Remove perles

Add fast-cpu and fast-storage labels since this node has a faster CPU
than other cluster nodes and is the NFS host with fast local storage.
Also add k3s-upgrade=disabled to exclude from system-upgrade-controller.

.claude/commands/import_gitea_issues.md

@@ -0,0 +1,130 @@
+---
+description: Import open Gitea issues as beads, skipping already-imported ones
+---
+
+# Import Gitea Issues as Beads
+
+This skill imports open Gitea issues as beads, checking for duplicates to avoid re-importing already tracked issues.
+
+## Prerequisites
+
+- `tea` CLI must be installed and configured for the repository
+- `bd` (beads) CLI must be installed
+- Must be in a git repository with a Gitea/Forgejo remote
+
+## Workflow
+
+### Step 1: Get open Gitea issues
+
+List all open issues using `tea`:
+
+```bash
+tea issues
+```
+
+This returns a table with columns: INDEX, TITLE, LABELS, MILESTONE
+
+### Step 2: Get existing beads
+
+List all current beads to check what's already imported:
+
+```bash
+bd list
+```
+
+Also check bead notes for issue URLs to identify imports:
+
+```bash
+bd list --json | jq -r '.[] | select(.notes != null) | .notes' | grep -oP 'issues/\K\d+'
+```
+
+### Step 3: Check for already-linked PRs
+
+Check if any open PRs reference beads (skip these issues as they're being worked on):
+
+```bash
+tea pr list
+```
+
+Look for PRs with:
+- Bead ID in title: `[nixos-configs-xxx]`
+- Bead reference in body: `Implements bead:` or `Bead ID:`
+
+### Step 4: For each untracked issue, create a bead
+
+For each issue not already tracked:
+
+1. **Get full issue details**:
+   ```bash
+   tea issue [ISSUE_NUMBER]
+   ```
+
+2. **Determine bead type** based on issue content:
+   - "bug" - if issue mentions bug, error, broken, fix, crash
+   - "feature" - if issue mentions feature, add, new, enhancement
+   - "task" - default for other issues
+
+3. **Create the bead**:
+   ```bash
+   bd add "[ISSUE_TITLE]" \
+     --type=[TYPE] \
+     --priority=P2 \
+     --notes="Gitea issue: [ISSUE_URL]
+
+   Original issue description:
+   [ISSUE_BODY]"
+   ```
+
+   Note: The `--notes` flag accepts multi-line content.
+
+### Step 5: Report results
+
+Present a summary:
+
+```
+## Gitea Issues Import Summary
+
+### Imported as Beads
+| Issue | Title | Bead ID | Type |
+|-------|-------|---------|------|
+| #5 | Add dark mode | nixos-configs-abc | feature |
+| #3 | Config broken on reboot | nixos-configs-def | bug |
+
+### Skipped (Already Tracked)
+| Issue | Title | Reason |
+|-------|-------|--------|
+| #4 | Update flake | Existing bead: nixos-configs-xyz |
+| #2 | Refactor roles | PR #7 references bead |
+
+### Skipped (Other)
+| Issue | Title | Reason |
+|-------|-------|--------|
+| #1 | Discussion: future plans | No actionable work |
+```
+
+## Type Detection Heuristics
+
+Keywords to detect issue type:
+
+**Bug indicators** (case-insensitive):
+- bug, error, broken, fix, crash, fail, issue, problem, wrong, not working
+
+**Feature indicators** (case-insensitive):
+- feature, add, new, enhancement, implement, support, request, want, would be nice
+
+**Task** (default):
+- Anything not matching bug or feature patterns
+
+## Error Handling
+
+- **tea not configured**: Report error and exit
+- **bd not available**: Report error and exit
+- **Issue already has bead**: Skip and report in summary
+- **Issue is a PR**: Skip (tea shows PRs and issues separately)
+
+## Notes
+
+- Default priority is P2; adjust manually after import if needed
+- Issue labels from Gitea are not automatically mapped to bead tags
+- Run this periodically to catch new issues
+- After import, use `bd ready` to see which beads can be worked on

build-liveusb.sh

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-# Build Live USB ISO from flake configuration
-# Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
-
-set -e
-
-echo "Building Live USB ISO..."
-nix build .#nixosConfigurations.live-usb.config.system.build.isoImage --show-trace
-
-if [ -f "./result/iso/"*.iso ]; then
-    iso_file=$(ls ./result/iso/*.iso)
-    echo "✅ Build complete!"
-    echo "📁 ISO location: $iso_file"
-    echo "💾 Ready for Ventoy or dd to USB"
-else
-    echo "❌ Build failed - no ISO file found"
-    exit 1
-fi

flake.nix

@@ -56,94 +56,75 @@
   };
 
   outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
-    nixosModules = [
-      ./roles
-    ] ++ [
-      inputs.home-manager.nixosModules.home-manager
-      {
-        nixpkgs.overlays = [
-          (final: prev: {
+    # Shared overlay function to reduce duplication across module sets
+    # Parameters:
+    #   unstableOverlays: Additional overlays to apply when importing nixpkgs-unstable
+    mkBaseOverlay = { unstableOverlays ? [] }: (final: prev: {
       unstable = import nixpkgs-unstable {
         system = prev.stdenv.hostPlatform.system;
         config.allowUnfree = true;
+        overlays = unstableOverlays;
       };
       custom = prev.callPackage ./packages {};
       # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
       bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
-          })
-        ];
+    });
+
+    # Shared home-manager configuration factory
+    # Parameters:
+    #   sharedModules: Additional modules to include in home-manager.sharedModules
+    mkHomeManagerConfig = { sharedModules ? [] }: {
       home-manager.useGlobalPkgs = true;
       home-manager.useUserPackages = true;
-        home-manager.sharedModules = [
-          inputs.plasma-manager.homeModules.plasma-manager
+      home-manager.sharedModules = sharedModules ++ [
         inputs.nix-doom-emacs-unstraightened.homeModule
       ];
       home-manager.extraSpecialArgs = {
         globalInputs = inputs;
       };
+    };
+
+    nixosModules = [
+      ./roles
+      inputs.home-manager.nixosModules.home-manager
+      {
+        nixpkgs.overlays = [ (mkBaseOverlay {}) ];
       }
+      (mkHomeManagerConfig {
+        sharedModules = [ inputs.plasma-manager.homeModules.plasma-manager ];
+      })
     ];
+
     # Modules for unstable-based systems (like nix-deck)
     nixosModulesUnstable = [
       ./roles
-    ] ++ [
       inputs.home-manager-unstable.nixosModules.home-manager
       inputs.jovian.nixosModules.jovian
       {
-        nixpkgs.overlays = [
-          (final: prev: {
-            unstable = import nixpkgs-unstable {
-              system = prev.stdenv.hostPlatform.system;
-              config.allowUnfree = true;
-            };
-            custom = prev.callPackage ./packages {};
-            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
-            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
+        nixpkgs.overlays = [ (mkBaseOverlay {}) ];
+      }
+      (mkHomeManagerConfig {
+        sharedModules = [ inputs.plasma-manager-unstable.homeModules.plasma-manager ];
       })
     ];
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-        home-manager.sharedModules = [
-          inputs.plasma-manager-unstable.homeModules.plasma-manager
-          inputs.nix-doom-emacs-unstraightened.homeModule
-        ];
-        home-manager.extraSpecialArgs = {
-          globalInputs = inputs;
-        };
-      }
-    ];
+
     darwinModules = [
       ./roles/darwin.nix
-    ] ++ [
       inputs.home-manager.darwinModules.home-manager
       {
         nixpkgs.overlays = [
-          (final: prev: {
-            unstable = import nixpkgs-unstable {
-              system = prev.stdenv.hostPlatform.system;
-              config.allowUnfree = true;
-              overlays = [
+          (mkBaseOverlay {
             # Override claude-code in unstable to use our custom GCS-based build
             # (needed for corporate networks that block npm registry)
+            unstableOverlays = [
               (ufinal: uprev: {
-                  claude-code = prev.custom.claude-code or (prev.callPackage ./packages {}).claude-code;
+                claude-code = uprev.callPackage ./packages/claude-code {};
               })
             ];
-            };
-            custom = prev.callPackage ./packages {};
-            # Compatibility: bitwarden renamed to bitwarden-desktop in unstable
-            bitwarden-desktop = prev.bitwarden-desktop or prev.bitwarden;
           })
         ];
-        home-manager.useGlobalPkgs = true;
-        home-manager.useUserPackages = true;
-        home-manager.sharedModules = [
-          inputs.nix-doom-emacs-unstraightened.homeModule
-        ];
-        home-manager.extraSpecialArgs = {
-          globalInputs = inputs;
-        };
       }
+      (mkHomeManagerConfig { sharedModules = []; })
     ];
 
   in {
@@ -275,6 +256,16 @@
           export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
           ${builtins.readFile ./scripts/upgrade.sh}
         '';
+
+        bootstrap = pkgs.writeShellScriptBin "bootstrap" ''
+          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
+          ${builtins.readFile ./scripts/bootstrap.sh}
+        '';
+
+        build-liveusb = pkgs.writeShellScriptBin "build-liveusb" ''
+          export PATH="${pkgs.lib.makeBinPath commonDeps}:$PATH"
+          ${builtins.readFile ./scripts/build-liveusb.sh}
+        '';
       in {
         update-doomemacs = {
           type = "app";
@@ -292,6 +283,14 @@
           type = "app";
           program = "${upgrade}/bin/upgrade";
         };
+        bootstrap = {
+          type = "app";
+          program = "${bootstrap}/bin/bootstrap";
+        };
+        build-liveusb = {
+          type = "app";
+          program = "${build-liveusb}/bin/build-liveusb";
+        };
       }
     );
   };

home/home-server.nix

@@ -11,6 +11,7 @@
     base.enable = true;
     development.enable = true;
     emacs.enable = true;
+    kubectl.enable = true;
     starship.enable = true;
     tmux.enable = true;
   };

home/roles/development/default.nix

@@ -44,7 +44,6 @@ in
 
       # Custom packages
       pkgs.custom.tea-rbw
-      pkgs.custom.perles
     ];
 
     # Install Claude Code humanlayer command and agent plugins

home/roles/emacs/doom/config.el

@@ -167,6 +167,20 @@
         claude-code-ide-window-side 'right
         claude-code-ide-window-width 90))
 
+(use-package! beads
+  :commands (beads)
+  :init
+  (map! :leader
+        (:prefix ("o" . "open")
+         (:prefix ("B" . "beads")
+          :desc "List issues"      "B" (cmd! (require 'beads) (beads-list))
+          :desc "Project issues"   "p" (cmd! (require 'beads) (beads-project-list))
+          :desc "Activity feed"    "a" (cmd! (require 'beads) (beads-activity))
+          :desc "Stale issues"     "s" (cmd! (require 'beads) (beads-stale))
+          :desc "Orphaned issues"  "o" (cmd! (require 'beads) (beads-orphans))
+          :desc "Find duplicates"  "d" (cmd! (require 'beads) (beads-duplicates))
+          :desc "Lint issues"      "l" (cmd! (require 'beads) (beads-lint))))))
+
 (after! gptel
   (require 'gptel-tool-library)
   (setq gptel-tool-library-use-maybe-safe t

machines/boxy/configuration.nix

@@ -26,6 +26,7 @@ with lib;
       enable = true;
       autologin = true;
       wayland = true;
+      appLauncherServer = true;
       jellyfinScaleFactor = 1.0;
     };
     nfs-mounts.enable = true;

machines/john-endesktop/configuration.nix

@@ -104,6 +104,23 @@ with lib;
   # User configuration
   roles.users.enable = true;
 
+  # k3s agent configuration
+  roles.k3s-node = {
+    enable = true;
+    role = "agent";
+    # serverAddr defaults to https://10.0.0.222:6443
+    # tokenFile defaults to /etc/k3s/token
+    extraFlags = [
+      # Node labels for workload scheduling
+      # fast-cpu: This node has a faster CPU than other cluster nodes
+      "--node-label=fast-cpu=true"
+      # fast-storage: This node is the NFS host with fast local storage access
+      "--node-label=fast-storage=true"
+      # k3s-upgrade=disabled: NixOS manages k3s upgrades via Nix, not system-upgrade-controller
+      "--node-label=k3s-upgrade=disabled"
+    ];
+  };
+
   # Time zone
   time.timeZone = "America/Los_Angeles"; # Adjust as needed
 

machines/nix-book/configuration.nix

@@ -41,14 +41,9 @@
   boot.initrd.luks.devices."luks-b614167b-9045-4234-a441-ac6f60a96d81".device = "/dev/disk/by-uuid/b614167b-9045-4234-a441-ac6f60a96d81";
 
   services.logind.settings.Login = {
-    HandleLidSwitch = "suspend-then-hibernate";
     HandlePowerKey = "hibernate";
     HandlePowerKeyLongPress = "poweroff";
   };
-  systemd.sleep.extraConfig = ''
-    HibernateDelaySec=30m
-    SuspendState=mem
-  '';
 
   networking.hostName = "nix-book"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

machines/wixos/configuration.nix

@@ -17,6 +17,15 @@
       enable = true;
       wayland = true;
     };
+    nvidia = {
+      enable = true;
+      package = "latest";
+      graphics.extraPackages = with pkgs; [
+        mesa
+        libvdpau-va-gl
+        libva-vdpau-driver
+      ];
+    };
     users.enable = true;
   };
 
@@ -29,28 +38,13 @@
   wsl.wslConf.network.hostname = "wixos";
   wsl.wslConf.user.default = "johno";
 
-  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.graphics = { 
-    enable = true;
-
-    extraPackages = with pkgs; [
-      mesa
-      libvdpau-va-gl
-      libva-vdpau-driver
-    ];
-  };
+  # WSL-specific environment variables for graphics
   environment.sessionVariables = {
     LD_LIBRARY_PATH = [
       "/usr/lib/wsl/lib"
       "/run/opengl-driver/lib"
     ];
   };
-  hardware.nvidia = {
-    modesetting.enable = true;
-    nvidiaSettings = true;
-    open = true;
-    package = config.boot.kernelPackages.nvidiaPackages.latest;
-  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

machines/zix790prors/configuration.nix

@@ -25,8 +25,12 @@ with lib;
       wayland = true;
       x11 = true;
     };
+    kodi.enable = true;
     nfs-mounts.enable = true;
-    nvidia.enable = true;
+    nvidia = {
+      enable = true;
+      graphics.enable32Bit = true;
+    };
     printing.enable = true;
     remote-build.enableBuilder = true;
     users.enable = true;
@@ -47,27 +51,11 @@ with lib;
   # Fix dual boot clock sync - tell Linux to use local time for hardware clock
   time.hardwareClockInLocalTime = true;
 
-  # NVIDIA Graphics configuration
-  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.graphics.enable = true;
-  hardware.graphics.enable32Bit = true;
-  
   # Set DP-0 as primary display with 164.90Hz refresh rate
   services.xserver.displayManager.sessionCommands = ''
     ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 164.90 --primary
   '';
 
-  hardware.nvidia = {
-    modesetting.enable = true;
-    nvidiaSettings = true;
-    package = pkgs.linuxPackages.nvidiaPackages.stable;
-    open = true;
-    
-    # For gaming performance
-    powerManagement.enable = false;
-    powerManagement.finegrained = false;
-  };
-
   services.ollama = {
     enable = true;
     acceleration = "cuda";

packages/default.nix

@@ -1,8 +1,6 @@
 { pkgs, ... }:
 {
-  vulkanHDRLayer = pkgs.callPackage ./vulkan-hdr-layer {};
   tea-rbw = pkgs.callPackage ./tea-rbw {};
   app-launcher-server = pkgs.callPackage ./app-launcher-server {};
   claude-code = pkgs.callPackage ./claude-code {};
-  perles = pkgs.callPackage ./perles {};
 }

packages/perles/default.nix

@@ -1,26 +0,0 @@
-{ lib, buildGoModule, fetchFromGitHub }:
-
-buildGoModule rec {
-  pname = "perles";
-  version = "unstable-2025-01-09";
-
-  src = fetchFromGitHub {
-    owner = "zjrosen";
-    repo = "perles";
-    rev = "main";
-    hash = "sha256-JgRayb4+mJ1r0AtdnQfqAw2+QRte+licsfZOaRgYqcs=";
-  };
-
-  vendorHash = "sha256-R7UWTdBuPteneRqxrWK51nqLtZwDsqQoMAcohN4fyak=";
-
-  # Tests require a real git repository context
-  doCheck = false;
-
-  meta = with lib; {
-    description = "A TUI for the Beads issue tracking system with BQL query language";
-    homepage = "https://github.com/zjrosen/perles";
-    license = licenses.mit;
-    maintainers = [ ];
-    mainProgram = "perles";
-  };
-}

packages/vulkan-hdr-layer/default.nix

@@ -1,34 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, meson, pkg-config, vulkan-loader, ninja, writeText, vulkan-headers, vulkan-utility-libraries,  jq, libX11, libXrandr, libxcb, wayland, wayland-scanner }:
-
-stdenv.mkDerivation rec {
-  pname = "vulkan-hdr-layer";
-  version = "63d2eec";
-
-  src = (fetchFromGitHub {
-    owner = "Zamundaaa";
-    repo = "VK_hdr_layer";
-    rev = "869199cd2746e7f69cf19955153080842b6dacfc";
-    fetchSubmodules = true;
-    hash = "sha256-xfVYI+Aajmnf3BTaY2Ysg5fyDO6SwDFGyU0L+F+E3is=";
-  }).overrideAttrs (_: {
-    GIT_CONFIG_COUNT = 1;
-    GIT_CONFIG_KEY_0 = "url.https://github.com/.insteadOf";
-    GIT_CONFIG_VALUE_0 = "git@github.com:";
-  });
-
-  nativeBuildInputs = [ vulkan-headers meson ninja pkg-config jq ];
-
-  buildInputs = [ vulkan-headers vulkan-loader vulkan-utility-libraries libX11 libXrandr libxcb wayland wayland-scanner ];
-
-  # Help vulkan-loader find the validation layers
-  setupHook = writeText "setup-hook" ''
-    addToSearchPath XDG_DATA_DIRS @out@/share
-  '';
-
-  meta = with lib; {
-    description = "Layers providing Vulkan HDR";
-    homepage = "https://github.com/Zamundaaa/VK_hdr_layer";
-    platforms = platforms.linux;
-    license = licenses.mit;
-  };
-}

roles/default.nix

@@ -9,6 +9,7 @@ with lib;
     ./bluetooth
     ./btrfs
     ./desktop
+    ./k3s-node
     ./kodi
     ./nfs-mounts
     ./nvidia

roles/k3s-node/default.nix

@@ -0,0 +1,81 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.k3s-node;
+in
+{
+  options.roles.k3s-node = {
+    enable = mkEnableOption "Enable k3s node";
+
+    role = mkOption {
+      type = types.enum [ "server" "agent" ];
+      default = "agent";
+      description = "k3s role: server (control plane) or agent (worker)";
+    };
+
+    serverAddr = mkOption {
+      type = types.str;
+      default = "https://10.0.0.222:6443";
+      description = "URL of k3s server to join (required for agents, used for HA servers)";
+    };
+
+    tokenFile = mkOption {
+      type = types.path;
+      default = "/etc/k3s/token";
+      description = "Path to file containing the cluster join token";
+    };
+
+    clusterInit = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Initialize a new cluster (first server only)";
+    };
+
+    extraFlags = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Additional flags to pass to k3s";
+    };
+
+    gracefulNodeShutdown = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable graceful node shutdown";
+    };
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Open firewall ports for k3s";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # k3s service configuration
+    services.k3s = {
+      enable = true;
+      role = cfg.role;
+      tokenFile = cfg.tokenFile;
+      extraFlags = cfg.extraFlags;
+      gracefulNodeShutdown.enable = cfg.gracefulNodeShutdown;
+      serverAddr = if (cfg.role == "agent" || !cfg.clusterInit) then cfg.serverAddr else "";
+      clusterInit = cfg.role == "server" && cfg.clusterInit;
+    };
+
+    # Firewall rules for k3s
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [
+        6443  # k3s API server
+        10250 # kubelet metrics
+      ] ++ optionals (cfg.role == "server") [
+        2379  # etcd clients (HA)
+        2380  # etcd peers (HA)
+      ];
+      allowedUDPPorts = [
+        8472  # flannel VXLAN
+      ];
+    };
+  };
+}

roles/kodi/default.nix

@@ -22,7 +22,7 @@ in
     appLauncherServer = {
       enable = mkOption {
         type = types.bool;
-        default = true;
+        default = false;
         description = "Enable HTTP app launcher server for remote control";
       };
       port = mkOption {

roles/nvidia/default.nix

@@ -8,9 +8,89 @@ in
 {
   options.roles.nvidia = {
     enable = mkEnableOption "Enable the nvidia role";
+
+    # Driver configuration options
+    open = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Use the open source nvidia kernel driver (for Turing and newer GPUs).";
+    };
+
+    modesetting = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable kernel modesetting for nvidia.";
+    };
+
+    nvidiaSettings = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable the nvidia-settings GUI.";
+    };
+
+    package = mkOption {
+      type = types.enum [ "stable" "latest" "beta" "vulkan_beta" "production" ];
+      default = "stable";
+      description = "The nvidia driver package to use.";
+    };
+
+    powerManagement = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enable nvidia power management (useful for laptops, not recommended for desktops).";
+      };
+
+      finegrained = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enable fine-grained power management for Turing and newer GPUs.";
+      };
+    };
+
+    graphics = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable hardware graphics support.";
+      };
+
+      enable32Bit = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enable 32-bit graphics libraries (needed for some games).";
+      };
+
+      extraPackages = mkOption {
+        type = types.listOf types.package;
+        default = [];
+        description = "Extra packages to add to hardware.graphics.extraPackages.";
+      };
+    };
   };
 
   config = mkIf cfg.enable {
+    # Set xserver video driver
+    services.xserver.videoDrivers = [ "nvidia" ];
+
+    # Graphics configuration
+    hardware.graphics = {
+      enable = cfg.graphics.enable;
+      enable32Bit = cfg.graphics.enable32Bit;
+      extraPackages = cfg.graphics.extraPackages;
+    };
+
+    # NVIDIA driver configuration
+    hardware.nvidia = {
+      modesetting.enable = cfg.modesetting;
+      nvidiaSettings = cfg.nvidiaSettings;
+      open = cfg.open;
+      package = config.boot.kernelPackages.nvidiaPackages.${cfg.package};
+      powerManagement.enable = cfg.powerManagement.enable;
+      powerManagement.finegrained = cfg.powerManagement.finegrained;
+    };
+
+    # Additional packages for nvidia support
     environment.systemPackages = with pkgs; [
       libva-utils
       nvidia-vaapi-driver

scripts/bootstrap.sh

@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 # bootstrap.sh
-# Usage: sudo ./bootstrap.sh <hostname>
+# Usage: nix run .#bootstrap -- <hostname>
+# Or: sudo ./scripts/bootstrap.sh <hostname>
 set -euo pipefail
 
 NEW_HOSTNAME="${1:?missing hostname}"
@@ -8,4 +9,3 @@ FLAKE_URI="git+https://git.johnogle.info/johno/nixos-configs.git#${NEW_HOSTNAME}
 
 export NIX_CONFIG="experimental-features = nix-command flakes"
 nixos-rebuild switch --flake "$FLAKE_URI"
-

scripts/build-liveusb.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+# Build Live USB ISO from flake configuration
+# Creates an uncompressed ISO suitable for Ventoy and other USB boot tools
+# Usage: nix run .#build-liveusb
+# Or: ./scripts/build-liveusb.sh
+
+set -euo pipefail
+
+REPO_ROOT="${REPO_ROOT:-$(git rev-parse --show-toplevel 2>/dev/null || pwd)}"
+
+echo "Building Live USB ISO..."
+nix build "${REPO_ROOT}#nixosConfigurations.live-usb.config.system.build.isoImage" --show-trace
+
+if ls "${REPO_ROOT}/result/iso/"*.iso 1> /dev/null 2>&1; then
+    iso_file=$(ls "${REPO_ROOT}/result/iso/"*.iso)
+    echo "Build complete!"
+    echo "ISO location: $iso_file"
+    echo "Ready for Ventoy or dd to USB"
+else
+    echo "Build failed - no ISO file found"
+    exit 1
+fi