add comment regarding password-hash

etcnixos/common.nix

@@ -44,6 +44,17 @@
       #!/bin/sh
       mkdir -p /nix/var/nix/profiles/per-user/root/channels
     '';
+
+    # extract all my secureboot keys
+    # TODO! proper secrets management
+    "secureboot-keys".text = ''
+      #!/usr/bin/env sh
+      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
+      mkdir -p ${config.boot.lanzaboote.pkiBundle}
+      ${lib.getExe pkgs.gnutar} xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
+      chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
+      chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
+    '';
   };
 
   swapDevices = [ ];
@@ -59,19 +70,6 @@
     ];
   };
 
-  system.activationScripts = {
-    # extract all my secureboot keys
-    # TODO! proper secrets management
-    "secureboot-keys".text = ''
-      #!/usr/bin/env sh
-      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
-      mkdir -p ${config.boot.lanzaboote.pkiBundle}
-      ${lib.getExe pkgs.gnutar} xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
-      chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
-      chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
-    '';
-  };
-
   # kernel options
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
@@ -147,6 +145,9 @@
 
     # Making sure mullvad works on boot
     mullvad-vpn.enable = true;
+
+    # power statistics
+    upower.enable = true;
   };
 
   # EST
@@ -201,6 +202,7 @@
       "camera"
       "adbusers"
     ];
+    # TODO! this is really bad :( I should really figure out how to do proper secrets management
     hashedPasswordFile = "${./secrets/password-hash}";
   };