diff --git a/mod-seafile-server.nix b/mod-seafile-server.nix
index 1f97b94..5eb9dea 100644
--- a/mod-seafile-server.nix
+++ b/mod-seafile-server.nix
@@ -6,36 +6,6 @@ let
     (generators.toINI {} cfg.seafileSettings);
   ccnetConfigFile = pkgs.writeText "ccnet.conf"
     (generators.toINI {} cfg.ccnetSettings);
-  gunicornConfigFile = pkgs.writeText "gunicorn.conf.py"
-    ''
-      import os
-      daemon = True
-      workers = 5
-      # default localhost:8000
-      bind = "127.0.0.1:8000"
-      # Pid
-      pids_dir = '${cfg.storagePath}/pids'
-      pidfile = os.path.join(pids_dir, 'seahub.pid')
-      # for file upload, we need a longer timeout value (default is only 30s, too short)
-      timeout = 1200
-      limit_request_line = 8190
-    '';
-  seahubConfigFile = pkgs.writeText "seahub_settings.py"
-    ''
-      SECRET_KEY = #seckey#
-
-      DATABASES = {
-          'default': {
-              'ENGINE': 'django.db.backends.${if cfg.db.type == "mysql" then
-                "mysql" else abort "invalid db type"}',
-              'NAME': '${cfg.db.dbnameSeahub}',
-              'USER': '${cfg.db.user}',
-              'PASSWORD': '#dbpass#',
-              'HOST': '${cfg.db.host}',
-              'PORT': '${toString cfg.db.port}'
-          }
-      }
-    '';
   # fix permissions at start
 in
   {
@@ -279,7 +249,7 @@ in
           tmpfiles.rules = [
             "d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
             "d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -"
-            "d ${cfg.storagePath}/pids 0710 ${cfg.user} ${cfg.group} -"
+            "d ${cfg.storagePath}/home 0710 ${cfg.user} ${cfg.group} -"
           ];
           services.seafile-server = {
 
@@ -302,27 +272,20 @@ in
                 # move config templates from nix store
                 cp ${ccnetConfigFile} ./conf/ccnet.conf
                 cp ${seafileConfigFile} ./conf/seafile.conf
-                cp ${gunicornConfigFile} ./conf/gunicorn.conf.py
-                cp ${seahubConfigFile} ./conf/seahub_settings.py
-
-                # seahub secret key
-                if [ ! -e .seahubSecret ]; then
-                    ${pkgs.seafile-server.pythonEnv}/bin/python ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
-                    chmod 400 .seahubSecret
-                fi
-                SEAHUB_SECRET="$(head -n1 .seahubSecret)"
-                # TODO: check for special characters needing to be escaped
-                sed -e "s,#seckey#,$SEAHUB_SECRET,g" -i ./conf/seahub_settings.py
-
                 # replace placeholder secrets with real secret read from file
-                #TODO: unset -x to prevent DBPASS from being leaked in journal
                 ${if !(isNull cfg.db.passwordFile) then ''
                   DBPASS="$(head -n1 ${toString cfg.db.passwordFile})"
-                  sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf ./conf/seahub_settings.py
+                  sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf
                   ''
                   else ""
                 }
 
+                # seahub secret key
+                if [ -e .seahubSecret ]; then
+                    ${pkgs.seafile-server.pythonEnv} ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
+                    chmod 400 .seahubSecret
+                fi
+
                 
                 # initialise db and other things needed at first run
                 if [ -e .initialised ]; then