cleanup

configuration.nix

@@ -107,6 +107,7 @@
 
   system.activationScripts = {
     # extract all my secureboot keys
+    # TODO! awful secrets management, it's globally readable in /nix/store
     "secureboot-keys".text = ''
       #!/bin/sh
       rm -fr ${config.boot.lanzaboote.pkiBundle} || true
@@ -216,7 +217,7 @@
     {
       description = "disable rgb";
       serviceConfig = {
-        ExecStart = "${lib.getExe no-rgb}";
+        ExecStart = lib.getExe no-rgb;
         Type = "oneshot";
       };
       wantedBy = [ "multi-user.target" ];
@@ -268,7 +269,7 @@
     # };
   };
 
-  users.groups.${service_configs.torrent_group} = { };
+  users.groups.${service_configs.media_group} = { };
 
   users.users.${username} = {
     isNormalUser = true;
@@ -276,10 +277,11 @@
       "wheel"
       "video"
       "render"
-      service_configs.torrent_group
+      service_configs.media_group
     ];
 
-    hashedPasswordFile = builtins.toString ./secrets/hashedPass;
+    # TODO! use proper secrets management
+    # hashedPasswordFile = builtins.toString ./secrets/hashedPass;
 
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop

flake.nix

@@ -70,7 +70,7 @@
         torrents_path = "/torrents";
         services_dir = "/${zpool_ssds}/services";
         music_dir = "/${zpool_ssds}/music";
-        torrent_group = "media";
+        media_group = "media";
 
         ports = {
           https = 443;
@@ -148,16 +148,15 @@
     in
     {
       formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
-      nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem {
+      nixosConfigurations.${hostname} = lib.nixosSystem {
         inherit system;
-        specialArgs = rec {
+        specialArgs = {
           inherit
             username
             hostname
             eth_interface
             service_configs
             inputs
-            lib
             ;
         };
         modules = [

home.nix

@@ -1,36 +1,32 @@
 {
   pkgs,
   username,
-  stateVersion,
+  lib,
   ...
 }:
 {
   home.stateVersion = "24.11";
-  programs.fish =
-    let
-      eza = "${pkgs.eza}/bin/eza --color=always --group-directories-first";
-      coreutils = "${pkgs.coreutils}/bin";
-    in
-    {
-      enable = true;
+  programs.fish = {
+    enable = true;
 
-      interactiveShellInit = ''
-        #disable greeting
-        set fish_greeting
+    interactiveShellInit = ''
+      # disable greeting
+      set fish_greeting
 
-        #fixes gnupg password entry
-        export GPG_TTY=(${coreutils}/tty)
+      # pfetch on shell start (disable pkgs because of execution time)
+      PF_INFO="ascii title os host kernel uptime memory editor wm" ${lib.getExe pkgs.pfetch-rs}
+    '';
 
-        #pfetch on shell start (disable pkgs because of execution time)
-        PF_INFO="ascii title os host kernel uptime memory editor wm" ${pkgs.pfetch-rs}/bin/pfetch
-      '';
-
-      shellAliases = {
+    shellAliases =
+      let
+        eza = "${lib.getExe pkgs.eza} --color=always --group-directories-first";
+      in
+      {
         # from DistroTube's dot files: Changing "ls" to "eza"
         ls = "${eza} -al";
         la = "${eza} -a";
         ll = "${eza} -l";
         lt = "${eza} -aT";
       };
-    };
+  };
 }

services/jellyfin.nix

@@ -20,8 +20,7 @@
     openFirewall = true;
     package = pkgs.jellyfin.override { jellyfin-ffmpeg = (lib.optimizePackage pkgs.jellyfin-ffmpeg); };
 
-    dataDir = service_configs.jellyfin.dataDir;
-    cacheDir = service_configs.jellyfin.cacheDir;
+    inherit (service_configs.jellyfin) dataDir cacheDir;
   };
 
   services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = ''
@@ -39,8 +38,7 @@
   users.users.${config.services.jellyfin.user}.extraGroups = [
     "video"
     "render"
-    service_configs.torrent_group
-    "media"
+    service_configs.media_group
   ];
 
   users.users.${username}.extraGroups = [

services/qbittorrent.nix

@@ -215,8 +215,8 @@
   };
 
   systemd.tmpfiles.rules = [
-    "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.torrent_group}"
-    "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.torrent_group}"
+    "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
+    "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
   ];
 
   # make qbittorrent use a vpn
@@ -231,11 +231,6 @@
   '';
 
   users.users.${config.services.qbittorrent.user}.extraGroups = [
-    service_configs.torrent_group
+    service_configs.media_group
   ];
-
-  users.users.${username}.extraGroups = [
-    config.services.qbittorrent.group
-  ];
-
 }