feat(emacs): Add prebuilt Doom option using nix-doom-emacs-unstraightened

Implement pre-built Doom Emacs packages for the live USB image, eliminating
the need to run `doom sync` after first boot.

Changes:
- Add nix-doom-emacs-unstraightened flake input
- Add homeModule to all three module sets (nixos, unstable, darwin)
- Add `prebuiltDoom` option to emacs role (default: false)
- Enable prebuiltDoom for live-usb configuration
- Pin custom packages in packages.el for deterministic builds:
  - claude-code-ide, gptel-tool-library, beads

When prebuiltDoom=true, all Doom packages are compiled at nix build time
using emacs-overlay. The doom configuration is stored in the nix store
(read-only), and no `doom sync` is required at runtime.

This is ideal for:
- Live USB images
- Immutable/reproducible systems
- Offline deployments

Closes: nixos-configs-1wd

flake.lock

@@ -21,6 +21,45 @@
         "type": "github"
       }
     },
+    "doomemacs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1767773143,
+        "narHash": "sha256-QL/t9v2kFNxBDyNJb/s411o3mxujan+QX5IZglTdpTk=",
+        "owner": "doomemacs",
+        "repo": "doomemacs",
+        "rev": "3e15fb36d7f94f0a218bda977be4d3f5da983a71",
+        "type": "github"
+      },
+      "original": {
+        "owner": "doomemacs",
+        "repo": "doomemacs",
+        "type": "github"
+      }
+    },
+    "emacs-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-doom-emacs-unstraightened"
+        ],
+        "nixpkgs-stable": [
+          "nix-doom-emacs-unstraightened"
+        ]
+      },
+      "locked": {
+        "lastModified": 1768011937,
+        "narHash": "sha256-SnU2XTo34vwVaijs+4VwcXTNwMWO4nwzzs08N39UagA=",
+        "owner": "nix-community",
+        "repo": "emacs-overlay",
+        "rev": "79abf71d9897cf3b5189f7175cda1b1102abc65c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "emacs-overlay",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -159,6 +198,27 @@
         "type": "github"
       }
     },
+    "nix-doom-emacs-unstraightened": {
+      "inputs": {
+        "doomemacs": "doomemacs",
+        "emacs-overlay": "emacs-overlay",
+        "nixpkgs": [],
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1768034604,
+        "narHash": "sha256-62pIZMvGHhYJmMiiBsxHqZt/dFyENPcFHlJq5NJF3Sw=",
+        "owner": "marienz",
+        "repo": "nix-doom-emacs-unstraightened",
+        "rev": "9b3b8044fe4ccdcbb2d6f733d7dbe4d5feea18bc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "marienz",
+        "repo": "nix-doom-emacs-unstraightened",
+        "type": "github"
+      }
+    },
     "nix-github-actions": {
       "inputs": {
         "nixpkgs": [
@@ -303,6 +363,7 @@
         "home-manager-unstable": "home-manager-unstable",
         "jovian": "jovian",
         "nix-darwin": "nix-darwin",
+        "nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable",
@@ -324,6 +385,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -47,6 +47,12 @@
       url = "github:steveyegge/beads";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
+
+    nix-doom-emacs-unstraightened = {
+      url = "github:marienz/nix-doom-emacs-unstraightened";
+      # Don't follow nixpkgs to avoid rebuild issues with emacs-overlay
+      inputs.nixpkgs.follows = "";
+    };
   };
 
   outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
@@ -70,6 +76,7 @@
         home-manager.useUserPackages = true;
         home-manager.sharedModules = [
           inputs.plasma-manager.homeModules.plasma-manager
+          inputs.nix-doom-emacs-unstraightened.homeModule
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
@@ -98,6 +105,7 @@
         home-manager.useUserPackages = true;
         home-manager.sharedModules = [
           inputs.plasma-manager-unstable.homeModules.plasma-manager
+          inputs.nix-doom-emacs-unstraightened.homeModule
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
@@ -129,6 +137,9 @@
         ];
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.nix-doom-emacs-unstraightened.homeModule
+        ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
         };

home/home-live-usb.nix

@@ -14,7 +14,12 @@
     desktop.enable = true;
     tmux.enable = true;
     plasma-manager.enable = true;
-    emacs.enable = true;
+    emacs = {
+      enable = true;
+      # Use pre-built Doom Emacs - all packages built at nix build time
+      # This means no doom sync is needed after booting the live USB
+      prebuiltDoom = true;
+    };
     i3_sway.enable = true;
     # development.enable = false;  # Not needed for live USB
     # communication.enable = false; # Not needed for live USB

home/roles/emacs/default.nix

@@ -23,13 +23,30 @@ let
     if pkgs.stdenv.isDarwin
     then pkgs.emacs-macport.pkgs.withPackages emacsPackages
     else pkgs.emacs.pkgs.withPackages emacsPackages;
+
+  # Path to doom config directory (relative to this file)
+  doomConfigDir = ./doom;
 in
 {
   options.home.roles.emacs = {
     enable = mkEnableOption "Doom Emacs with vterm and tree-sitter support";
+
+    prebuiltDoom = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Use nix-doom-emacs-unstraightened to pre-build all Doom packages at
+        nix build time. This eliminates the need to run `doom sync` after
+        first boot, making it ideal for live USB images or immutable systems.
+
+        When enabled, the doom configuration is read-only (stored in nix store).
+      '';
+    };
   };
 
-  config = mkIf cfg.enable {
+  config = mkIf cfg.enable (mkMerge [
+    # Common configuration for both modes
+    {
       home.packages = [
         pkgs.emacs-all-the-icons-fonts
         pkgs.fira-code
@@ -46,13 +63,16 @@ in
         pkgs.python3
       ];
 
+      fonts.fontconfig.enable = true;
+    }
+
+    # Standard Doom Emacs mode (requires doom sync at runtime)
+    (mkIf (!cfg.prebuiltDoom) {
       programs.emacs = {
         enable = true;
         package = defaultEmacsPackage;
       };
 
-    fonts.fontconfig.enable = true;
-
       # Mount emacs and tree-sitter grammars from nix store
       home.file = {
         "${config.xdg.configHome}/emacs".source = doomEmacs;
@@ -73,5 +93,20 @@ in
         rm -rf "${config.xdg.configHome}/doom"
         ln -sf "${config.home.homeDirectory}/nixos-configs/home/roles/emacs/doom" "${config.xdg.configHome}/doom"
       '';
+    })
+
+    # Pre-built Doom Emacs mode (no doom sync needed - ideal for live USB)
+    (mkIf cfg.prebuiltDoom {
+      programs.doom-emacs = {
+        enable = true;
+        doomDir = doomConfigDir;
+        doomLocalDir = "${config.xdg.dataHome}/doom";
+        # Add extra packages that aren't part of Doom but needed for our config
+        extraPackages = epkgs: [
+          epkgs.vterm
+          epkgs.treesit-grammars.with-all-grammars
+        ];
       };
+    })
+  ]);
 }

home/roles/emacs/doom/packages.el

@@ -51,11 +51,21 @@
 
 ;; (package! org-caldav)
 
+;; Note: Packages with custom recipes must be pinned for nix-doom-emacs-unstraightened
+;; to build deterministically. Update pins when upgrading packages.
+
 (package! gptel :recipe (:nonrecursive t))
 
 (package! claude-code-ide
-  :recipe (:host github :repo "manzaltu/claude-code-ide.el"))
+  :recipe (:host github :repo "manzaltu/claude-code-ide.el")
+  :pin "760240d7f03ff16f90ede9d4f4243cd94f3fed73")
 
 (package! gptel-tool-library
   :recipe (:host github :repo "aard-fi/gptel-tool-library"
-           :files ("*.el")))
+           :files ("*.el"))
+  :pin "baffc3b0d74a2b7cbda0d5cd6dd7726d6ccaca83")
+
+(package! beads
+  :recipe (:type git :repo "https://codeberg.org/ctietze/beads.el.git"
+           :files ("lisp/*.el"))
+  :pin "f40a6461d3c0fa0969311bbb6a1e30d1bba86c88")

machines/john-endesktop/MIGRATION_PLAN.md

@@ -170,7 +170,6 @@ This document outlines the plan to migrate the john-endesktop server from Arch L
    ```bash
    blkid /dev/nvme0n1p5
    # Note the UUID for updating hardware-configuration.nix
-/dev/nvme0n1p5: LABEL="nixos" UUID="5f4ad025-bfab-4aed-a933-6638348059e5" UUID_SUB="4734d820-7b8a-4b7f-853a-026021c1d204" BLOCK_SIZE="4096" TYPE="btrfs" PARTLABEL="data" PARTUUID="9ea025df-cdb7-48fd-b5d4-37cd5d8588eb"
    ```
 
 8. **Copy your NixOS configuration to the server**
@@ -389,11 +388,11 @@ After successful migration and 24-48 hours of stable operation:
 
 Pre-migration:
 - [x] nvme0n1p5 removal from media pool complete
-- [x] Recent backup verified (< 24 hours)
+- [ ] Recent backup verified (< 24 hours)
-- [x] Maintenance window scheduled
+- [ ] Maintenance window scheduled
-- [x] NixOS ISO downloaded
+- [ ] NixOS ISO downloaded
-- [x] Bootable USB created
+- [ ] Bootable USB created
-- [x] NixOS config builds successfully
+- [ ] NixOS config builds successfully
 
 During migration:
 - [ ] ZFS pools exported

roles/common.nix

@@ -1,35 +0,0 @@
-# Common configuration shared between NixOS and Darwin
-{ lib, pkgs, ... }:
-
-{
-  config = {
-    time.timeZone = "America/Los_Angeles";
-
-    environment.systemPackages = with pkgs; [
-      git
-      glances
-      pciutils
-      tree
-      usbutils
-      vim
-    ];
-
-    nix = {
-      package = pkgs.nix;
-      settings = {
-        experimental-features = [ "nix-command" "flakes" ];
-        max-jobs = "auto";
-        trusted-users = [ "johno" ];
-        substituters = [
-        ];
-      };
-
-      gc = {
-        automatic = true;
-        options = "--delete-older-than 10d";
-      };
-    };
-
-    nixpkgs.config.allowUnfree = true;
-  };
-}

roles/darwin.nix

@@ -7,10 +7,6 @@ let
   setEnvironmentPath = "${config.system.build.setEnvironment}";
 in
 {
-  imports = [
-    ./common.nix
-  ];
-
   config = {
     # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
     # nix-darwin writes to .local variants for nix-specific configuration
@@ -47,6 +43,8 @@ in
       fi
     '';
 
+    time.timeZone = "America/Los_Angeles";
+
     # System preferences
     system.defaults = {
       # Custom keyboard shortcuts
@@ -81,5 +79,42 @@ in
         };
       };
     };
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
   };
 }

roles/default.nix

@@ -4,7 +4,6 @@ with lib;
 
 {
   imports = [
-    ./common.nix
     ./audio
     ./bluetooth
     ./btrfs
@@ -32,6 +31,7 @@ with lib;
       LC_TELEPHONE = "en_US.UTF-8";
       LC_TIME = "en_US.UTF-8";
     };
+    time.timeZone = "America/Los_Angeles";
 
     services.xserver.xkb = {
       layout = "us";
@@ -49,7 +49,42 @@ with lib;
     # Enable the OpenSSH daemon.
     services.openssh.enable = true;
 
-    # NixOS-specific gc option (not available on Darwin)
+    environment.systemPackages = with pkgs; [
-    nix.gc.randomizedDelaySec = "14m";
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      # distributedBuilds = true;
+      # buildMachines = [{
+      #   hostName = "z790prors.oglehome";
+      #   system = "x86_64-linux";
+      #   protocol = "ssh-ng";
+      #   sshUser = "johno";
+      #   sshKey = "/root/.ssh/id_ed25519";
+      #   maxJobs = 3;
+      #   speedFactor = 2;
+      # }];
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        randomizedDelaySec = "14m";
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
   };
 }