code` for Darwin machines\n- **Note**: Also has an unused `npm.nix` with placeholder hash - appears to be abandoned attempt\n\n### 2. vulkan-hdr-layer (Well-Structured)\n- **Purpose**: Vulkan layer for HDR support\n- **Structure**: Proper `stdenv.mkDerivation` with meson build system\n- **Issue**: Uses commit hash version `63d2eec` (unstable version) - consider using tagged releases\n- **Note**: Not currently used anywhere in the configuration (orphaned package?)\n\n### 3. tea-rbw (Simple Wrapper)\n- **Purpose**: Wrapper around `tea` (Gitea CLI) that integrates with rbw (Bitwarden CLI) for authentication\n- **Structure**: Simple `writeShellScriptBin` - appropriate for this use case\n- **Usage**: Used in `home/roles/development/default.nix`\n\n### 4. app-launcher-server (Simple Wrapper)\n- **Purpose**: HTTP server for launching allowlisted applications (Firefox, Kodi)\n- **Structure**: Python script with `writeShellScriptBin` wrapper - clean design\n- **Usage**: Used in `roles/kodi/default.nix` for media center control\n\n### 5. perles (Well-Structured)\n- **Purpose**: TUI for Beads issue tracking system\n- **Structure**: Proper `buildGoModule` with GitHub fetch\n- **Issue**: Uses `rev = \"main\"` instead of pinned commit - can cause reproducibility issues\n- **Usage**: Used in `home/roles/development/default.nix`\n\n## Overlay Integration\nPackages are exposed via overlay in flake.nix:\n```nix\ncustom = prev.callPackage ./packages {};\n```\nThis is a clean, standard pattern.\n\n## Observations\n\n### Strengths\n1. Single entry point (`packages/default.nix`) for all custom packages\n2. Proper use of `callPackage` idiom\n3. Good variety of build patterns (stdenv, buildGoModule, writeShellScriptBin)\n4. Excellent automated update script for claude-code\n5. Proper meta attributes on most packages\n\n### Issues/Recommendations\n1. **vulkan-hdr-layer appears unused** - consider removing if not needed\n2. **perles uses `rev = \"main\"`** - should pin to specific commit for reproducibility\n3. **npm.nix is unused** - leftover file in claude-code directory\n4. **Missing maintainers** - all packages have empty maintainers list\n5. **vulkan-hdr-layer uses unstable version** - uses commit hash, not tagged release\n\n## Nixpkgs Convention Compliance\n- Package naming follows conventions\n- Meta attributes present\n- Uses appropriate build helpers\n- Overlay pattern is idiomatic\n- Could benefit from adding tests for some packages"}