Fix tpm-luks-enroll example

Read password from password environment variable and unset it
afterwards.

pc_fedora.md

@@ -229,10 +229,16 @@ Create a function in ~./bashrc.d/cryptenroll.sh:
 
 ```bash
 function tpm-luks-enroll {
-	sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme1n1p3
+    read -s -p "Password: " PASSWORD
+    export PASSWORD=$PASSWORD
+    sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme1n1p3
+    unset password
 }
 function tpm-luks-reenroll {
-	sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme1n1p3
+    read -s -p "Password: " PASSWORD
+    export PASSWORD=$PASSWORD
+    sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme1n1p3
+    unset password
 }
 ```
 
@@ -259,6 +265,21 @@ tpm-luks-reenroll
 
 Reboot.
 
+Or you can create a systemd service which does the reenroll automatically:
+
+```conf
+[Unit]
+Description=Automatically runs systemd-cryptenroll on login
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme0n1p3
+Environment=PASSWORD=<password>
+
+[Install]
+WantedBy=multi-user.target
+```
+
 ## RDP with autologin
 
 https://askubuntu.com/questions/1396745/21-10-make-screen-share-password-permanent
@@ -449,3 +470,14 @@ Icon=/home/ducoterra/.icons/firefox.svg
 Type=Application
 Categories=Browser;
 ```
+
+## Install ffmpegthumbnailer, remove totem
+
+totem-thumbnailer crashes all the time and isn't as good as ffmpeg's thumbnailer.
+What's more, totem video player ("Videos" by default on gnome) is not as good as vlc
+and doesn't work very well for anything more than basic video playback.
+
+```bash
+sudo dnf remove totem
+sudo dnf install ffmpegthumbnailer
+```