[nix-book] Update drive UUID

I'm standardizing on bitwarden and rbw for secrets. No need to build out
a separate secret management system. The complexity of this was just not
worth it for my effectively single-user workflows

.goosehints

@@ -7,7 +7,6 @@ This repository hosts modular and reproducible NixOS configurations managed via
 
 Directory Structure:
 ----------------------
-• secrets/       - Confidential data (passwords, keys, etc.) required for system configuration.
 • packages/      - Custom Nix packages leveraged across various configurations.
 • roles/         - Role-based configurations (e.g., kodi, bluetooth) each with its own module (default.nix) for inclusion in machine setups.
 • machines/      - Machine-specific configurations (e.g., nix-book, z790prors, boxy, wixos) including configuration.nix and hardware-configuration.nix tailored for each hardware.

.sops.yaml

@@ -1,11 +0,0 @@
-keys:
-  - &admin_johno age1ls6a033d4p4u8h4rwazjwt8w4c4xg73wq0mdnm64jajxzcz4k9asvjnks3
-  - &host_z790prors age12l5u7sw59u5pkwp83qm8t3ff7uv0ld2c9k3zh5j4ame9k2szcynqu7ftqe
-  - &host_nixbook age1fa3zqavfmqk4ssa22yne9td90gyqv9q5a8y0s8jp3xak8q7p3yjqyn7rkg
-creation_rules:
-  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
-    key_groups:
-      - age:
-          - *admin_johno
-          - *host_z790prors
-          - *host_nixbook

CLAUDE.md

@@ -0,0 +1,110 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Overview
+
+This is a NixOS configuration repository using flakes, managing multiple machines and home-manager configurations. The repository follows a modular architecture with reusable "roles" that can be composed for different machines.
+
+## Architecture
+
+### Flake Structure
+- **flake.nix**: Main entry point defining inputs (nixpkgs, home-manager, plasma-manager, etc.) and outputs for multiple NixOS configurations
+- **Machines**: `nix-book`, `boxy`, `wixos` (WSL configuration)
+- **Home configurations**: Standalone home-manager configuration for user `johno`
+
+### Directory Structure
+- `machines/`: Machine-specific configurations with hardware-configuration.nix
+- `roles/`: Modular system configurations (audio, bluetooth, desktop, users, etc.)
+- `home/`: Home Manager configurations and user-specific modules
+- `home/modules/`: User environment modules (emacs, i3+sway, plasma-manager, tmux)
+- `packages/`: Custom package definitions
+
+### Role-Based Configuration System
+The repository uses a custom "roles" system where each role is a NixOS module with enable options:
+- `roles.desktop`: Desktop environment with sub-options for X11, Wayland, KDE, gaming, SDDM
+- `roles.audio`: Audio configuration
+- `roles.bluetooth`: Bluetooth support
+- `roles.users`: User account management
+- `roles.virtualisation`: Virtualization setup
+- `roles.kodi`: Kodi media center
+
+Example role usage in machine configuration:
+```nix
+roles = {
+  audio.enable = true;
+  desktop = {
+    enable = true;
+    gaming = true;
+    kde = true;
+    wayland = true;
+  };
+  users.enable = true;
+};
+```
+
+## Common Commands
+
+### Building and Switching Configurations
+```bash
+# Build and switch to a specific machine configuration
+sudo nixos-rebuild switch --flake .#<hostname>
+
+# Build without switching
+nixos-rebuild build --flake .#<hostname>
+
+# Build home-manager configuration only
+home-manager switch --flake .#johno
+```
+
+### Available Machine Configurations
+- `nix-book`: Uses `home/home-nix-book.nix`
+- `boxy`: Gaming desktop with AMD GPU, uses `home/home.nix`
+- `wixos`: WSL configuration, uses `home/home.nix`
+
+### Flake Operations
+```bash
+# Update flake inputs
+nix flake update
+
+# Check flake
+nix flake check
+
+# Show flake info
+nix flake show
+```
+
+### Bootstrap New Machine
+Use the provided bootstrap script:
+```bash
+sudo ./bootstrap.sh <hostname>
+```
+This script pulls from the remote git repository and applies the configuration.
+
+## Development Workflow
+
+### Adding New Machines
+1. Create new directory in `machines/<hostname>/`
+2. Add `configuration.nix` with role assignments
+3. Include hardware-configuration.nix (generated by nixos-generate-config)
+4. Add nixosConfiguration to flake.nix outputs
+
+### Adding New Roles
+1. Create directory in `roles/<role-name>/`
+2. Create `default.nix` with module definition using mkEnableOption
+3. Add role import to `roles/default.nix`
+4. Configure role options in machine configurations
+
+### Home Manager Modules
+- Located in `home/modules/`
+- Each module has its own `default.nix`
+- Imported in main home configuration files
+
+## Key Configuration Details
+
+- **Experimental features**: nix-command and flakes are enabled
+- **User**: Primary user is `johno` with trusted-user privileges
+- **Locale**: en_US.UTF-8, America/Los_Angeles timezone
+- **SSH**: OpenSSH enabled on all configurations
+- **Garbage collection**: Automatic, deletes older than 10 days
+- **Unfree packages**: Allowed globally

flake.lock

@@ -137,28 +137,7 @@
         "home-manager": "home-manager",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
-        "plasma-manager": "plasma-manager",
-        "sops-nix": "sops-nix"
-      }
-    },
-    "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1751606940,
-        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
+        "plasma-manager": "plasma-manager"
       }
     }
   },

flake.nix

@@ -5,11 +5,6 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
 
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -30,7 +25,6 @@
   outputs = { self, nixpkgs, nixos-wsl, ... } @ inputs: let
     baseModules = [
       ./roles
-      inputs.sops-nix.nixosModules.sops
       inputs.home-manager.nixosModules.home-manager
       {
         home-manager.useGlobalPkgs = true;

home/home.nix

@@ -39,6 +39,7 @@ in
     # '')
 
     pkgs.bitwarden
+    pkgs.claude-code
     pkgs.codex
     pkgs.dunst
     pkgs.element-desktop
@@ -55,7 +56,7 @@ in
     pkgs.moonlight-qt
     pkgs.ncdu
     pkgs.nextcloud-talk-desktop
-    #pkgs.openscad-unstable
+    pkgs.openscad-unstable
     pkgs.pandoc
     #pkgs.pinentry-qt
     #pkgs.pytest
@@ -67,6 +68,10 @@ in
     pkgs.wofi
     pkgs.vlc
 
+    ## Kubernetes cluster management
+    pkgs.kubectl
+    pkgs.kubernetes-helm
+
     globalInputs.google-cookie-retrieval.packages.${system}.default
   ];
 

machines/nix-book/configuration.nix

@@ -15,7 +15,7 @@
     desktop = {
       enable = true;
       wayland = true;
-      gaming = true;
+      gaming = false;
       kde = true;
       sddm = true;
     };
@@ -39,6 +39,15 @@
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
+  # Btrfs deduplication service
+  services.beesd.filesystems = {
+    root = {
+      spec = "/";
+      hashTableSizeMB = 32;  # 128MB per TB recommended, ~225GB = ~32MB
+      verbosity = "err";     # Only show actual problems
+    };
+  };
+
   # Enable networking
   networking.networkmanager.enable = true;
 

machines/nix-book/hardware-configuration.nix

@@ -14,8 +14,12 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/bd396529-e2c4-47cb-b844-8d6ed841f81a";
-      fsType = "ext4";
+    { device = "/dev/disk/by-uuid/223a44e5-91e2-4272-830e-129166042a1d";
+      fsType = "btrfs";
+      options = [ 
+        "compress=zstd"  # Enable zstd compression for space savings
+        "noatime"        # Don't update access times for performance
+      ];
     };
 
   boot.initrd.luks.devices."luks-4126fbd4-bd09-4ece-af0d-6fff414c21b3".device = "/dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3";

machines/nix-book/nixbook-btrfs-migration.md

@@ -0,0 +1,223 @@
+# NixBook ext4 to btrfs Migration Guide
+
+## Overview
+This guide converts your nixbook machine from ext4 to btrfs with zstd compression and beesd deduplication while preserving your LUKS encryption and all data.
+
+## Current System Info
+- **Hostname**: nix-book
+- **Root filesystem**: ext4 on `/dev/disk/by-uuid/bd396529-e2c4-47cb-b844-8d6ed841f81a`
+- **Encryption**: LUKS with two devices configured
+- **Current usage**: 138GB used / 225GB total (65% full)
+- **Free space**: 76GB available (sufficient for conversion)
+
+## Pre-Migration Checklist
+
+### 1. Create Full System Backup (CRITICAL)
+```bash
+# Boot from NixOS live USB
+# Mount encrypted filesystem
+cryptsetup luksOpen /dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3 luks-nixbook
+mount /dev/mapper/luks-nixbook /mnt
+
+# Create backup to external drive (adjust target as needed)
+rsync -avxHAX --progress /mnt/ /path/to/backup/nixbook-backup/
+```
+
+### 2. Verify Configuration Changes
+The following files have been updated for btrfs:
+- `machines/nix-book/configuration.nix` - Added beesd service
+- `machines/nix-book/hardware-configuration.nix` - Changed fsType to btrfs with compression
+
+## Migration Process
+
+### Phase 1: Boot to Live Environment
+1. **Create NixOS live USB**:
+   ```bash
+   # Download latest NixOS ISO
+   # Flash to USB drive
+   dd if=nixos-minimal-xx.xx-x86_64-linux.iso of=/dev/sdX bs=4M status=progress
+   ```
+
+2. **Boot from live USB** and ensure you can access the encrypted drives
+
+### Phase 2: Filesystem Conversion
+3. **Unlock LUKS volumes**:
+   ```bash
+   cryptsetup luksOpen /dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3 luks-nixbook
+   cryptsetup luksOpen /dev/disk/by-uuid/b614167b-9045-4234-a441-ac6f60a96d81 luks-nixbook2
+   ```
+
+4. **Check filesystem before conversion**:
+   ```bash
+   fsck.ext4 -f /dev/mapper/luks-nixbook
+   ```
+
+5. **Convert ext4 to btrfs** (this preserves all data):
+   ```bash
+   # Install btrfs-progs if not available
+   nix-shell -p btrfs-progs
+
+   # Convert the filesystem (takes 15-45 minutes depending on data)
+   btrfs-convert /dev/mapper/luks-nixbook
+   
+   # Verify conversion succeeded
+   mount /dev/mapper/luks-nixbook /mnt
+   ls -la /mnt  # Should show your normal filesystem
+   btrfs filesystem show /mnt
+   ```
+
+6. **Get new filesystem UUID** (may have changed):
+   ```bash
+   blkid /dev/mapper/luks-nixbook
+   # Note the new UUID if it changed
+   ```
+
+### Phase 3: Configuration Update
+7. **Mount and chroot into system**:
+   ```bash
+   mount -o compress=zstd,noatime /dev/mapper/luks-nixbook /mnt
+   mount /dev/disk/by-uuid/7A0B-CF88 /mnt/boot
+   nixos-enter --root /mnt
+   ```
+
+8. **Update hardware-configuration.nix** if UUID changed:
+   ```bash
+   # Edit /etc/nixos/hardware-configuration.nix if needed
+   # Update the UUID in fileSystems."/" section
+   ```
+
+9. **Rebuild system with btrfs configuration**:
+   ```bash
+   cd /home/johno/nixos-configs
+   nixos-rebuild switch --flake .#nix-book
+   ```
+
+### Phase 4: Enable Compression and Deduplication
+10. **Reboot into new btrfs system**:
+    ```bash
+    exit  # Exit chroot
+    umount -R /mnt
+    reboot
+    ```
+
+11. **Verify btrfs is working**:
+    ```bash
+    mount | grep btrfs
+    btrfs filesystem usage /
+    ```
+
+12. **Enable and start beesd**:
+    ```bash
+    systemctl status beesd-root
+    systemctl start beesd-root
+    systemctl enable beesd-root
+    ```
+
+13. **Force compression on existing files** (optional but recommended):
+    ```bash
+    # This will compress existing files with zstd
+    btrfs filesystem defragment -r -czstd /
+    ```
+
+## Post-Migration Verification
+
+### Check System Health
+```bash
+# Verify btrfs health
+btrfs scrub start /
+btrfs scrub status /
+
+# Check compression effectiveness
+compsize /
+
+# Monitor beesd deduplication
+journalctl -u beesd-root -f
+
+# Check filesystem usage
+btrfs filesystem usage /
+df -h /
+```
+
+### Performance Monitoring
+```bash
+# Monitor beesd hash table
+ls -lh /.beeshash
+
+# Check compression ratio over time
+compsize /home /nix /var
+```
+
+## Expected Benefits
+
+### Space Savings
+- **Compression**: 20-30% reduction in disk usage from zstd
+- **Deduplication**: Additional 10-20% savings on duplicate files
+- **Combined**: Potentially 30-40% total space savings
+
+### Performance Impact
+- **Compression**: Minimal CPU overhead, often improves I/O performance
+- **Deduplication**: Background process, minimal impact during normal use
+- **Overall**: Should be neutral to positive performance impact
+
+## Rollback Plan (Emergency)
+
+If something goes wrong:
+
+1. **Boot from live USB**
+2. **Restore from backup**:
+   ```bash
+   cryptsetup luksOpen /dev/disk/by-uuid/4126fbd4-bd09-4ece-af0d-6fff414c21b3 luks-nixbook
+   mkfs.ext4 /dev/mapper/luks-nixbook
+   mount /dev/mapper/luks-nixbook /mnt
+   rsync -avxHAX --progress /path/to/backup/nixbook-backup/ /mnt/
+   ```
+3. **Restore original hardware-configuration.nix** with ext4 settings
+4. **Rebuild and reboot**
+
+## Troubleshooting
+
+### Common Issues
+
+**"Device busy" during conversion**:
+- Ensure no processes are accessing the filesystem
+- Check with `lsof` and `fuser`
+
+**UUID changed after conversion**:
+- Update hardware-configuration.nix with new UUID
+- Regenerate initrd: `nixos-rebuild switch`
+
+**Beesd service fails to start**:
+- Check disk space for hash table
+- Verify filesystem is btrfs: `mount | grep btrfs`
+- Check logs: `journalctl -u beesd-root`
+
+**Boot issues after conversion**:
+- Boot from live USB
+- Check /boot partition is mounted correctly
+- Verify LUKS UUIDs match in configuration
+- Rebuild bootloader: `nixos-rebuild switch --install-bootloader`
+
+## Maintenance
+
+### Regular Tasks
+```bash
+# Monthly scrub (checks for corruption)
+btrfs scrub start /
+
+# Monitor compression effectiveness
+compsize /
+
+# Check beesd deduplication status
+systemctl status beesd-root
+```
+
+### Space Management
+```bash
+# Balance filesystem (defragments and optimizes)
+btrfs balance start -dusage=50 /
+
+# Check for space issues
+btrfs filesystem usage /
+```
+
+This migration preserves all your data while gaining the benefits of modern btrfs features including transparent compression and automatic deduplication.

machines/wixos/configuration.nix

@@ -17,6 +17,7 @@
       enable = true;
       wayland = true;
     };
+    users.enable = true;
   };
 
   networking.hostName = "wixos";

roles/default.nix

@@ -10,7 +10,6 @@ with lib;
     ./kodi
     ./nfs-mounts
     ./printing
-    ./secrets
     ./spotifyd
     ./users
     ./virtualisation

roles/kodi/default.nix

@@ -42,6 +42,8 @@ in
         wget
       ];
 
+      programs.kdeconnect.enable = true;
+
       services = if cfg.autologin then {
           displayManager = {
             autoLogin.enable = true;

roles/printing/default.nix

@@ -19,5 +19,12 @@ in
         nssmdns4 = true;
         openFirewall = true;
       };
+
+      hardware.printers.ensurePrinters = [{
+        name = "MFC-L8900CDW_series";
+        deviceUri = "dnssd://Brother%20MFC-L8900CDW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-b422006699d8";
+        model = "everywhere";
+      }];
+      hardware.printers.ensureDefaultPrinter = "MFC-L8900CDW_series";
     };
 }

roles/secrets/default.nix

@@ -1,8 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
-  sops.defaultSopsFormat = "yaml";
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" "/home/johno/.ssh/id_ed25519" ];
-  sops.secrets.example_key = {};
-}

secrets/secrets.yaml

@@ -1,48 +0,0 @@
-hello: ENC[AES256_GCM,data:5ZpbPx3D8gQc1fOhViUqiCr0zLWYotB+vIBixqTbqP9XLS52y6tr5DXus0aV9mTgka5deqc=,iv:yPJaCqDD9WD56swfBjSm7A62ZTTIQDqyAKOgP1ese+U=,tag:bo8+7Ne2f9aEZSvpkt1fzA==,type:str]
-example_key: ENC[AES256_GCM,data:v15bEcb0H3vaj13blg==,iv:9P3IA7ChBamo41VE8G8tj46sZqeijsO1LcvwLtEPVPA=,tag:o/lAyAYYGNLP9EjQNa/K8Q==,type:str]
-example_array:
-    - ENC[AES256_GCM,data:3Vwa7dfNfKzRc/xpk6I=,iv:IevBgxwWdaBvZY1ywteWcfWwDIA8lK3FTWs67lLBKxw=,tag:Mx5lzUeNZ/3wJBWAl5XSBw==,type:str]
-    - ENC[AES256_GCM,data:epkT6WPGW5Oe/S+4HtU=,iv:N0yoDuieAaEi+NuCoCL4zrkhaDDdkttboI89m+UccjQ=,tag:OoERRByb0OM4un9oGLJQgA==,type:str]
-#ENC[AES256_GCM,data:YzMFXxn3sbbHpGB4jPRtRw==,iv:TN6ogQuH7c6xtDoWt0Ew9B2f7wuaipJynvscZmaJYoU=,tag:No0UwEktEyMNBg/46P+Zmg==,type:comment]
-example_number: ENC[AES256_GCM,data:jmLoVC+8YIlB2A==,iv:u9GztD/aE9UN5zWq3Am2nhYwmYt3sf8sy65MHbhVoD0=,tag:wKuf1mMr5XBJveJrz0uHPA==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:ZacILA==,iv:xo+7aFFQXzbJzKDY0mYTeFLf10AlnHkywDRAMHeprEM=,tag:F/OnJdqjrZP02sTLWLmnbg==,type:bool]
-    - ENC[AES256_GCM,data:NaFrvrs=,iv:kKDmGs9u/w5qrZ/379Jlx8AotUVADvH+eHwHCqykmkE=,tag:nD9TsmkXUm4ABaT1ABWmcg==,type:bool]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1ls6a033d4p4u8h4rwazjwt8w4c4xg73wq0mdnm64jajxzcz4k9asvjnks3
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjak9vRVJtVmJoanhEZ0hQ
-            MFJwMEE4UDcrRkdPRmZ6R09FSDY1aTk3Y1dNClZJYXRLNU5senR3Qzh6VmZGMlhu
-            bnl6VjlaUEFISnBtSTVrcEd0ZjI5Q2MKLS0tIFl1b3A5ZWVqc1gvWVZnZis0ZHFk
-            bWhnNVB2TUJ4YzY4NHdSVXhPc3dReTgKWRYBbBE3+oGsRNw1CROhFY+btENbShfv
-            gw3IdW7OoZV6JpJBOcI82eOuOkIxrmgSGDGeyy10/a5MA/cB1umm+w==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age12l5u7sw59u5pkwp83qm8t3ff7uv0ld2c9k3zh5j4ame9k2szcynqu7ftqe
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcmV3TDlNL2Zxb0h5QTYx
-            QkVmczA0MDc2ZnpNNU1YeFVzSXJwc3RWUmk4CjF4bHIrVU9VM3htTUxGZ2FUR256
-            UEovdVV2cmNIbkloS1VobTNFSDVyRG8KLS0tIEFhUk5kL3hCNGs4MGJBTmNJaVFm
-            b2ZBUGJ1K0lKTitKYTRUMWszQzhBU0UKBaM6t6JmWfiG+wPorGea1gqvV5RSIPyw
-            6yb2PcH2oZ0HrjJM5sjfu7XOWY3KneiZZikR1BpD5KvevfagWTSR/w==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1fa3zqavfmqk4ssa22yne9td90gyqv9q5a8y0s8jp3xak8q7p3yjqyn7rkg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMFJiNjVOb0lTcmJ3VnhH
-            WlRKZERRZFM3TFZBZGNSZC9GdHlHakMza21zClJ3SDdFUkVRc3oyVVU3WEtDQzBu
-            OEFqS3NwbHZFUlpCYlN6RW84N0F1amcKLS0tIHFZK21aTHdwZ2dWbVRrWEZDWFZj
-            aU1IQzdTMVhnbHhsNENwMG05dXhOU2MK8fEJea9sL5JLgltVlTI6mRDb+Tl83Iz7
-            4wPYvo68cn8vimXqSk45ldHRrNa3zhYai3CalQaGtDT3fkWGvSq0zQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-28T15:44:39Z"
-    mac: ENC[AES256_GCM,data:YUi+AbS6DQTmrSyOXsbkZWfWaMyKGR8fYm/MHcxmqChi8hng+UWHBZjsLBe6ef/FLH3rnP6bhfwK8KYnVS6fHvHahoqIq/BHydTsqrclnSgRAGl8Lh0yuhwISNRvP1AuW5pd50sdQaS0uGOtzOCharI/pZ9H+cmt2SB5WOCdeLs=,iv:2nBG6it3tNSLSia8hGzCcesuK9QwzB9EzfjWegjQ2kw=,tag:RGGPAPw/rQKhWA2OqLjTJw==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.0