cleanup

configuration.nix

@@ -107,6 +107,7 @@
 
   system.activationScripts = {
     # extract all my secureboot keys
+    # TODO! awful secrets management, it's globally readable in /nix/store
     "secureboot-keys".text = ''
       #!/bin/sh
       rm -fr ${config.boot.lanzaboote.pkiBundle} || true
@@ -216,7 +217,7 @@
     {
       description = "disable rgb";
       serviceConfig = {
-        ExecStart = "${lib.getExe no-rgb}";
+        ExecStart = lib.getExe no-rgb;
         Type = "oneshot";
       };
       wantedBy = [ "multi-user.target" ];
@@ -268,7 +269,7 @@
     # };
   };
 
-  users.groups.${service_configs.torrent_group} = { };
+  users.groups.${service_configs.media_group} = { };
 
   users.users.${username} = {
     isNormalUser = true;
@@ -276,10 +277,11 @@
       "wheel"
       "video"
       "render"
-      service_configs.torrent_group
+      service_configs.media_group
     ];
 
-    hashedPasswordFile = builtins.toString ./secrets/hashedPass;
+    # TODO! use proper secrets management
+    # hashedPasswordFile = builtins.toString ./secrets/hashedPass;
 
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop