use switch-to-configuration-ng and nixos-rebuild-ng

migrate secureboot key /etc/secureboot -> /var/lib/sbctl

hardware.pulseaudio -> services.pulseaudio

enable machine-learning for immich

hosts/gerg-desktop/boot.nix

@@ -23,6 +23,9 @@ in
       reboot
     '')
   ];
+  systemd.tmpfiles.rules = [
+    "L+ /var/lib/sbctl  - - - - /persist/secureboot"
+  ];
 
   boot = {
     initrd = {
@@ -58,7 +61,7 @@ in
 
     lanzaboote = {
       enable = true;
-      pkiBundle = "/etc/secureboot";
+      pkiBundle = "/var/lib/sbctl";
       configurationLimit = 10;
       package = lib.mkForce (
         pkgs.writeShellApplication {

hosts/gerg-desktop/services/immich.nix

@@ -9,7 +9,7 @@
       createDB = true;
     };
     mediaLocation = "/persist/services/immich";
-    machine-learning.enable = false;
+    machine-learning.enable = true;
     settings = null;
     port = 2283;
     host = "0.0.0.0";

hosts/gerg-desktop/zfs.nix

@@ -6,9 +6,7 @@
 {
   #link some stuff
   systemd.tmpfiles.rules = [
-
     "L+ /etc/zfs/zpool.cache - - - - /persist/zfs/zpool.cache"
-    "L+ /etc/secureboot - - - - /persist/secureboot"
     "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
     "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
     "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"

modules/hardware.nix

@@ -16,8 +16,9 @@ in
     })
     (lib.mkIf (!cfg.sound.disable) {
       security.rtkit.enable = true;
-      hardware.pulseaudio.enable = lib.mkForce false; # disable pulseAudio
+      services = {
-      services.pipewire = {
+        pulseaudio.enable = lib.mkForce false; # disable pulseAudio
+        pipewire = {
           enable = true;
           alsa = {
             enable = true;
@@ -26,6 +27,7 @@ in
           pulse.enable = true;
           jack.enable = false;
         };
+      };
     })
 
     {

modules/misc.nix

@@ -11,24 +11,20 @@
   };
 
   config = {
+
     nixpkgs.config = {
       allowAliases = false;
       allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
     };
 
-    programs.git.enable = true;
+    local.packages = {
-    # Mr sandro why
-    services.libinput.enable = true;
-    programs.nano.enable = false;
-
-    environment.defaultPackages = lib.mkForce (
-      builtins.attrValues {
       inherit (pkgs)
         bottom # view tasks
         efibootmgr # efi editor
         nix-output-monitor # nom nom nom nom;
         nix-tree # view packages
         pciutils # lspci
+        nixos-rebuild-ng
         ;
       nix-janitor = pkgs.symlinkJoin {
         name = "nix-janitor";
@@ -39,8 +35,15 @@
           --suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
         '';
       };
-      }
+
-    );
+    };
+
+    programs.git.enable = true;
+    # Mr sandro why
+    services.libinput.enable = true;
+    programs.nano.enable = false;
+
+    environment.defaultPackages = lib.mkForce [ ];
 
     #enable ssh
     programs.mtr.enable = true; # ping and traceroute
@@ -78,5 +81,7 @@
     documentation.nixos.enable = false;
     # Useless with flakes (without configuring)
     programs.command-not-found.enable = false;
+
+    system.switch.enableNg = true;
   };
 }