use switch-to-configuration-ng and nixos-rebuild-ng

migrate secureboot key /etc/secureboot -> /var/lib/sbctl

hardware.pulseaudio -> services.pulseaudio

enable machine-learning for immich

hosts/gerg-desktop/boot.nix

@@ -23,6 +23,9 @@ in
       reboot
     '')
   ];
+  systemd.tmpfiles.rules = [
+    "L+ /var/lib/sbctl  - - - - /persist/secureboot"
+  ];
 
   boot = {
     initrd = {
@@ -58,7 +61,7 @@ in
 
     lanzaboote = {
       enable = true;
-      pkiBundle = "/etc/secureboot";
+      pkiBundle = "/var/lib/sbctl";
       configurationLimit = 10;
       package = lib.mkForce (
         pkgs.writeShellApplication {

hosts/gerg-desktop/services/immich.nix

@@ -9,7 +9,7 @@
       createDB = true;
     };
     mediaLocation = "/persist/services/immich";
-    machine-learning.enable = false;
+    machine-learning.enable = true;
     settings = null;
     port = 2283;
     host = "0.0.0.0";

hosts/gerg-desktop/zfs.nix

@@ -6,9 +6,7 @@
 {
   #link some stuff
   systemd.tmpfiles.rules = [
-
     "L+ /etc/zfs/zpool.cache - - - - /persist/zfs/zpool.cache"
-    "L+ /etc/secureboot - - - - /persist/secureboot"
     "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
     "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
     "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"

modules/hardware.nix

@@ -16,15 +16,17 @@ in
     })
     (lib.mkIf (!cfg.sound.disable) {
       security.rtkit.enable = true;
-      hardware.pulseaudio.enable = lib.mkForce false; # disable pulseAudio
-      services.pipewire = {
-        enable = true;
-        alsa = {
+      services = {
+        pulseaudio.enable = lib.mkForce false; # disable pulseAudio
+        pipewire = {
           enable = true;
-          support32Bit = true;
+          alsa = {
+            enable = true;
+            support32Bit = true;
+          };
+          pulse.enable = true;
+          jack.enable = false;
         };
-        pulse.enable = true;
-        jack.enable = false;
       };
     })
 

modules/misc.nix

@@ -11,36 +11,39 @@
   };
 
   config = {
+
     nixpkgs.config = {
       allowAliases = false;
       allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
     };
 
+    local.packages = {
+      inherit (pkgs)
+        bottom # view tasks
+        efibootmgr # efi editor
+        nix-output-monitor # nom nom nom nom;
+        nix-tree # view packages
+        pciutils # lspci
+        nixos-rebuild-ng
+        ;
+      nix-janitor = pkgs.symlinkJoin {
+        name = "nix-janitor";
+        paths = [ nix-janitor.packages.default ];
+        nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
+        postBuild = ''
+          wrapProgram "$out/bin/janitor" \
+          --suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
+        '';
+      };
+
+    };
+
     programs.git.enable = true;
     # Mr sandro why
     services.libinput.enable = true;
     programs.nano.enable = false;
 
-    environment.defaultPackages = lib.mkForce (
-      builtins.attrValues {
-        inherit (pkgs)
-          bottom # view tasks
-          efibootmgr # efi editor
-          nix-output-monitor # nom nom nom nom;
-          nix-tree # view packages
-          pciutils # lspci
-          ;
-        nix-janitor = pkgs.symlinkJoin {
-          name = "nix-janitor";
-          paths = [ nix-janitor.packages.default ];
-          nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
-          postBuild = ''
-            wrapProgram "$out/bin/janitor" \
-            --suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
-          '';
-        };
-      }
-    );
+    environment.defaultPackages = lib.mkForce [ ];
 
     #enable ssh
     programs.mtr.enable = true; # ping and traceroute
@@ -78,5 +81,7 @@
     documentation.nixos.enable = false;
     # Useless with flakes (without configuring)
     programs.command-not-found.enable = false;
+
+    system.switch.enableNg = true;
   };
 }