fix(mu4e): Configure msmtp to preserve email body content

The mu4e msmtp configuration was causing email bodies to be stripped, especially for multipart messages from org-msg. This was due to missing critical msmtp settings. Changes: - Add message-sendmail-f-is-evil to prevent -f flag issues - Add --read-envelope-from to msmtp arguments - Set both send-mail-function and message-send-mail-function Fixes: nixos-configs-9l8
2026-01-10 10:39:29 -08:00
33 changed files with 407 additions and 1198 deletions
--- a/.beads/sync_base.jsonl
+++ b/.beads/sync_base.jsonl
--- a/.claude/commands/import_gitea_issues.md
+++ b/.claude/commands/import_gitea_issues.md
@@ -1,130 +0,0 @@
 ---
 description: Import open Gitea issues as beads, skipping already-imported ones
 ---
 # Import Gitea Issues as Beads
 This skill imports open Gitea issues as beads, checking for duplicates to avoid re-importing already tracked issues.
 ## Prerequisites
 - `tea` CLI must be installed and configured for the repository
 - `bd` (beads) CLI must be installed
 - Must be in a git repository with a Gitea/Forgejo remote
 ## Workflow
 ### Step 1: Get open Gitea issues
 List all open issues using `tea`:
 ```bash
 tea issues
 ```
 This returns a table with columns: INDEX, TITLE, LABELS, MILESTONE
 ### Step 2: Get existing beads
 List all current beads to check what's already imported:
 ```bash
 bd list
 ```
 Also check bead notes for issue URLs to identify imports:
 ```bash
 bd list --json | jq -r '.[] | select(.notes != null) | .notes' | grep -oP 'issues/\K\d+'
 ```
 ### Step 3: Check for already-linked PRs
 Check if any open PRs reference beads (skip these issues as they're being worked on):
 ```bash
 tea pr list
 ```
 Look for PRs with:
 - Bead ID in title: `[nixos-configs-xxx]`
 - Bead reference in body: `Implements bead:` or `Bead ID:`
 ### Step 4: For each untracked issue, create a bead
 For each issue not already tracked:
 1. **Get full issue details**:
   ```bash
   tea issue [ISSUE_NUMBER]
   ```
 2. **Determine bead type** based on issue content:
   - "bug" - if issue mentions bug, error, broken, fix, crash
   - "feature" - if issue mentions feature, add, new, enhancement
   - "task" - default for other issues
 3. **Create the bead**:
   ```bash
   bd add "[ISSUE_TITLE]" \
     --type=[TYPE] \
     --priority=P2 \
     --notes="Gitea issue: [ISSUE_URL]
   Original issue description:
   [ISSUE_BODY]"
   ```
   Note: The `--notes` flag accepts multi-line content.
 ### Step 5: Report results
 Present a summary:
 ```
 ## Gitea Issues Import Summary
 ### Imported as Beads
 | Issue | Title | Bead ID | Type |
 |-------|-------|---------|------|
 | #5 | Add dark mode | nixos-configs-abc | feature |
 | #3 | Config broken on reboot | nixos-configs-def | bug |
 ### Skipped (Already Tracked)
 | Issue | Title | Reason |
 |-------|-------|--------|
 | #4 | Update flake | Existing bead: nixos-configs-xyz |
 | #2 | Refactor roles | PR #7 references bead |
 ### Skipped (Other)
 | Issue | Title | Reason |
 |-------|-------|--------|
 | #1 | Discussion: future plans | No actionable work |
 ```
 ## Type Detection Heuristics
 Keywords to detect issue type:
 **Bug indicators** (case-insensitive):
 - bug, error, broken, fix, crash, fail, issue, problem, wrong, not working
 **Feature indicators** (case-insensitive):
 - feature, add, new, enhancement, implement, support, request, want, would be nice
 **Task** (default):
 - Anything not matching bug or feature patterns
 ## Error Handling
 - **tea not configured**: Report error and exit
 - **bd not available**: Report error and exit
 - **Issue already has bead**: Skip and report in summary
 - **Issue is a PR**: Skip (tea shows PRs and issues separately)
 ## Notes
 - Default priority is P2; adjust manually after import if needed
 - Issue labels from Gitea are not automatically mapped to bead tags
 - Run this periodically to catch new issues
 - After import, use `bd ready` to see which beads can be worked on
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
 result
 thoughts
 .beads
--- a/.goosehints
+++ b/.goosehints
@@ -9,7 +9,7 @@ Directory Structure:
 ----------------------
 • packages/      - Custom Nix packages leveraged across various configurations.
 • roles/         - Role-based configurations (e.g., kodi, bluetooth) each with its own module (default.nix) for inclusion in machine setups.
-• machines/      - Machine-specific configurations (e.g., nix-book, zix790prors, boxy) including configuration.nix and hardware-configuration.nix tailored for each hardware.
+• machines/      - Machine-specific configurations (e.g., nix-book, z790prors, boxy, wixos) including configuration.nix and hardware-configuration.nix tailored for each hardware.
 • home/          - Home-manager configurations for personal environments and application settings (e.g., home-nix-book.nix, home-z790prors.nix).
 Design Principles:
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -10,7 +10,7 @@ This is a NixOS configuration repository using flakes, managing multiple machine
 ### Flake Structure
 - **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
- **Machines**: `nix-book`, `boxy`, `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration), `zix790prors`, `live-usb`, `johno-macbookpro` (Darwin/macOS)
 - **Home configurations**: Standalone home-manager configuration for user `johno`
 ### Directory Structure
@@ -74,6 +74,7 @@ The repository also uses a modular home-manager role system for user-space confi
 - **nix-book**: Compact laptop → excludes office/media roles due to SSD space constraints
 - **boxy**: Living room media center → optimized for media consumption, excludes sync/office (shared machine)
 - **zix790prors**: All-purpose workstation → full desktop experience with all roles enabled
 - **wixos**: WSL2 development → full desktop experience, inherits from zix790prors Windows host
 - **live-usb**: Temporary environment → only base + desktop roles, no persistent services
 - **johno-macbookpro**: macOS work laptop → Darwin-specific configuration with development tools
@@ -106,6 +107,7 @@ darwin-rebuild build --flake .#johno-macbookpro
 - `nix-book`: Compact laptop with storage constraints, uses `home/home-laptop-compact.nix`
 - `boxy`: Shared living room media center/gaming desktop with AMD GPU, uses `home/home-media-center.nix`
 - `zix790prors`: Powerful all-purpose workstation (gaming, 3D modeling, development), dual-boots Windows 11 with shared btrfs /games partition, uses `home/home-desktop.nix`
 - `wixos`: WSL2 development environment running in Windows partition of zix790prors, uses `home/home-desktop.nix`
 - `live-usb`: Bootable ISO configuration, uses `home/home-live-usb.nix`
 - `johno-macbookpro`: macOS work laptop, uses `home/home-darwin-work.nix`
--- a/scripts/bootstrap.sh
+++ b/scripts/bootstrap.sh
@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 # bootstrap.sh
-# Usage: nix run .#bootstrap -- <hostname>
+# Usage: sudo ./bootstrap.sh <hostname>
 # Or: sudo ./scripts/bootstrap.sh <hostname>
 set -euo pipefail
 NEW_HOSTNAME="${1:?missing hostname}"
@@ -9,3 +8,4 @@ FLAKE_URI="git+https://git.johnogle.info/johno/nixos-configs.git#${NEW_HOSTNAME}
 export NIX_CONFIG="experimental-features = nix-command flakes"
 nixos-rebuild switch --flake "$FLAKE_URI"
--- a/build-liveusb.sh
+++ b/build-liveusb.sh
@@ -0,0 +1,19 @@
 #!/usr/bin/env bash
 # Build Live USB ISO from flake configuration
 # Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
 set -e
 echo "Building Live USB ISO..."
 nix build .#nixosConfigurations.live-usb.config.system.build.isoImage --show-trace
 if [ -f "./result/iso/"*.iso ]; then
    iso_file=$(ls ./result/iso/*.iso)
    echo "✅ Build complete!"
    echo "📁 ISO location: $iso_file"
    echo "💾 Ready for Ventoy or dd to USB"
 else
    echo "❌ Build failed - no ISO file found"
    exit 1
 fi
--- a/flake.lock
+++ b/flake.lock
@@ -21,42 +21,19 @@
        "type": "github"
      }
    },
-    "doomemacs": {
+    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1767773143,
+        "lastModified": 1765121682,
-        "narHash": "sha256-QL/t9v2kFNxBDyNJb/s411o3mxujan+QX5IZglTdpTk=",
+        "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
-        "owner": "doomemacs",
+        "owner": "edolstra",
-        "repo": "doomemacs",
+        "repo": "flake-compat",
-        "rev": "3e15fb36d7f94f0a218bda977be4d3f5da983a71",
+        "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
        "type": "github"
      },
      "original": {
-        "owner": "doomemacs",
+        "owner": "edolstra",
-        "repo": "doomemacs",
+        "repo": "flake-compat",
        "type": "github"
      }
    },
    "emacs-overlay": {
      "inputs": {
        "nixpkgs": [
          "nix-doom-emacs-unstraightened"
        ],
        "nixpkgs-stable": [
          "nix-doom-emacs-unstraightened"
        ]
      },
      "locked": {
        "lastModified": 1768011937,
        "narHash": "sha256-SnU2XTo34vwVaijs+4VwcXTNwMWO4nwzzs08N39UagA=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
        "rev": "79abf71d9897cf3b5189f7175cda1b1102abc65c",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "emacs-overlay",
        "type": "github"
      }
    },
@@ -182,27 +159,6 @@
        "type": "github"
      }
    },
    "nix-doom-emacs-unstraightened": {
      "inputs": {
        "doomemacs": "doomemacs",
        "emacs-overlay": "emacs-overlay",
        "nixpkgs": [],
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1768034604,
        "narHash": "sha256-62pIZMvGHhYJmMiiBsxHqZt/dFyENPcFHlJq5NJF3Sw=",
        "owner": "marienz",
        "repo": "nix-doom-emacs-unstraightened",
        "rev": "9b3b8044fe4ccdcbb2d6f733d7dbe4d5feea18bc",
        "type": "github"
      },
      "original": {
        "owner": "marienz",
        "repo": "nix-doom-emacs-unstraightened",
        "type": "github"
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
@@ -225,18 +181,38 @@
        "type": "github"
      }
    },
-    "nixpkgs": {
+    "nixos-wsl": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1767480499,
+        "lastModified": 1765841014,
-        "narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=",
+        "narHash": "sha256-55V0AJ36V5Egh4kMhWtDh117eE3GOjwq5LhwxDn9eHg=",
-        "owner": "nixos",
+        "owner": "nix-community",
-        "repo": "nixpkgs",
+        "repo": "NixOS-WSL",
-        "rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92",
+        "rev": "be4af8042e7a61fa12fda58fe9a3b3babdefe17b",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "nix-community",
-        "ref": "nixos-25.11",
+        "ref": "main",
        "repo": "NixOS-WSL",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1765472234,
        "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -257,6 +233,22 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1767480499,
        "narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "plasma-manager": {
      "inputs": {
        "home-manager": [
@@ -311,8 +303,8 @@
        "home-manager-unstable": "home-manager-unstable",
        "jovian": "jovian",
        "nix-darwin": "nix-darwin",
-        "nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened",
+        "nixos-wsl": "nixos-wsl",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "plasma-manager": "plasma-manager",
        "plasma-manager-unstable": "plasma-manager-unstable"
@@ -332,21 +324,6 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -4,6 +4,7 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
    nix-darwin = {
      url = "github:nix-darwin/nix-darwin/nix-darwin-25.11";
@@ -46,85 +47,92 @@
      url = "github:steveyegge/beads";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
    nix-doom-emacs-unstraightened = {
      url = "github:marienz/nix-doom-emacs-unstraightened";
      # Don't follow nixpkgs to avoid rebuild issues with emacs-overlay
      inputs.nixpkgs.follows = "";
    };
  };
-  outputs = { self, nixpkgs, nixpkgs-unstable, ... } @ inputs: let
+  outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
-    # Shared overlay function to reduce duplication across module sets
+    nixosModules = [
-    # Parameters:
+      ./roles
-    #   unstableOverlays: Additional overlays to apply when importing nixpkgs-unstable
+    ] ++ [
-    mkBaseOverlay = { unstableOverlays ? [] }: (final: prev: {
+      inputs.home-manager.nixosModules.home-manager
      {
        nixpkgs.overlays = [
          (final: prev: {
            unstable = import nixpkgs-unstable {
              system = prev.stdenv.hostPlatform.system;
              config.allowUnfree = true;
        overlays = unstableOverlays;
            };
            custom = prev.callPackage ./packages {};
            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
-    });
+          })
-
+        ];
    # Shared home-manager configuration factory
    # Parameters:
    #   sharedModules: Additional modules to include in home-manager.sharedModules
    mkHomeManagerConfig = { sharedModules ? [] }: {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
-      home-manager.sharedModules = sharedModules ++ [
+        home-manager.sharedModules = [
-        inputs.nix-doom-emacs-unstraightened.homeModule
+          inputs.plasma-manager.homeModules.plasma-manager
        ];
        home-manager.extraSpecialArgs = {
          globalInputs = inputs;
        };
    };
    nixosModules = [
      ./roles
      inputs.home-manager.nixosModules.home-manager
      {
        nixpkgs.overlays = [ (mkBaseOverlay {}) ];
      }
      (mkHomeManagerConfig {
        sharedModules = [ inputs.plasma-manager.homeModules.plasma-manager ];
      })
    ];
    # Modules for unstable-based systems (like nix-deck)
    nixosModulesUnstable = [
      ./roles
    ] ++ [
      inputs.home-manager-unstable.nixosModules.home-manager
      inputs.jovian.nixosModules.jovian
      {
-        nixpkgs.overlays = [ (mkBaseOverlay {}) ];
+        nixpkgs.overlays = [
-      }
+          (final: prev: {
-      (mkHomeManagerConfig {
+            unstable = import nixpkgs-unstable {
-        sharedModules = [ inputs.plasma-manager-unstable.homeModules.plasma-manager ];
+              system = prev.stdenv.hostPlatform.system;
              config.allowUnfree = true;
            };
            custom = prev.callPackage ./packages {};
            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
          })
        ];
-
+        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.sharedModules = [
          inputs.plasma-manager-unstable.homeModules.plasma-manager
        ];
        home-manager.extraSpecialArgs = {
          globalInputs = inputs;
        };
      }
    ];
    darwinModules = [
      ./roles/darwin.nix
    ] ++ [
      inputs.home-manager.darwinModules.home-manager
      {
        nixpkgs.overlays = [
-          (mkBaseOverlay {
+          (final: prev: {
            unstable = import nixpkgs-unstable {
              system = prev.stdenv.hostPlatform.system;
              config.allowUnfree = true;
              overlays = [
                # Override claude-code in unstable to use our custom GCS-based build
                # (needed for corporate networks that block npm registry)
            unstableOverlays = [
                (ufinal: uprev: {
-                claude-code = uprev.callPackage ./packages/claude-code {};
+                  claude-code = prev.custom.claude-code or (prev.callPackage ./packages {}).claude-code;
                })
              ];
            };
            custom = prev.callPackage ./packages {};
            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
          })
        ];
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = {
          globalInputs = inputs;
        };
      }
      (mkHomeManagerConfig { sharedModules = []; })
    ];
  in {
@@ -157,6 +165,19 @@
      ];
    };
    nixosConfigurations.wixos = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
      modules = nixosModules ++ [
        nixos-wsl.nixosModules.default
        ./machines/wixos/configuration.nix
        inputs.home-manager.nixosModules.home-manager
        {
          home-manager.users.johno = import ./home/home-desktop.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
    nixosConfigurations.zix790prors = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
      modules = nixosModules ++ [
@@ -198,11 +219,7 @@
      system = "x86_64-linux";
      modules = nixosModules ++ [
        ./machines/john-endesktop/configuration.nix
-        inputs.home-manager.nixosModules.home-manager
+        # Minimal server - no home-manager needed
        {
          home-manager.users.johno = import ./home/home-server.nix;
          home-manager.extraSpecialArgs = { inherit system; };
        }
      ];
    };
@@ -243,16 +260,6 @@
          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
          ${builtins.readFile ./scripts/upgrade.sh}
        '';
        bootstrap = pkgs.writeShellScriptBin "bootstrap" ''
          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
          ${builtins.readFile ./scripts/bootstrap.sh}
        '';
        build-liveusb = pkgs.writeShellScriptBin "build-liveusb" ''
          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
          ${builtins.readFile ./scripts/build-liveusb.sh}
        '';
      in {
        update-doomemacs = {
          type = "app";
@@ -270,14 +277,6 @@
          type = "app";
          program = "${upgrade}/bin/upgrade";
        };
        bootstrap = {
          type = "app";
          program = "${bootstrap}/bin/bootstrap";
        };
        build-liveusb = {
          type = "app";
          program = "${build-liveusb}/bin/build-liveusb";
        };
      }
    );
  };
--- a/home/home-desktop.nix
+++ b/home/home-desktop.nix
@@ -23,7 +23,6 @@
    kubectl.enable = true;
    tmux.enable = true;
    plasma-manager.enable = true;
    starship.enable = true;
  };
  targets.genericLinux.enable = true;
--- a/home/home-laptop-compact.nix
+++ b/home/home-laptop-compact.nix
@@ -23,7 +23,6 @@
    plasma-manager.enable = true;
    emacs.enable = true;
    i3_sway.enable = true;
    starship.enable = true;
    # Launcher wrappers for excluded/optional packages
    launchers = {
--- a/home/home-live-usb.nix
+++ b/home/home-live-usb.nix
@@ -14,14 +14,8 @@
    desktop.enable = true;
    tmux.enable = true;
    plasma-manager.enable = true;
-    emacs = {
+    emacs.enable = true;
      enable = true;
      # Use pre-built Doom Emacs - all packages built at nix build time
      # This means no doom sync is needed after booting the live USB
      prebuiltDoom = true;
    };
    i3_sway.enable = true;
    starship.enable = true;
    # development.enable = false;  # Not needed for live USB
    # communication.enable = false; # Not needed for live USB
    # office.enable = false;       # Not needed for live USB
--- a/home/home-media-center.nix
+++ b/home/home-media-center.nix
@@ -20,7 +20,6 @@
    plasma-manager.enable = true;
    emacs.enable = true;
    i3_sway.enable = true;
    starship.enable = true;
    # office.enable = false;    # Not needed for media center
    # sync.enable = false;      # Shared machine, no personal file sync
  };
--- a/home/home-server.nix
+++ b/home/home-server.nix
@@ -1,26 +0,0 @@
 { pkgs, globalInputs, system, ... }:
 {
  # Home Manager configuration for servers (minimal with development tools)
  home.username = "johno";
  home.homeDirectory = "/home/johno";
  home.stateVersion = "24.05";
  # Minimal roles for server with development capability
  home.roles = {
    base.enable = true;
    development.enable = true;
    emacs.enable = true;
    starship.enable = true;
    tmux.enable = true;
  };
  targets.genericLinux.enable = true;
  home.sessionVariables = {};
  home.sessionPath = [];
  imports = [
    ./roles
    ./roles/base-linux
  ];
 }
--- a/home/roles/default.nix
+++ b/home/roles/default.nix
@@ -19,6 +19,5 @@
    ./sync
    ./tmux
    ./emacs
    ./starship
  ];
 }
--- a/home/roles/development/default.nix
+++ b/home/roles/development/default.nix
@@ -85,25 +85,11 @@ in
        fi
      done
      # Copy local skills from this repo (with retry for race conditions with running Claude)
      for file in ${./skills}/*.md; do
        if [ -f "$file" ]; then
          filename=$(basename "$file" .md)
          dest="$HOME/.claude/commands/''${filename}.md"
          # Remove existing file first, then copy with retry on failure
          rm -f "$dest" 2>/dev/null || true
          if ! cp "$file" "$dest" 2>/dev/null; then
            sleep 0.5
            cp "$file" "$dest" || echo "Warning: Failed to copy $filename.md to commands"
          fi
        fi
      done
      $DRY_RUN_CMD echo "Claude Code humanlayer commands and agents installed successfully${
        if cfg.allowArbitraryClaudeCodeModelSelection
        then " (model specifications preserved)"
        else " (model selection removed)"
-      } + local skills"
+      }"
    '';
    # Set up beads Claude Code integration (hooks for SessionStart/PreCompact)
--- a/home/roles/development/skills/gitea_pr_review.md
+++ b/home/roles/development/skills/gitea_pr_review.md
@@ -1,244 +0,0 @@
 ---
 description: Manage and respond to Gitea/Forgejo PR review comments
 ---
 # Gitea PR Review Comments
 This skill enables reading PR review comments and posting inline thread replies on Gitea/Forgejo instances.
 ## Prerequisites
 - `tea` CLI configured with a Gitea/Forgejo instance
 - Access token from tea config: `~/.config/tea/config.yml`
 - Repository must be a Gitea/Forgejo remote (not GitHub)
 ## Configuration
 Get the Gitea instance URL and token from tea config:
 ```bash
 # Get the default login URL and token
 yq -r '.logins[] | select(.name == "default") | .url' ~/.config/tea/config.yml
 yq -r '.logins[] | select(.name == "default") | .token' ~/.config/tea/config.yml
 ```
 Or if you have a specific login name:
 ```bash
 yq -r '.logins[] | select(.name == "YOUR_LOGIN") | .url' ~/.config/tea/config.yml
 yq -r '.logins[] | select(.name == "YOUR_LOGIN") | .token' ~/.config/tea/config.yml
 ```
 ## Commands
 ### 1. List PR Review Comments
 Fetch all reviews and their comments for a PR:
 ```bash
 # Set environment variables
 GITEA_URL="https://git.johnogle.info"
 TOKEN="<your-token>"
 OWNER="<repo-owner>"
 REPO="<repo-name>"
 PR_NUMBER="<pr-number>"
 # Get all reviews for the PR
 curl -s -H "Authorization: token $TOKEN" \
  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | jq
 # Get comments for a specific review
 REVIEW_ID="<review-id>"
 curl -s -H "Authorization: token $TOKEN" \
  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments" | jq
 ```
 ### 2. View All Review Comments (Combined)
 ```bash
 # Get all reviews and their comments in one view
 curl -s -H "Authorization: token $TOKEN" \
  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | \
  jq -r '.[] | "Review \(.id) by \(.user.login): \(.state)\n  Body: \(.body)"'
 # For each review, show inline comments
 for REVIEW_ID in $(curl -s -H "Authorization: token $TOKEN" \
  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | jq -r '.[].id'); do
  echo "=== Review $REVIEW_ID comments ==="
  curl -s -H "Authorization: token $TOKEN" \
    "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments" | \
    jq -r '.[] | "[\(.path):\(.line)] \(.body)"'
 done
 ```
 ### 3. Reply to Review Comments (Web Endpoint Method)
 The Gitea REST API does not support replying to review comment threads. The web UI uses a different endpoint:
 ```
 POST /{owner}/{repo}/pulls/{pr_number}/files/reviews/comments
 Content-Type: multipart/form-data
 ```
 **Required form fields:**
 - `reply`: Review ID to reply to
 - `content`: The reply message
 - `path`: File path
 - `line`: Line number
 - `side`: `proposed` or `original`
 - `single_review`: `true`
 - `origin`: `timeline`
 - `_csrf`: CSRF token (required for web endpoint)
 **Authentication Challenge:**
 This endpoint requires session-based authentication, not API tokens. Options:
 #### Option A: Use Browser Session (Recommended)
 1. Log in to Gitea in your browser
 2. Open browser developer tools and copy cookies
 3. Use the session cookies with curl
 ```bash
 # First, get CSRF token from the PR page
 CSRF=$(curl -s -c cookies.txt -b cookies.txt \
  "$GITEA_URL/$OWNER/$REPO/pulls/$PR_NUMBER/files" | \
  grep -oP 'name="_csrf" value="\K[^"]+')
 # Post the reply
 curl -s -b cookies.txt \
  -F "reply=$REVIEW_ID" \
  -F "content=Your reply message here" \
  -F "path=$FILE_PATH" \
  -F "line=$LINE_NUMBER" \
  -F "side=proposed" \
  -F "single_review=true" \
  -F "origin=timeline" \
  -F "_csrf=$CSRF" \
  "$GITEA_URL/$OWNER/$REPO/pulls/$PR_NUMBER/files/reviews/comments"
 ```
 #### Option B: Create Top-Level Comment (Fallback)
 If thread replies are not critical, use the API to create a top-level comment:
 ```bash
 # Create a top-level comment mentioning the review context
 curl -s -X POST \
  -H "Authorization: token $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"body\": \"Re: @reviewer's comment on $FILE_PATH:$LINE_NUMBER\n\nYour reply here\"}" \
  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/issues/$PR_NUMBER/comments"
 ```
 Or use tea CLI:
 ```bash
 tea comment $PR_NUMBER "Re: @reviewer's comment on $FILE_PATH:$LINE_NUMBER
 Your reply here"
 ```
 ### 4. Submit a New Review
 Create a new review with inline comments:
 ```bash
 curl -s -X POST \
  -H "Authorization: token $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "body": "Overall review comments",
    "event": "COMMENT",
    "comments": [
      {
        "path": "path/to/file.py",
        "body": "Comment on this line",
        "new_position": 10
      }
    ]
  }' \
  "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews"
 ```
 Event types: `COMMENT`, `APPROVE`, `REQUEST_CHANGES`
 ## Workflow Example
 ### Reading and Responding to Reviews
 1. **Set up environment**:
   ```bash
   export GITEA_URL=$(yq -r '.logins[] | select(.name == "default") | .url' ~/.config/tea/config.yml)
   export TOKEN=$(yq -r '.logins[] | select(.name == "default") | .token' ~/.config/tea/config.yml)
   export OWNER="johno"
   export REPO="nixos-configs"
   export PR_NUMBER="5"
   ```
 2. **List all pending review comments**:
   ```bash
   # Get reviews
   curl -s -H "Authorization: token $TOKEN" \
     "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews" | \
     jq -r '.[] | select(.state == "REQUEST_CHANGES" or .state == "COMMENT") |
       "Review \(.id) by \(.user.login) (\(.state)):\n\(.body)\n"'
   ```
 3. **Get detailed comments for a review**:
   ```bash
   REVIEW_ID="2"
   curl -s -H "Authorization: token $TOKEN" \
     "$GITEA_URL/api/v1/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments" | \
     jq -r '.[] | "File: \(.path):\(.line)\nComment: \(.body)\nID: \(.id)\n---"'
   ```
 4. **Respond using top-level comment** (most reliable):
   ```bash
   tea comment $PR_NUMBER "Addressing review feedback:
   - File \`path/to/file.py\` line 10: Fixed the issue by...
   - File \`other/file.py\` line 25: Updated as suggested..."
   ```
 ## API Reference
 ### Endpoints
 | Action | Method | Endpoint |
 |--------|--------|----------|
 | List reviews | GET | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews` |
 | Get review | GET | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}` |
 | Get review comments | GET | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments` |
 | Create review | POST | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews` |
 | Submit review | POST | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}` |
 | Delete review | DELETE | `/api/v1/repos/{owner}/{repo}/pulls/{index}/reviews/{id}` |
 | Create issue comment | POST | `/api/v1/repos/{owner}/{repo}/issues/{index}/comments` |
 ### Review States
 - `PENDING` - Draft review not yet submitted
 - `COMMENT` - General comment without approval/rejection
 - `APPROVE` - Approving the changes
 - `REQUEST_CHANGES` - Requesting changes before merge
 ## Limitations
 1. **Thread replies**: The Gitea REST API does not support replying directly to review comment threads. This is a known limitation. Workarounds:
   - Use top-level comments with context
   - Use the web UI manually for thread replies
   - Implement session-based authentication to use the web endpoint
 2. **CSRF tokens**: The web endpoint for thread replies requires CSRF tokens, which expire and need to be fetched from the page.
 3. **Session auth**: API tokens work for REST API but not for web endpoints that require session cookies.
 ## Tips
 - Always quote file paths and line numbers when responding via top-level comments
 - Use `tea pr view $PR_NUMBER --comments` to see all comments
 - Use `tea open pulls/$PR_NUMBER` to open the PR in browser for manual thread replies
 - Consider using `tea pr approve $PR_NUMBER` after addressing all comments
 ## See Also
 - Gitea API Documentation: https://docs.gitea.com/api/1.20/
 - `tea` CLI: https://gitea.com/gitea/tea
--- a/home/roles/development/skills/parallel_beads.md
+++ b/home/roles/development/skills/parallel_beads.md
@@ -1,205 +0,0 @@
 ---
 description: Orchestrate parallel bead processing with worktrees, PRs, and reviews
 ---
 # Parallel Beads Workflow
 This skill orchestrates parallel bead processing using subagents. Each bead gets its own worktree, implementation, PR, and review.
 ## Phase 1: Selection
 1. **Get ready beads**: Run `bd ready` to list all beads with no blockers
 2. **Present selection**: Use `AskUserQuestion` with `multiSelect: true` to let the user choose which beads to work on
   - Include bead ID and title for each option
   - Allow selection of multiple beads
 Example:
 ```
 AskUserQuestion with:
 - question: "Which beads do you want to work on in parallel?"
 - multiSelect: true
 - options from bd ready output
 ```
 ## Phase 2: Parallel Implementation
 For each selected bead, launch a subagent using the Task tool. All subagents should be launched in parallel (single message with multiple Task tool calls).
 ### Subagent Instructions Template
 Each implementation subagent should receive these instructions:
 ```
 Work on bead [BEAD_ID]: [BEAD_TITLE]
 1. **Create worktree**:
   - Branch name: `bead/[BEAD_ID]`
   - Worktree path: `~/wt/[REPO_NAME]/[BEAD_ID]`
   - Command: `git worktree add -b bead/[BEAD_ID] ~/wt/[REPO_NAME]/[BEAD_ID]`
 2. **Review the bead requirements**:
   - Run `bd show [BEAD_ID]` to understand the acceptance criteria
   - Note any external issue references (GitHub issues, Linear tickets, etc.)
 3. **Implement the changes**:
   - Work in the worktree directory
   - Complete all acceptance criteria listed in the bead
   - Run any relevant tests or checks
 4. **Commit and push**:
   - Stage all changes: `git add -A`
   - Create a descriptive commit message
   - Push the branch: `git push -u origin bead/[BEAD_ID]`
 5. **Create a PR**:
   - Detect hosting provider from origin URL: `git remote get-url origin`
   - If URL contains `github.com`, use `gh`; otherwise use `tea` (Gitea/Forgejo)
   - PR title: "[BEAD_ID] [BEAD_TITLE]"
   - PR body must include:
     - Reference to bead ID: "Implements bead: [BEAD_ID]"
     - Any external issue references from the bead (e.g., "Closes #123")
     - Summary of changes
   - For GitHub (`gh`):
     ```bash
     gh pr create --title "[BEAD_ID] [BEAD_TITLE]" --body "$(cat <<'EOF'
     ## Summary
     [Brief description of changes]
     ## Bead Reference
     Implements bead: [BEAD_ID]
     ## External Issues
     [Any linked issues from the bead]
     ## Changes
     - [List of changes made]
     EOF
     )"
     ```
   - For Gitea (`tea`):
     ```bash
     tea pr create --head bead/[BEAD_ID] --base main \
       --title "[BEAD_ID] [BEAD_TITLE]" \
       --description "## Summary
     [Brief description of changes]
     ## Bead Reference
     Implements bead: [BEAD_ID]
     ## External Issues
     [Any linked issues from the bead]
     ## Changes
     - [List of changes made]"
     ```
 6. **Update bead status**:
   - Mark the bead as "in_review": `bd update [BEAD_ID] --status=in_review`
   - Add the PR URL to the bead notes: `bd update [BEAD_ID] --notes="$(bd show [BEAD_ID] --json | jq -r '.notes')
 PR: [PR_URL]"`
 7. **Report results**:
   - Return: PR URL, bead ID, success/failure status
   - If blocked or unable to complete, explain what's blocking progress
 ```
 ### Launching Subagents
 Use `subagent_type: "general-purpose"` for implementation subagents. Launch all selected beads' subagents in a single message for parallel execution:
 ```
 <Task calls for each selected bead - all in one message>
 ```
 Collect results from all subagents before proceeding.
 ## Phase 3: Parallel Review
 After all implementation subagents complete, launch review subagents for each PR.
 ### Review Subagent Instructions Template
 ```
 Review PR for bead [BEAD_ID]
 1. **Detect hosting provider**: Run `git remote get-url origin` - if it contains `github.com` use `gh`, otherwise use `tea`
 2. **Read the PR**:
   - For GitHub: `gh pr view [PR_NUMBER] --json title,body,additions,deletions,files`
   - For Gitea: `tea pr view [PR_NUMBER]`
   - View the diff: `git diff main...bead/[BEAD_ID]`
 3. **Review against acceptance criteria**:
   - Run `bd show [BEAD_ID]` to get the acceptance criteria
   - Verify each criterion is addressed
 4. **Leave review comments**:
   - For GitHub: `gh pr review [PR_NUMBER] --comment --body "[COMMENTS]"`
   - For Gitea: `tea pr review [PR_NUMBER] --comment "[COMMENTS]"`
   - Include:
     - Acceptance criteria checklist (which are met, which might be missing)
     - Code quality observations
     - Suggestions for improvement
 5. **Return summary**:
   - Overall assessment (ready to merge / needs changes)
   - Key findings
 ```
 Launch all review subagents in parallel.
 ## Phase 4: Cleanup and Summary
 After reviews complete:
 1. **Clean up worktrees**:
   ```bash
   git worktree remove ~/wt/[REPO_NAME]/[BEAD_ID] --force
   ```
   Do this for each bead's worktree.
 2. **Provide final summary**:
   Present a table or list with:
   - Bead ID
   - PR URL
   - Status (success / failed / blocked)
   - Review summary
   - Any failures or blockers encountered
 Example output:
 ```
 ## Parallel Beads Summary
 | Bead | PR | Bead Status | Review |
 |------|-----|-------------|--------|
 | beads-abc | #123 | in_review | Approved |
 | beads-xyz | #124 | in_review | Needs changes |
 | beads-123 | - | open (failed) | Blocked by missing dependency |
 ### Failures/Blockers
 - beads-123: Could not complete because [reason]
 ### Next Steps
 - Review PRs that need changes
 - Address blockers for failed beads
 - Run `/reconcile_beads` after PRs are merged to close beads
 ```
 ## Error Handling
 - **Subagent failures**: If a subagent fails or times out, note it in the summary but continue with other beads
 - **PR creation failures**: Report the error but continue with reviews of successful PRs
 - **Worktree conflicts**: If a worktree already exists, ask the user if they want to remove it or skip that bead
 ## Resource Limits
 - Consider limiting concurrent subagents to 3-5 to avoid overwhelming system resources
 - If user selects more beads than the limit, process them in batches
 ## Notes
 - This workflow integrates with the beads system (`bd` commands)
 - Worktrees are created in `~/wt/[REPO_NAME]/` by convention
 - Each bead gets its own isolated branch and worktree
 - PRs automatically reference the bead ID for traceability
--- a/home/roles/development/skills/reconcile_beads.md
+++ b/home/roles/development/skills/reconcile_beads.md
@@ -1,88 +0,0 @@
 ---
 description: Reconcile beads with merged PRs and close completed beads
 ---
 # Reconcile Beads Workflow
 This skill reconciles beads that are in `in_review` status with their corresponding PRs. If a PR has been merged, the bead is closed.
 ## Prerequisites
 - Custom status `in_review` must be configured: `bd config set status.custom "in_review"`
 - Beads in `in_review` status should have a PR URL in their notes
 ## Workflow
 ### Step 1: Find beads in review
 ```bash
 bd list --status=in_review
 ```
 ### Step 2: For each bead, check PR status
 1. **Get the PR URL from bead notes**:
   ```bash
   bd show [BEAD_ID] --json | jq -r '.[0].notes'
   ```
   Note: `bd show --json` returns an array, so use `.[0]` to access the first element.
   Extract the PR URL (look for lines starting with "PR:" or containing pull request URLs).
   Extract the PR number: `echo "$NOTES" | grep -oP '/pulls/\K\d+'`
 2. **Detect hosting provider**:
   - Run `git remote get-url origin`
   - If URL contains `github.com`, use `gh`; otherwise use `tea` (Gitea/Forgejo)
 3. **Check PR status**:
   - For GitHub:
     ```bash
     gh pr view [PR_NUMBER] --json state,merged
     ```
   - For Gitea:
     ```bash
     tea pr list --state=closed
     ```
     Look for the PR number in the INDEX column with STATE "merged".
     Note: `tea pr view [PR_NUMBER]` lists all PRs, not a specific one. Use `tea pr list --state=closed` and look for your PR number in the results.
 ### Step 3: Close merged beads
 If the PR is merged:
 ```bash
 bd close [BEAD_ID] --reason="PR merged: [PR_URL]"
 ```
 ### Step 4: Report summary
 Present results:
 ```
 ## Beads Reconciliation Summary
 ### Closed (PR Merged)
 | Bead | PR | Title |
 |------|-----|-------|
 | beads-abc | #123 | Feature X |
 | beads-xyz | #456 | Bug fix Y |
 ### Still in Review
 | Bead | PR | Status | Title |
 |------|-----|--------|-------|
 | beads-def | #789 | Open | Feature Z |
 ### Issues Found
 - beads-ghi: No PR URL found in notes
 - beads-jkl: PR #999 not found (may have been deleted)
 ```
 ## Error Handling
 - **Missing PR URL**: Skip the bead and report it
 - **PR not found**: Report the error but continue with other beads
 - **API errors**: Report and continue
 ## Notes
 - This skill complements `/parallel_beads` which sets beads to `in_review` status
 - Run this skill periodically or after merging PRs to keep beads in sync
 - Beads with closed (but not merged) PRs are not automatically closed - they may need rework
--- a/home/roles/emacs/default.nix
+++ b/home/roles/emacs/default.nix
@@ -23,30 +23,13 @@ let
    if pkgs.stdenv.isDarwin
    then pkgs.emacs-macport.pkgs.withPackages emacsPackages
    else pkgs.emacs.pkgs.withPackages emacsPackages;
  # Path to doom config directory (relative to this file)
  doomConfigDir = ./doom;
 in
 {
  options.home.roles.emacs = {
    enable = mkEnableOption "Doom Emacs with vterm and tree-sitter support";
    prebuiltDoom = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Use nix-doom-emacs-unstraightened to pre-build all Doom packages at
        nix build time. This eliminates the need to run `doom sync` after
        first boot, making it ideal for live USB images or immutable systems.
        When enabled, the doom configuration is read-only (stored in nix store).
      '';
    };
  };
-  config = mkIf cfg.enable (mkMerge [
+  config = mkIf cfg.enable {
    # Common configuration for both modes
    {
    home.packages = [
      pkgs.emacs-all-the-icons-fonts
      pkgs.fira-code
@@ -63,16 +46,13 @@ in
      pkgs.python3
    ];
      fonts.fontconfig.enable = true;
    }
    # Standard Doom Emacs mode (requires doom sync at runtime)
    (mkIf (!cfg.prebuiltDoom) {
    programs.emacs = {
      enable = true;
      package = defaultEmacsPackage;
    };
    fonts.fontconfig.enable = true;
    # Mount emacs and tree-sitter grammars from nix store
    home.file = {
      "${config.xdg.configHome}/emacs".source = doomEmacs;
@@ -93,20 +73,5 @@ in
      rm -rf "${config.xdg.configHome}/doom"
      ln -sf "${config.home.homeDirectory}/nixos-configs/home/roles/emacs/doom" "${config.xdg.configHome}/doom"
    '';
    })
    # Pre-built Doom Emacs mode (no doom sync needed - ideal for live USB)
    (mkIf cfg.prebuiltDoom {
      programs.doom-emacs = {
        enable = true;
        doomDir = doomConfigDir;
        doomLocalDir = "${config.xdg.dataHome}/doom";
        # Add extra packages that aren't part of Doom but needed for our config
        extraPackages = epkgs: [
          epkgs.vterm
          epkgs.treesit-grammars.with-all-grammars
        ];
  };
    })
  ]);
 }
--- a/home/roles/emacs/doom/config.el
+++ b/home/roles/emacs/doom/config.el
@@ -211,11 +211,16 @@
        mu4e-headers-time-format "%H:%M")
  ;; Sending mail via msmtp
-  (setq message-send-mail-function 'message-send-mail-with-sendmail
+  ;; NOTE: message-sendmail-f-is-evil and --read-envelope-from are required
-        sendmail-program (executable-find "msmtp")
+  ;; to prevent msmtp from stripping the email body when processing headers.
-        message-sendmail-envelope-from 'header
+  ;; Without these, multipart messages (especially from org-msg) may arrive
-        mail-envelope-from 'header
+  ;; with empty bodies.
-        mail-specify-envelope-from t))
+  (setq sendmail-program (executable-find "msmtp")
        send-mail-function #'message-send-mail-with-sendmail
        message-send-mail-function #'message-send-mail-with-sendmail
        message-sendmail-f-is-evil t
        message-sendmail-extra-arguments '("--read-envelope-from")
        message-sendmail-envelope-from 'header))
 ;; Whenever you reconfigure a package, make sure to wrap your config in an
 ;; `after!' block, otherwise Doom's defaults may override your settings. E.g.
--- a/home/roles/emacs/doom/packages.el
+++ b/home/roles/emacs/doom/packages.el
@@ -51,21 +51,11 @@
 ;; (package! org-caldav)
 ;; Note: Packages with custom recipes must be pinned for nix-doom-emacs-unstraightened
 ;; to build deterministically. Update pins when upgrading packages.
 (package! gptel :recipe (:nonrecursive t))
 (package! claude-code-ide
-  :recipe (:host github :repo "manzaltu/claude-code-ide.el")
+  :recipe (:host github :repo "manzaltu/claude-code-ide.el"))
  :pin "760240d7f03ff16f90ede9d4f4243cd94f3fed73")
 (package! gptel-tool-library
  :recipe (:host github :repo "aard-fi/gptel-tool-library"
-           :files ("*.el"))
+           :files ("*.el")))
  :pin "baffc3b0d74a2b7cbda0d5cd6dd7726d6ccaca83")
 (package! beads
  :recipe (:type git :repo "https://codeberg.org/ctietze/beads.el.git"
           :files ("lisp/*.el"))
  :pin "f40a6461d3c0fa0969311bbb6a1e30d1bba86c88")
--- a/home/roles/starship/default.nix
+++ b/home/roles/starship/default.nix
@@ -1,72 +0,0 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.home.roles.starship;
 in
 {
  options.home.roles.starship = {
    enable = mkEnableOption "starship cross-shell prompt";
  };
  config = mkIf cfg.enable {
    programs.starship = {
      enable = true;
      enableBashIntegration = true;
      enableZshIntegration = true;
      settings = {
        add_newline = true;
        character = {
          success_symbol = "[>](bold green)";
          error_symbol = "[x](bold red)";
          vimcmd_symbol = "[<](bold green)";
        };
        directory = {
          truncation_length = 4;
          truncate_to_repo = true;
        };
        git_branch = {
          symbol = "";
          format = "[$symbol$branch(:$remote_branch)]($style) ";
        };
        git_status = {
          format = "([$all_status$ahead_behind]($style) )";
        };
        nix_shell = {
          symbol = "";
          format = "[$symbol$state( \\($name\\))]($style) ";
        };
        cmd_duration = {
          min_time = 2000;
          format = "[$duration]($style) ";
        };
        # Disable modules that are noisy or rarely needed
        package.disabled = true;
        nodejs.disabled = true;
        python.disabled = true;
        ruby.disabled = true;
        java.disabled = true;
        golang.disabled = true;
        rust.disabled = true;
        php.disabled = true;
        lua.disabled = true;
        perl.disabled = true;
        terraform.disabled = true;
        kubernetes.disabled = true;
        docker_context.disabled = true;
        aws.disabled = true;
        gcloud.disabled = true;
        azure.disabled = true;
      };
    };
  };
 }
--- a/machines/john-endesktop/MIGRATION_PLAN.md
+++ b/machines/john-endesktop/MIGRATION_PLAN.md
@@ -170,7 +170,6 @@ This document outlines the plan to migrate the john-endesktop server from Arch L
   ```bash
   blkid /dev/nvme0n1p5
   # Note the UUID for updating hardware-configuration.nix
 /dev/nvme0n1p5: LABEL="nixos" UUID="5f4ad025-bfab-4aed-a933-6638348059e5" UUID_SUB="4734d820-7b8a-4b7f-853a-026021c1d204" BLOCK_SIZE="4096" TYPE="btrfs" PARTLABEL="data" PARTUUID="9ea025df-cdb7-48fd-b5d4-37cd5d8588eb"
   ```
 8. **Copy your NixOS configuration to the server**
@@ -389,11 +388,11 @@ After successful migration and 24-48 hours of stable operation:
 Pre-migration:
 - [x] nvme0n1p5 removal from media pool complete
- [x] Recent backup verified (< 24 hours)
+- [ ] Recent backup verified (< 24 hours)
- [x] Maintenance window scheduled
+- [ ] Maintenance window scheduled
- [x] NixOS ISO downloaded
+- [ ] NixOS ISO downloaded
- [x] Bootable USB created
+- [ ] Bootable USB created
- [x] NixOS config builds successfully
+- [ ] NixOS config builds successfully
 During migration:
 - [ ] ZFS pools exported
--- a/machines/wixos/configuration.nix
+++ b/machines/wixos/configuration.nix
@@ -0,0 +1,62 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 # NixOS-WSL specific options are documented on the NixOS-WSL repository:
 # https://github.com/nix-community/NixOS-WSL
 { config, lib, pkgs, ... }:
 {
  imports = [
  ];
  roles = {
    audio.enable = true;
    desktop = {
      enable = true;
      wayland = true;
    };
    users.enable = true;
  };
  networking.hostName = "wixos";
  wsl.enable = true;
  wsl.defaultUser = "johno";
  wsl.startMenuLaunchers = true;
  wsl.useWindowsDriver = true;
  wsl.wslConf.network.hostname = "wixos";
  wsl.wslConf.user.default = "johno";
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.graphics = { 
    enable = true;
    extraPackages = with pkgs; [
      mesa
      libvdpau-va-gl
      libva-vdpau-driver
    ];
  };
  environment.sessionVariables = {
    LD_LIBRARY_PATH = [
      "/usr/lib/wsl/lib"
      "/run/opengl-driver/lib"
    ];
  };
  hardware.nvidia = {
    modesetting.enable = true;
    nvidiaSettings = true;
    open = true;
    package = config.boot.kernelPackages.nvidiaPackages.latest;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?
 }
--- a/machines/zix790prors/configuration.nix
+++ b/machines/zix790prors/configuration.nix
@@ -26,10 +26,7 @@ with lib;
      x11 = true;
    };
    nfs-mounts.enable = true;
-    nvidia = {
+    nvidia.enable = true;
      enable = true;
      graphics.enable32Bit = true;
    };
    printing.enable = true;
    remote-build.enableBuilder = true;
    users.enable = true;
@@ -50,11 +47,27 @@ with lib;
  # Fix dual boot clock sync - tell Linux to use local time for hardware clock
  time.hardwareClockInLocalTime = true;
  # NVIDIA Graphics configuration
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.graphics.enable = true;
  hardware.graphics.enable32Bit = true;
  # Set DP-0 as primary display with 164.90Hz refresh rate
  services.xserver.displayManager.sessionCommands = ''
    ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 164.90 --primary
  '';
  hardware.nvidia = {
    modesetting.enable = true;
    nvidiaSettings = true;
    package = pkgs.linuxPackages.nvidiaPackages.stable;
    open = true;
    # For gaming performance
    powerManagement.enable = false;
    powerManagement.finegrained = false;
  };
  services.ollama = {
    enable = true;
    acceleration = "cuda";
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -1,5 +1,6 @@
 { pkgs, ... }:
 {
  vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
  tea-rbw = pkgs.callPackage ./tea-rbw {};
  app-launcher-server = pkgs.callPackage ./app-launcher-server {};
  claude-code = pkgs.callPackage ./claude-code {};
--- a/packages/vulkan-hdr-layer/default.nix
+++ b/packages/vulkan-hdr-layer/default.nix
@@ -0,0 +1,34 @@
 { lib, stdenv, fetchFromGitHub, meson, pkg-config, vulkan-loader, ninja, writeText, vulkan-headers, vulkan-utility-libraries,  jq, libX11, libXrandr, libxcb, wayland, wayland-scanner }:
 stdenv.mkDerivation rec {
  pname = "vulkan-hdr-layer";
  version = "63d2eec";
  src = (fetchFromGitHub {
    owner = "Zamundaaa";
    repo = "VK_hdr_layer";
    rev = "869199cd2746e7f69cf19955153080842b6dacfc";
    fetchSubmodules = true;
    hash = "sha256-xfVYI+Aajmnf3BTaY2Ysg5fyDO6SwDFGyU0L+F+E3is=";
  }).overrideAttrs (_: {
    GIT_CONFIG_COUNT = 1;
    GIT_CONFIG_KEY_0 = "url.https://github.com/.insteadOf";
    GIT_CONFIG_VALUE_0 = "git@github.com:";
  });
  nativeBuildInputs = [ vulkan-headers meson ninja pkg-config jq ];
  buildInputs = [ vulkan-headers vulkan-loader vulkan-utility-libraries libX11 libXrandr libxcb wayland wayland-scanner ];
  # Help vulkan-loader find the validation layers
  setupHook = writeText "setup-hook" ''
    addToSearchPath XDG_DATA_DIRS @out@/share
  '';
  meta = with lib; {
    description = "Layers providing Vulkan HDR";
    homepage = "https://github.com/Zamundaaa/VK_hdr_layer";
    platforms = platforms.linux;
    license = licenses.mit;
  };
 }
--- a/roles/common.nix
+++ b/roles/common.nix
@@ -1,35 +0,0 @@
 # Common configuration shared between NixOS and Darwin
 { lib, pkgs, ... }:
 {
  config = {
    time.timeZone = "America/Los_Angeles";
    environment.systemPackages = with pkgs; [
      git
      glances
      pciutils
      tree
      usbutils
      vim
    ];
    nix = {
      package = pkgs.nix;
      settings = {
        experimental-features = [ "nix-command" "flakes" ];
        max-jobs = "auto";
        trusted-users = [ "johno" ];
        substituters = [
        ];
      };
      gc = {
        automatic = true;
        options = "--delete-older-than 10d";
      };
    };
    nixpkgs.config.allowUnfree = true;
  };
 }
--- a/roles/darwin.nix
+++ b/roles/darwin.nix
@@ -7,10 +7,6 @@ let
  setEnvironmentPath = "${config.system.build.setEnvironment}";
 in
 {
  imports = [
    ./common.nix
  ];
  config = {
    # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
    # nix-darwin writes to .local variants for nix-specific configuration
@@ -47,6 +43,8 @@ in
      fi
    '';
    time.timeZone = "America/Los_Angeles";
    # System preferences
    system.defaults = {
      # Custom keyboard shortcuts
@@ -81,5 +79,42 @@ in
        };
      };
    };
    environment.systemPackages = with pkgs; [
      git
      glances
      pciutils
      tree
      usbutils
      vim
    ];
    nix = {
      package = pkgs.nix;
      # distributedBuilds = true;
      # buildMachines = [{
      #   hostName = "z790prors.oglehome";
      #   system = "x86_64-linux";
      #   protocol = "ssh-ng";
      #   sshUser = "johno";
      #   sshKey = "/root/.ssh/id_ed25519";
      #   maxJobs = 3;
      #   speedFactor = 2;
      # }];
      settings = {
        experimental-features = [ "nix-command" "flakes" ];
        max-jobs = "auto";
        trusted-users = [ "johno" ];
        substituters = [
        ];
      };
      gc = {
        automatic = true;
        options = "--delete-older-than 10d";
      };
    };
    nixpkgs.config.allowUnfree = true;
  };
 }
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -4,7 +4,6 @@ with lib;
 {
  imports = [
    ./common.nix
    ./audio
    ./bluetooth
    ./btrfs
@@ -32,6 +31,7 @@ with lib;
      LC_TELEPHONE = "en_US.UTF-8";
      LC_TIME = "en_US.UTF-8";
    };
    time.timeZone = "America/Los_Angeles";
    services.xserver.xkb = {
      layout = "us";
@@ -49,7 +49,42 @@ with lib;
    # Enable the OpenSSH daemon.
    services.openssh.enable = true;
-    # NixOS-specific gc option (not available on Darwin)
+    environment.systemPackages = with pkgs; [
-    nix.gc.randomizedDelaySec = "14m";
+      git
      glances
      pciutils
      tree
      usbutils
      vim
    ];
    nix = {
      package = pkgs.nix;
      # distributedBuilds = true;
      # buildMachines = [{
      #   hostName = "z790prors.oglehome";
      #   system = "x86_64-linux";
      #   protocol = "ssh-ng";
      #   sshUser = "johno";
      #   sshKey = "/root/.ssh/id_ed25519";
      #   maxJobs = 3;
      #   speedFactor = 2;
      # }];
      settings = {
        experimental-features = [ "nix-command" "flakes" ];
        max-jobs = "auto";
        trusted-users = [ "johno" ];
        substituters = [
        ];
      };
      gc = {
        automatic = true;
        randomizedDelaySec = "14m";
        options = "--delete-older-than 10d";
      };
    };
    nixpkgs.config.allowUnfree = true;
  };
 }
--- a/roles/nvidia/default.nix
+++ b/roles/nvidia/default.nix
@@ -8,89 +8,9 @@ in
 {
  options.roles.nvidia = {
    enable = mkEnableOption "Enable the nvidia role";
    # Driver configuration options
    open = mkOption {
      type = types.bool;
      default = true;
      description = "Use the open source nvidia kernel driver (for Turing and newer GPUs).";
    };
    modesetting = mkOption {
      type = types.bool;
      default = true;
      description = "Enable kernel modesetting for nvidia.";
    };
    nvidiaSettings = mkOption {
      type = types.bool;
      default = true;
      description = "Enable the nvidia-settings GUI.";
    };
    package = mkOption {
      type = types.enum [ "stable" "latest" "beta" "vulkan_beta" "production" ];
      default = "stable";
      description = "The nvidia driver package to use.";
    };
    powerManagement = {
      enable = mkOption {
        type = types.bool;
        default = false;
        description = "Enable nvidia power management (useful for laptops, not recommended for desktops).";
      };
      finegrained = mkOption {
        type = types.bool;
        default = false;
        description = "Enable fine-grained power management for Turing and newer GPUs.";
      };
    };
    graphics = {
      enable = mkOption {
        type = types.bool;
        default = true;
        description = "Enable hardware graphics support.";
      };
      enable32Bit = mkOption {
        type = types.bool;
        default = false;
        description = "Enable 32-bit graphics libraries (needed for some games).";
      };
      extraPackages = mkOption {
        type = types.listOf types.package;
        default = [];
        description = "Extra packages to add to hardware.graphics.extraPackages.";
      };
    };
  };
  config = mkIf cfg.enable {
    # Set xserver video driver
    services.xserver.videoDrivers = [ "nvidia" ];
    # Graphics configuration
    hardware.graphics = {
      enable = cfg.graphics.enable;
      enable32Bit = cfg.graphics.enable32Bit;
      extraPackages = cfg.graphics.extraPackages;
    };
    # NVIDIA driver configuration
    hardware.nvidia = {
      modesetting.enable = cfg.modesetting;
      nvidiaSettings = cfg.nvidiaSettings;
      open = cfg.open;
      package = config.boot.kernelPackages.nvidiaPackages.${cfg.package};
      powerManagement.enable = cfg.powerManagement.enable;
      powerManagement.finegrained = cfg.powerManagement.finegrained;
    };
    # Additional packages for nvidia support
    environment.systemPackages = with pkgs; [
      libva-utils
      nvidia-vaapi-driver
--- a/scripts/build-liveusb.sh
+++ b/scripts/build-liveusb.sh
@@ -1,22 +0,0 @@
 #!/usr/bin/env bash
 # Build Live USB ISO from flake configuration
 # Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
 # Usage: nix run .#build-liveusb
 # Or: ./scripts/build-liveusb.sh
 set -euo pipefail
 REPO_ROOT="${REPO_ROOT:-$(git rev-parse --show-toplevel 2>/dev/null || pwd)}"
 echo "Building Live USB ISO..."
 nix build "${REPO_ROOT}#nixosConfigurations.live-usb.config.system.build.isoImage" --show-trace
 if ls "${REPO_ROOT}/result/iso/"*.iso 1> /dev/null 2>&1; then
    iso_file=$(ls "${REPO_ROOT}/result/iso/"*.iso)
    echo "Build complete!"
    echo "ISO location: $iso_file"
    echo "Ready for Ventoy or dd to USB"
 else
    echo "Build failed - no ISO file found"
    exit 1
 fi