From 9e545950f5038ee03d9d599fdf338dc95c55793f Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sat, 6 Jan 2024 00:10:02 +0100
Subject: [PATCH] shinobu/wlan: Drop

It was not used anyway.
---
 machines/shinobu/services/router/default.nix |  1 -
 machines/shinobu/services/router/wlan.nix    | 65 --------------------
 2 files changed, 66 deletions(-)
 delete mode 100644 machines/shinobu/services/router/wlan.nix

diff --git a/machines/shinobu/services/router/default.nix b/machines/shinobu/services/router/default.nix
index 0e2e368..cc5446e 100644
--- a/machines/shinobu/services/router/default.nix
+++ b/machines/shinobu/services/router/default.nix
@@ -30,7 +30,6 @@ in
     ./dnsmasq.nix
     ./nft.nix
     ./tc.nix
-    #./wlan.nix
   ];
 
   boot.kernel.sysctl = {
diff --git a/machines/shinobu/services/router/wlan.nix b/machines/shinobu/services/router/wlan.nix
deleted file mode 100644
index fca5126..0000000
--- a/machines/shinobu/services/router/wlan.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ config, pkgs, ... }:
-{
-  sops.secrets.hostapd-config = {
-    sopsFile = ../../secrets.yaml;
-  };
-
-  # The service is mostly taken from nixpkgs pr 222536.
-  systemd.services.hostapd = {
-    path = with pkgs; [ hostapd ];
-    after = [ "sys-subsystem-net-devices-wlp5s0.device" ];
-    bindsTo = [ "sys-subsystem-net-devices-wlp5s0.device" ];
-    wantedBy = [ "multi-user.target" ];
-
-    serviceConfig = {
-      ExecStart = "${pkgs.hostapd}/bin/hostapd ${config.sops.secrets.hostapd-config.path}";
-      Restart = "always";
-      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-      RuntimeDirectory = "hostapd";
-
-      # Hardening
-      LockPersonality = true;
-      MemoryDenyWriteExecute = true;
-      DevicePolicy = "closed";
-      DeviceAllow = "/dev/rfkill rw";
-      NoNewPrivileges = true;
-      PrivateUsers = false; # hostapd requires true root access.
-      PrivateTmp = true;
-      ProtectClock = true;
-      ProtectControlGroups = true;
-      ProtectHome = true;
-      ProtectHostname = true;
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      ProcSubset = "pid";
-      ProtectSystem = "strict";
-      RestrictAddressFamilies = [
-        "AF_INET"
-        "AF_INET6"
-        "AF_NETLINK"
-        "AF_UNIX"
-      ];
-      RestrictNamespaces = true;
-      RestrictRealtime = true;
-      RestrictSUIDSGID = true;
-      SystemCallArchitectures = "native";
-      SystemCallFilter = [
-        "@system-service"
-        "~@privileged"
-        "@chown"
-      ];
-      UMask = "0077";
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    iw
-    wirelesstools
-  ];
-
-
-  # Wireless
-  boot.kernelModules = [ "nl80211" ];
-}