use switch-to-configuration-ng and nixos-rebuild-ng

migrate secureboot key /etc/secureboot -> /var/lib/sbctl

hardware.pulseaudio -> services.pulseaudio

enable machine-learning for immich

hosts/gerg-desktop/boot.nix

@@ -23,6 +23,9 @@ in
       reboot
     '')
   ];
+  systemd.tmpfiles.rules = [
+    "L+ /var/lib/sbctl  - - - - /persist/secureboot"
+  ];
 
   boot = {
     initrd = {
@@ -58,7 +61,7 @@ in
 
     lanzaboote = {
       enable = true;
-      pkiBundle = "/etc/secureboot";
+      pkiBundle = "/var/lib/sbctl";
       configurationLimit = 10;
       package = lib.mkForce (
         pkgs.writeShellApplication {

hosts/gerg-desktop/services/immich.nix

@@ -9,7 +9,7 @@
       createDB = true;
     };
     mediaLocation = "/persist/services/immich";
-    machine-learning.enable = false;
+    machine-learning.enable = true;
     settings = null;
     port = 2283;
     host = "0.0.0.0";

hosts/gerg-desktop/zfs.nix

@@ -6,9 +6,7 @@
 {
   #link some stuff
   systemd.tmpfiles.rules = [
-
     "L+ /etc/zfs/zpool.cache - - - - /persist/zfs/zpool.cache"
-    "L+ /etc/secureboot - - - - /persist/secureboot"
     "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
     "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
     "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"