feat(ci): Add Forgejo Actions CI workflow

Set up continuous integration for nixos-configs:
- Validate flake syntax with `nix flake check --no-build`
- Display flake metadata and outputs for visibility
- Build critical NixOS configurations in parallel matrix
- Configurations tested: john-endesktop, zix790prors, nix-book, boxy

Implements bead: nixos-configs-2hq

.forgejo/workflows/ci.yaml

@@ -0,0 +1,47 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  flake-check:
+    runs-on: nix
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Check flake syntax
+        run: nix flake check --no-build
+
+      - name: Show flake metadata
+        run: nix flake metadata
+
+      - name: Show flake outputs
+        run: nix flake show
+
+  build-configs:
+    runs-on: nix
+    needs: flake-check
+    strategy:
+      fail-fast: false
+      matrix:
+        config:
+          # Critical server configurations
+          - john-endesktop
+          # Desktop configurations
+          - zix790prors
+          - nix-book
+          # Media center
+          - boxy
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build ${{ matrix.config }}
+        run: |
+          nix build .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel \
+            --no-link \
+            --print-build-logs

.gitignore

@@ -1,2 +1,3 @@
 result
 thoughts
+.beads

flake.lock

@@ -21,6 +21,45 @@
         "type": "github"
       }
     },
+    "doomemacs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1767773143,
+        "narHash": "sha256-QL/t9v2kFNxBDyNJb/s411o3mxujan+QX5IZglTdpTk=",
+        "owner": "doomemacs",
+        "repo": "doomemacs",
+        "rev": "3e15fb36d7f94f0a218bda977be4d3f5da983a71",
+        "type": "github"
+      },
+      "original": {
+        "owner": "doomemacs",
+        "repo": "doomemacs",
+        "type": "github"
+      }
+    },
+    "emacs-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-doom-emacs-unstraightened"
+        ],
+        "nixpkgs-stable": [
+          "nix-doom-emacs-unstraightened"
+        ]
+      },
+      "locked": {
+        "lastModified": 1768011937,
+        "narHash": "sha256-SnU2XTo34vwVaijs+4VwcXTNwMWO4nwzzs08N39UagA=",
+        "owner": "nix-community",
+        "repo": "emacs-overlay",
+        "rev": "79abf71d9897cf3b5189f7175cda1b1102abc65c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "emacs-overlay",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -159,6 +198,27 @@
         "type": "github"
       }
     },
+    "nix-doom-emacs-unstraightened": {
+      "inputs": {
+        "doomemacs": "doomemacs",
+        "emacs-overlay": "emacs-overlay",
+        "nixpkgs": [],
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1768034604,
+        "narHash": "sha256-62pIZMvGHhYJmMiiBsxHqZt/dFyENPcFHlJq5NJF3Sw=",
+        "owner": "marienz",
+        "repo": "nix-doom-emacs-unstraightened",
+        "rev": "9b3b8044fe4ccdcbb2d6f733d7dbe4d5feea18bc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "marienz",
+        "repo": "nix-doom-emacs-unstraightened",
+        "type": "github"
+      }
+    },
     "nix-github-actions": {
       "inputs": {
         "nixpkgs": [
@@ -303,6 +363,7 @@
         "home-manager-unstable": "home-manager-unstable",
         "jovian": "jovian",
         "nix-darwin": "nix-darwin",
+        "nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable",
@@ -324,6 +385,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -47,6 +47,12 @@
       url = "github:steveyegge/beads";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
+
+    nix-doom-emacs-unstraightened = {
+      url = "github:marienz/nix-doom-emacs-unstraightened";
+      # Don't follow nixpkgs to avoid rebuild issues with emacs-overlay
+      inputs.nixpkgs.follows = "";
+    };
   };
 
   outputs = { self, nixpkgs, nixpkgs-unstable, nixos-wsl, ... } @ inputs: let
@@ -70,6 +76,7 @@
         home-manager.useUserPackages = true;
         home-manager.sharedModules = [
           inputs.plasma-manager.homeModules.plasma-manager
+          inputs.nix-doom-emacs-unstraightened.homeModule
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
@@ -98,6 +105,7 @@
         home-manager.useUserPackages = true;
         home-manager.sharedModules = [
           inputs.plasma-manager-unstable.homeModules.plasma-manager
+          inputs.nix-doom-emacs-unstraightened.homeModule
         ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
@@ -129,6 +137,9 @@
         ];
         home-manager.useGlobalPkgs = true;
         home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.nix-doom-emacs-unstraightened.homeModule
+        ];
         home-manager.extraSpecialArgs = {
           globalInputs = inputs;
         };
@@ -219,7 +230,11 @@
       system = "x86_64-linux";
       modules = nixosModules ++ [
         ./machines/john-endesktop/configuration.nix
-        # Minimal server - no home-manager needed
+        inputs.home-manager.nixosModules.home-manager
+        {
+          home-manager.users.johno = import ./home/home-server.nix;
+          home-manager.extraSpecialArgs = { inherit system; };
+        }
       ];
     };
 

home/home-live-usb.nix

@@ -14,7 +14,12 @@
     desktop.enable = true;
     tmux.enable = true;
     plasma-manager.enable = true;
-    emacs.enable = true;
+    emacs = {
+      enable = true;
+      # Use pre-built Doom Emacs - all packages built at nix build time
+      # This means no doom sync is needed after booting the live USB
+      prebuiltDoom = true;
+    };
     i3_sway.enable = true;
     starship.enable = true;
     # development.enable = false;  # Not needed for live USB

home/home-server.nix

@@ -0,0 +1,26 @@
+{ pkgs, globalInputs, system, ... }:
+
+{
+  # Home Manager configuration for servers (minimal with development tools)
+  home.username = "johno";
+  home.homeDirectory = "/home/johno";
+  home.stateVersion = "24.05";
+
+  # Minimal roles for server with development capability
+  home.roles = {
+    base.enable = true;
+    development.enable = true;
+    emacs.enable = true;
+    starship.enable = true;
+    tmux.enable = true;
+  };
+
+  targets.genericLinux.enable = true;
+  home.sessionVariables = {};
+  home.sessionPath = [];
+
+  imports = [
+    ./roles
+    ./roles/base-linux
+  ];
+}

home/roles/development/default.nix

@@ -85,11 +85,25 @@ in
         fi
       done
 
+      # Copy local skills from this repo (with retry for race conditions with running Claude)
+      for file in ${./skills}/*.md; do
+        if [ -f "$file" ]; then
+          filename=$(basename "$file" .md)
+          dest="$HOME/.claude/commands/''${filename}.md"
+          # Remove existing file first, then copy with retry on failure
+          rm -f "$dest" 2>/dev/null || true
+          if ! cp "$file" "$dest" 2>/dev/null; then
+            sleep 0.5
+            cp "$file" "$dest" || echo "Warning: Failed to copy $filename.md to commands"
+          fi
+        fi
+      done
+
       $DRY_RUN_CMD echo "Claude Code humanlayer commands and agents installed successfully${
         if cfg.allowArbitraryClaudeCodeModelSelection
         then " (model specifications preserved)"
         else " (model selection removed)"
-      }"
+      } + local skills"
     '';
 
     # Set up beads Claude Code integration (hooks for SessionStart/PreCompact)

home/roles/development/skills/parallel_beads.md

@@ -0,0 +1,205 @@
+---
+description: Orchestrate parallel bead processing with worktrees, PRs, and reviews
+---
+
+# Parallel Beads Workflow
+
+This skill orchestrates parallel bead processing using subagents. Each bead gets its own worktree, implementation, PR, and review.
+
+## Phase 1: Selection
+
+1. **Get ready beads**: Run `bd ready` to list all beads with no blockers
+2. **Present selection**: Use `AskUserQuestion` with `multiSelect: true` to let the user choose which beads to work on
+   - Include bead ID and title for each option
+   - Allow selection of multiple beads
+
+Example:
+```
+AskUserQuestion with:
+- question: "Which beads do you want to work on in parallel?"
+- multiSelect: true
+- options from bd ready output
+```
+
+## Phase 2: Parallel Implementation
+
+For each selected bead, launch a subagent using the Task tool. All subagents should be launched in parallel (single message with multiple Task tool calls).
+
+### Subagent Instructions Template
+
+Each implementation subagent should receive these instructions:
+
+```
+Work on bead [BEAD_ID]: [BEAD_TITLE]
+
+1. **Create worktree**:
+   - Branch name: `bead/[BEAD_ID]`
+   - Worktree path: `~/wt/[REPO_NAME]/[BEAD_ID]`
+   - Command: `git worktree add -b bead/[BEAD_ID] ~/wt/[REPO_NAME]/[BEAD_ID]`
+
+2. **Review the bead requirements**:
+   - Run `bd show [BEAD_ID]` to understand the acceptance criteria
+   - Note any external issue references (GitHub issues, Linear tickets, etc.)
+
+3. **Implement the changes**:
+   - Work in the worktree directory
+   - Complete all acceptance criteria listed in the bead
+   - Run any relevant tests or checks
+
+4. **Commit and push**:
+   - Stage all changes: `git add -A`
+   - Create a descriptive commit message
+   - Push the branch: `git push -u origin bead/[BEAD_ID]`
+
+5. **Create a PR**:
+   - Detect hosting provider from origin URL: `git remote get-url origin`
+   - If URL contains `github.com`, use `gh`; otherwise use `tea` (Gitea/Forgejo)
+   - PR title: "[BEAD_ID] [BEAD_TITLE]"
+   - PR body must include:
+     - Reference to bead ID: "Implements bead: [BEAD_ID]"
+     - Any external issue references from the bead (e.g., "Closes #123")
+     - Summary of changes
+   - For GitHub (`gh`):
+     ```bash
+     gh pr create --title "[BEAD_ID] [BEAD_TITLE]" --body "$(cat <<'EOF'
+     ## Summary
+     [Brief description of changes]
+
+     ## Bead Reference
+     Implements bead: [BEAD_ID]
+
+     ## External Issues
+     [Any linked issues from the bead]
+
+     ## Changes
+     - [List of changes made]
+     EOF
+     )"
+     ```
+   - For Gitea (`tea`):
+     ```bash
+     tea pr create --head bead/[BEAD_ID] --base main \
+       --title "[BEAD_ID] [BEAD_TITLE]" \
+       --description "## Summary
+     [Brief description of changes]
+
+     ## Bead Reference
+     Implements bead: [BEAD_ID]
+
+     ## External Issues
+     [Any linked issues from the bead]
+
+     ## Changes
+     - [List of changes made]"
+     ```
+
+6. **Update bead status**:
+   - Mark the bead as "in_review": `bd update [BEAD_ID] --status=in_review`
+   - Add the PR URL to the bead notes: `bd update [BEAD_ID] --notes="$(bd show [BEAD_ID] --json | jq -r '.notes')
+
+PR: [PR_URL]"`
+
+7. **Report results**:
+   - Return: PR URL, bead ID, success/failure status
+   - If blocked or unable to complete, explain what's blocking progress
+```
+
+### Launching Subagents
+
+Use `subagent_type: "general-purpose"` for implementation subagents. Launch all selected beads' subagents in a single message for parallel execution:
+
+```
+<Task calls for each selected bead - all in one message>
+```
+
+Collect results from all subagents before proceeding.
+
+## Phase 3: Parallel Review
+
+After all implementation subagents complete, launch review subagents for each PR.
+
+### Review Subagent Instructions Template
+
+```
+Review PR for bead [BEAD_ID]
+
+1. **Detect hosting provider**: Run `git remote get-url origin` - if it contains `github.com` use `gh`, otherwise use `tea`
+
+2. **Read the PR**:
+   - For GitHub: `gh pr view [PR_NUMBER] --json title,body,additions,deletions,files`
+   - For Gitea: `tea pr view [PR_NUMBER]`
+   - View the diff: `git diff main...bead/[BEAD_ID]`
+
+3. **Review against acceptance criteria**:
+   - Run `bd show [BEAD_ID]` to get the acceptance criteria
+   - Verify each criterion is addressed
+
+4. **Leave review comments**:
+   - For GitHub: `gh pr review [PR_NUMBER] --comment --body "[COMMENTS]"`
+   - For Gitea: `tea pr review [PR_NUMBER] --comment "[COMMENTS]"`
+   - Include:
+     - Acceptance criteria checklist (which are met, which might be missing)
+     - Code quality observations
+     - Suggestions for improvement
+
+5. **Return summary**:
+   - Overall assessment (ready to merge / needs changes)
+   - Key findings
+```
+
+Launch all review subagents in parallel.
+
+## Phase 4: Cleanup and Summary
+
+After reviews complete:
+
+1. **Clean up worktrees**:
+   ```bash
+   git worktree remove ~/wt/[REPO_NAME]/[BEAD_ID] --force
+   ```
+   Do this for each bead's worktree.
+
+2. **Provide final summary**:
+   Present a table or list with:
+   - Bead ID
+   - PR URL
+   - Status (success / failed / blocked)
+   - Review summary
+   - Any failures or blockers encountered
+
+Example output:
+```
+## Parallel Beads Summary
+
+| Bead | PR | Bead Status | Review |
+|------|-----|-------------|--------|
+| beads-abc | #123 | in_review | Approved |
+| beads-xyz | #124 | in_review | Needs changes |
+| beads-123 | - | open (failed) | Blocked by missing dependency |
+
+### Failures/Blockers
+- beads-123: Could not complete because [reason]
+
+### Next Steps
+- Review PRs that need changes
+- Address blockers for failed beads
+- Run `/reconcile_beads` after PRs are merged to close beads
+```
+
+## Error Handling
+
+- **Subagent failures**: If a subagent fails or times out, note it in the summary but continue with other beads
+- **PR creation failures**: Report the error but continue with reviews of successful PRs
+- **Worktree conflicts**: If a worktree already exists, ask the user if they want to remove it or skip that bead
+
+## Resource Limits
+
+- Consider limiting concurrent subagents to 3-5 to avoid overwhelming system resources
+- If user selects more beads than the limit, process them in batches
+
+## Notes
+
+- This workflow integrates with the beads system (`bd` commands)
+- Worktrees are created in `~/wt/[REPO_NAME]/` by convention
+- Each bead gets its own isolated branch and worktree
+- PRs automatically reference the bead ID for traceability

home/roles/development/skills/reconcile_beads.md

@@ -0,0 +1,88 @@
+---
+description: Reconcile beads with merged PRs and close completed beads
+---
+
+# Reconcile Beads Workflow
+
+This skill reconciles beads that are in `in_review` status with their corresponding PRs. If a PR has been merged, the bead is closed.
+
+## Prerequisites
+
+- Custom status `in_review` must be configured: `bd config set status.custom "in_review"`
+- Beads in `in_review` status should have a PR URL in their notes
+
+## Workflow
+
+### Step 1: Find beads in review
+
+```bash
+bd list --status=in_review
+```
+
+### Step 2: For each bead, check PR status
+
+1. **Get the PR URL from bead notes**:
+   ```bash
+   bd show [BEAD_ID] --json | jq -r '.[0].notes'
+   ```
+   Note: `bd show --json` returns an array, so use `.[0]` to access the first element.
+   Extract the PR URL (look for lines starting with "PR:" or containing pull request URLs).
+   Extract the PR number: `echo "$NOTES" | grep -oP '/pulls/\K\d+'`
+
+2. **Detect hosting provider**:
+   - Run `git remote get-url origin`
+   - If URL contains `github.com`, use `gh`; otherwise use `tea` (Gitea/Forgejo)
+
+3. **Check PR status**:
+   - For GitHub:
+     ```bash
+     gh pr view [PR_NUMBER] --json state,merged
+     ```
+   - For Gitea:
+     ```bash
+     tea pr list --state=closed
+     ```
+     Look for the PR number in the INDEX column with STATE "merged".
+     Note: `tea pr view [PR_NUMBER]` lists all PRs, not a specific one. Use `tea pr list --state=closed` and look for your PR number in the results.
+
+### Step 3: Close merged beads
+
+If the PR is merged:
+```bash
+bd close [BEAD_ID] --reason="PR merged: [PR_URL]"
+```
+
+### Step 4: Report summary
+
+Present results:
+
+```
+## Beads Reconciliation Summary
+
+### Closed (PR Merged)
+| Bead | PR | Title |
+|------|-----|-------|
+| beads-abc | #123 | Feature X |
+| beads-xyz | #456 | Bug fix Y |
+
+### Still in Review
+| Bead | PR | Status | Title |
+|------|-----|--------|-------|
+| beads-def | #789 | Open | Feature Z |
+
+### Issues Found
+- beads-ghi: No PR URL found in notes
+- beads-jkl: PR #999 not found (may have been deleted)
+```
+
+## Error Handling
+
+- **Missing PR URL**: Skip the bead and report it
+- **PR not found**: Report the error but continue with other beads
+- **API errors**: Report and continue
+
+## Notes
+
+- This skill complements `/parallel_beads` which sets beads to `in_review` status
+- Run this skill periodically or after merging PRs to keep beads in sync
+- Beads with closed (but not merged) PRs are not automatically closed - they may need rework

home/roles/emacs/default.nix

@@ -23,55 +23,90 @@ let
     if pkgs.stdenv.isDarwin
     then pkgs.emacs-macport.pkgs.withPackages emacsPackages
     else pkgs.emacs.pkgs.withPackages emacsPackages;
+
+  # Path to doom config directory (relative to this file)
+  doomConfigDir = ./doom;
 in
 {
   options.home.roles.emacs = {
     enable = mkEnableOption "Doom Emacs with vterm and tree-sitter support";
+
+    prebuiltDoom = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Use nix-doom-emacs-unstraightened to pre-build all Doom packages at
+        nix build time. This eliminates the need to run `doom sync` after
+        first boot, making it ideal for live USB images or immutable systems.
+
+        When enabled, the doom configuration is read-only (stored in nix store).
+      '';
+    };
   };
 
-  config = mkIf cfg.enable {
-    home.packages = [
-      pkgs.emacs-all-the-icons-fonts
-      pkgs.fira-code
-      pkgs.fontconfig
-      pkgs.graphviz
-      pkgs.isort
-      pkgs.nerd-fonts.fira-code
-      pkgs.nerd-fonts.droid-sans-mono
-      pkgs.nil # nix lsp language server
-      pkgs.nixfmt-rfc-style
-      (pkgs.ripgrep.override {withPCRE2 = true;})
-      pkgs.pipenv
-      pkgs.poetry
-      pkgs.python3
-    ];
+  config = mkIf cfg.enable (mkMerge [
+    # Common configuration for both modes
+    {
+      home.packages = [
+        pkgs.emacs-all-the-icons-fonts
+        pkgs.fira-code
+        pkgs.fontconfig
+        pkgs.graphviz
+        pkgs.isort
+        pkgs.nerd-fonts.fira-code
+        pkgs.nerd-fonts.droid-sans-mono
+        pkgs.nil # nix lsp language server
+        pkgs.nixfmt-rfc-style
+        (pkgs.ripgrep.override {withPCRE2 = true;})
+        pkgs.pipenv
+        pkgs.poetry
+        pkgs.python3
+      ];
 
-    programs.emacs = {
-      enable = true;
-      package = defaultEmacsPackage;
-    };
+      fonts.fontconfig.enable = true;
+    }
 
-    fonts.fontconfig.enable = true;
+    # Standard Doom Emacs mode (requires doom sync at runtime)
+    (mkIf (!cfg.prebuiltDoom) {
+      programs.emacs = {
+        enable = true;
+        package = defaultEmacsPackage;
+      };
 
-    # Mount emacs and tree-sitter grammars from nix store
-    home.file = {
-      "${config.xdg.configHome}/emacs".source = doomEmacs;
-    };
+      # Mount emacs and tree-sitter grammars from nix store
+      home.file = {
+        "${config.xdg.configHome}/emacs".source = doomEmacs;
+      };
 
-    home.sessionPath = [
-      "${config.xdg.configHome}/emacs/bin"
-    ];
+      home.sessionPath = [
+        "${config.xdg.configHome}/emacs/bin"
+      ];
 
-    home.sessionVariables = {
-      DOOMDIR = "${config.xdg.configHome}/doom";
-      DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
-    };
+      home.sessionVariables = {
+        DOOMDIR = "${config.xdg.configHome}/doom";
+        DOOMLOCALDIR = "${config.xdg.dataHome}/doom";
+      };
 
-    # TODO: Use mkOutOfStoreSymlink instead?
-    home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
-      # Always remove and recreate the symlink to ensure it points to the source directory
-      rm -rf "${config.xdg.configHome}/doom"
-      ln -sf "${config.home.homeDirectory}/nixos-configs/home/roles/emacs/doom" "${config.xdg.configHome}/doom"
-    '';
-  };
+      # TODO: Use mkOutOfStoreSymlink instead?
+      home.activation.doomConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
+        # Always remove and recreate the symlink to ensure it points to the source directory
+        rm -rf "${config.xdg.configHome}/doom"
+        ln -sf "${config.home.homeDirectory}/nixos-configs/home/roles/emacs/doom" "${config.xdg.configHome}/doom"
+      '';
+    })
+
+    # Pre-built Doom Emacs mode (no doom sync needed - ideal for live USB)
+    (mkIf cfg.prebuiltDoom {
+      programs.doom-emacs = {
+        enable = true;
+        doomDir = doomConfigDir;
+        doomLocalDir = "${config.xdg.dataHome}/doom";
+        # Add extra packages that aren't part of Doom but needed for our config
+        extraPackages = epkgs: [
+          epkgs.vterm
+          epkgs.treesit-grammars.with-all-grammars
+        ];
+      };
+    })
+  ]);
 }

home/roles/emacs/doom/packages.el

@@ -51,11 +51,21 @@
 
 ;; (package! org-caldav)
 
+;; Note: Packages with custom recipes must be pinned for nix-doom-emacs-unstraightened
+;; to build deterministically. Update pins when upgrading packages.
+
 (package! gptel :recipe (:nonrecursive t))
 
 (package! claude-code-ide
-  :recipe (:host github :repo "manzaltu/claude-code-ide.el"))
+  :recipe (:host github :repo "manzaltu/claude-code-ide.el")
+  :pin "760240d7f03ff16f90ede9d4f4243cd94f3fed73")
 
 (package! gptel-tool-library
   :recipe (:host github :repo "aard-fi/gptel-tool-library"
-           :files ("*.el")))
+           :files ("*.el"))
+  :pin "baffc3b0d74a2b7cbda0d5cd6dd7726d6ccaca83")
+
+(package! beads
+  :recipe (:type git :repo "https://codeberg.org/ctietze/beads.el.git"
+           :files ("lisp/*.el"))
+  :pin "f40a6461d3c0fa0969311bbb6a1e30d1bba86c88")

machines/john-endesktop/MIGRATION_PLAN.md

@@ -170,6 +170,7 @@ This document outlines the plan to migrate the john-endesktop server from Arch L
    ```bash
    blkid /dev/nvme0n1p5
    # Note the UUID for updating hardware-configuration.nix
+/dev/nvme0n1p5: LABEL="nixos" UUID="5f4ad025-bfab-4aed-a933-6638348059e5" UUID_SUB="4734d820-7b8a-4b7f-853a-026021c1d204" BLOCK_SIZE="4096" TYPE="btrfs" PARTLABEL="data" PARTUUID="9ea025df-cdb7-48fd-b5d4-37cd5d8588eb"
    ```
 
 8. **Copy your NixOS configuration to the server**
@@ -388,11 +389,11 @@ After successful migration and 24-48 hours of stable operation:
 
 Pre-migration:
 - [x] nvme0n1p5 removal from media pool complete
-- [ ] Recent backup verified (< 24 hours)
-- [ ] Maintenance window scheduled
-- [ ] NixOS ISO downloaded
-- [ ] Bootable USB created
-- [ ] NixOS config builds successfully
+- [x] Recent backup verified (< 24 hours)
+- [x] Maintenance window scheduled
+- [x] NixOS ISO downloaded
+- [x] Bootable USB created
+- [x] NixOS config builds successfully
 
 During migration:
 - [ ] ZFS pools exported

roles/common.nix

@@ -0,0 +1,35 @@
+# Common configuration shared between NixOS and Darwin
+{ lib, pkgs, ... }:
+
+{
+  config = {
+    time.timeZone = "America/Los_Angeles";
+
+    environment.systemPackages = with pkgs; [
+      git
+      glances
+      pciutils
+      tree
+      usbutils
+      vim
+    ];
+
+    nix = {
+      package = pkgs.nix;
+      settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        max-jobs = "auto";
+        trusted-users = [ "johno" ];
+        substituters = [
+        ];
+      };
+
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 10d";
+      };
+    };
+
+    nixpkgs.config.allowUnfree = true;
+  };
+}

roles/darwin.nix

@@ -7,6 +7,10 @@ let
   setEnvironmentPath = "${config.system.build.setEnvironment}";
 in
 {
+  imports = [
+    ./common.nix
+  ];
+
   config = {
     # Salt manages /etc/bashrc, /etc/zshrc, /etc/zshenv
     # nix-darwin writes to .local variants for nix-specific configuration
@@ -43,8 +47,6 @@ in
       fi
     '';
 
-    time.timeZone = "America/Los_Angeles";
-
     # System preferences
     system.defaults = {
       # Custom keyboard shortcuts
@@ -79,42 +81,5 @@ in
         };
       };
     };
-
-    environment.systemPackages = with pkgs; [
-      git
-      glances
-      pciutils
-      tree
-      usbutils
-      vim
-    ];
-
-    nix = {
-      package = pkgs.nix;
-      # distributedBuilds = true;
-      # buildMachines = [{
-      #   hostName = "z790prors.oglehome";
-      #   system = "x86_64-linux";
-      #   protocol = "ssh-ng";
-      #   sshUser = "johno";
-      #   sshKey = "/root/.ssh/id_ed25519";
-      #   maxJobs = 3;
-      #   speedFactor = 2;
-      # }];
-      settings = {
-        experimental-features = [ "nix-command" "flakes" ];
-        max-jobs = "auto";
-        trusted-users = [ "johno" ];
-        substituters = [
-        ];
-      };
-
-      gc = {
-        automatic = true;
-        options = "--delete-older-than 10d";
-      };
-    };
-
-    nixpkgs.config.allowUnfree = true;
   };
 }

roles/default.nix

@@ -4,6 +4,7 @@ with lib;
 
 {
   imports = [
+    ./common.nix
     ./audio
     ./bluetooth
     ./btrfs
@@ -31,7 +32,6 @@ with lib;
       LC_TELEPHONE = "en_US.UTF-8";
       LC_TIME = "en_US.UTF-8";
     };
-    time.timeZone = "America/Los_Angeles";
 
     services.xserver.xkb = {
       layout = "us";
@@ -49,42 +49,7 @@ with lib;
     # Enable the OpenSSH daemon.
     services.openssh.enable = true;
 
-    environment.systemPackages = with pkgs; [
-      git
-      glances
-      pciutils
-      tree
-      usbutils
-      vim
-    ];
-
-    nix = {
-      package = pkgs.nix;
-      # distributedBuilds = true;
-      # buildMachines = [{
-      #   hostName = "z790prors.oglehome";
-      #   system = "x86_64-linux";
-      #   protocol = "ssh-ng";
-      #   sshUser = "johno";
-      #   sshKey = "/root/.ssh/id_ed25519";
-      #   maxJobs = 3;
-      #   speedFactor = 2;
-      # }];
-      settings = {
-        experimental-features = [ "nix-command" "flakes" ];
-        max-jobs = "auto";
-        trusted-users = [ "johno" ];
-        substituters = [
-        ];
-      };
-
-      gc = {
-        automatic = true;
-        randomizedDelaySec = "14m";
-        options = "--delete-older-than 10d";
-      };
-    };
-
-    nixpkgs.config.allowUnfree = true;
+    # NixOS-specific gc option (not available on Darwin)
+    nix.gc.randomizedDelaySec = "14m";
   };
 }