From 6d187cd057d3d5073e5334d2657c4d2006d3da3b Mon Sep 17 00:00:00 2001
From: Gerg-L <GregLeyda@proton.me>
Date: Mon, 13 Jan 2025 18:58:15 -0500
Subject: [PATCH] use switch-to-configuration-ng and nixos-rebuild-ng

migrate secureboot key /etc/secureboot -> /var/lib/sbctl

hardware.pulseaudio -> services.pulseaudio

enable machine-learning for immich
---
 hosts/gerg-desktop/boot.nix            |  5 ++-
 hosts/gerg-desktop/services/immich.nix |  2 +-
 hosts/gerg-desktop/zfs.nix             |  2 --
 modules/hardware.nix                   | 16 +++++----
 modules/misc.nix                       | 45 ++++++++++++++------------
 5 files changed, 39 insertions(+), 31 deletions(-)

diff --git a/hosts/gerg-desktop/boot.nix b/hosts/gerg-desktop/boot.nix
index 51cc1aa..4a7153b 100644
--- a/hosts/gerg-desktop/boot.nix
+++ b/hosts/gerg-desktop/boot.nix
@@ -23,6 +23,9 @@ in
       reboot
     '')
   ];
+  systemd.tmpfiles.rules = [
+    "L+ /var/lib/sbctl  - - - - /persist/secureboot"
+  ];
 
   boot = {
     initrd = {
@@ -58,7 +61,7 @@ in
 
     lanzaboote = {
       enable = true;
-      pkiBundle = "/etc/secureboot";
+      pkiBundle = "/var/lib/sbctl";
       configurationLimit = 10;
       package = lib.mkForce (
         pkgs.writeShellApplication {
diff --git a/hosts/gerg-desktop/services/immich.nix b/hosts/gerg-desktop/services/immich.nix
index 6e5ce16..a0e4c90 100644
--- a/hosts/gerg-desktop/services/immich.nix
+++ b/hosts/gerg-desktop/services/immich.nix
@@ -9,7 +9,7 @@
       createDB = true;
     };
     mediaLocation = "/persist/services/immich";
-    machine-learning.enable = false;
+    machine-learning.enable = true;
     settings = null;
     port = 2283;
     host = "0.0.0.0";
diff --git a/hosts/gerg-desktop/zfs.nix b/hosts/gerg-desktop/zfs.nix
index 8cdd6cc..47fbcc5 100644
--- a/hosts/gerg-desktop/zfs.nix
+++ b/hosts/gerg-desktop/zfs.nix
@@ -6,9 +6,7 @@
 {
   #link some stuff
   systemd.tmpfiles.rules = [
-
     "L+ /etc/zfs/zpool.cache - - - - /persist/zfs/zpool.cache"
-    "L+ /etc/secureboot - - - - /persist/secureboot"
     "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
     "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
     "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"
diff --git a/modules/hardware.nix b/modules/hardware.nix
index cc8a20e..fe2f8cf 100644
--- a/modules/hardware.nix
+++ b/modules/hardware.nix
@@ -16,15 +16,17 @@ in
     })
     (lib.mkIf (!cfg.sound.disable) {
       security.rtkit.enable = true;
-      hardware.pulseaudio.enable = lib.mkForce false; # disable pulseAudio
-      services.pipewire = {
-        enable = true;
-        alsa = {
+      services = {
+        pulseaudio.enable = lib.mkForce false; # disable pulseAudio
+        pipewire = {
           enable = true;
-          support32Bit = true;
+          alsa = {
+            enable = true;
+            support32Bit = true;
+          };
+          pulse.enable = true;
+          jack.enable = false;
         };
-        pulse.enable = true;
-        jack.enable = false;
       };
     })
 
diff --git a/modules/misc.nix b/modules/misc.nix
index 0372f33..d0188cb 100644
--- a/modules/misc.nix
+++ b/modules/misc.nix
@@ -11,36 +11,39 @@
   };
 
   config = {
+
     nixpkgs.config = {
       allowAliases = false;
       allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
     };
 
+    local.packages = {
+      inherit (pkgs)
+        bottom # view tasks
+        efibootmgr # efi editor
+        nix-output-monitor # nom nom nom nom;
+        nix-tree # view packages
+        pciutils # lspci
+        nixos-rebuild-ng
+        ;
+      nix-janitor = pkgs.symlinkJoin {
+        name = "nix-janitor";
+        paths = [ nix-janitor.packages.default ];
+        nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
+        postBuild = ''
+          wrapProgram "$out/bin/janitor" \
+          --suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
+        '';
+      };
+
+    };
+
     programs.git.enable = true;
     # Mr sandro why
     services.libinput.enable = true;
     programs.nano.enable = false;
 
-    environment.defaultPackages = lib.mkForce (
-      builtins.attrValues {
-        inherit (pkgs)
-          bottom # view tasks
-          efibootmgr # efi editor
-          nix-output-monitor # nom nom nom nom;
-          nix-tree # view packages
-          pciutils # lspci
-          ;
-        nix-janitor = pkgs.symlinkJoin {
-          name = "nix-janitor";
-          paths = [ nix-janitor.packages.default ];
-          nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
-          postBuild = ''
-            wrapProgram "$out/bin/janitor" \
-            --suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
-          '';
-        };
-      }
-    );
+    environment.defaultPackages = lib.mkForce [ ];
 
     #enable ssh
     programs.mtr.enable = true; # ping and traceroute
@@ -78,5 +81,7 @@
     documentation.nixos.enable = false;
     # Useless with flakes (without configuring)
     programs.command-not-found.enable = false;
+
+    system.switch.enableNg = true;
   };
 }