Update the database configuration to the current architecture.

nix-system-configs/modules/desktop-manager/gnome.nix

@@ -4,7 +4,49 @@
   lib,
   ...
 }: {
+  # Enable the X11 windowing system.
   services.xserver.enable = true;
+
+  # Enable the GNOME Desktop Environment.
   services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome3.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Install firefox.
+  programs.firefox.enable = true;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
 }

nix-system-configs/modules/secrets-config/sops-database.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = let
+    # replace this with an actual commit id or tag
+    commit = "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c";
+  in [
+    "${builtins.fetchTarball {
+      url = "https://github.com/Mic92/sops-nix/archive/${commit}.tar.gz";
+      # replace this with an actual hash
+      sha256 = "ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=";
+    }}/modules/sops"
+  ];
+
+  # This will add secrets.yml to the nix store
+  # You can avoid this by adding a string to the full path instead, i.e.
+  # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
+  sops.defaultSopsFile = ../../secrets/songsheet/secrets.yaml;
+  # This will automatically import SSH keys as age keys
+  sops.age.sshKeyPaths = ["/home/songsheetprg/.ssh/id_ed25519.pub"];
+  # This is using an age key that is expected to already be in the filesystem
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  # This will generate a new key if the key specified above does not exist
+  sops.age.generateKey = true;
+}

nix-system-configs/modules/system/compose-songsheet.nix

@@ -38,7 +38,7 @@
     #
     ## Compose modules for Portainer service
     ./modules/songsheet/wavelog/docker-compose.nix
-    ./modules/secrets-config/sops-nix.nix
+    ./modules/secrets-config/sops-composesongsheet.nix
   ];
 
   config = {

nix-system-configs/modules/system/database.nix

@@ -0,0 +1,100 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  options.local = {
+    hostname = lib.mkOption {
+      type = lib.types.str;
+      default = "nixos-default";
+      description = "System hostname";
+    };
+    username = lib.mkOption {
+      type = lib.types.str;
+      default = "user";
+      description = "Primary user username";
+    };
+    userDescription = lib.mkOption {
+      type = lib.types.str;
+      default = "NixOS User";
+      description = "Primary user description";
+    };
+    address = lib.mkOption {
+      type = lib.types.str;
+      default = "10.1.1.100";
+      description = "Static IP address";
+    };
+  };
+
+  imports = [
+    ./modules/desktop-manager/gnome.nix
+    ./modules/local/hostname_username.nix
+    ./modules/local/networking_local.nix
+    ./modules/lix-default.nix
+    ./modules/secrets-config/sops-database.nix
+    ./hardware-configuration.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  config = {
+    local.hostname = "nixosdd";
+    local.username = "nixosdd";
+    local.userDescription = "NixOS Dedicated Database";
+    local.address = "10.1.1.251";
+
+    networking.firewall.allowedTCPPorts = [
+      5432 # PostgreSQL
+      3306 # MariaDB/MySQL
+    ];
+    networking.firewall.allowedUDPPorts = [
+      5432 # PostgreSQL
+      3306 # MariaDB/MySQL
+    ];
+
+    # List services that you want to enable:
+
+    # Enable PostgreSQL
+    services.postgresql = {
+      enable = true;
+      enableTCPIP = true;
+      ensureDatabases = ["forgejo" "part_db_database"];
+      settings = {
+        listen_addresses = "*";
+      };
+      authentication = pkgs.lib.mkOverride 10 ''
+        local   all             all                                 trust
+        host    all             all             10.1.1.4/32         scram-sha-256
+        host    all             all             10.1.1.249/32       scram-sha-256
+        host    all             all             127.0.0.1/32        trust
+        host    all             all             ::1/128             trust
+      '';
+    };
+
+    # Enable MariaDB
+    services.mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+    };
+
+    # Enable Tailscale
+    services.tailscale.enable = true;
+
+    # List packages installed in system profile. To search, run:
+    # $ nix search wget
+    environment.systemPackages = with pkgs; [
+      #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+      wget
+      helix
+      fastfetch
+      hyfetch
+      pgadmin4
+      google-cloud-sdk
+    ];
+
+    system.stateVersion = "25.11";
+  };
+}