From 4309d887dab9075704f99f5f8bc3e0c88a01a719 Mon Sep 17 00:00:00 2001 From: Colin Date: Wed, 29 May 2024 09:33:25 +0000 Subject: [PATCH] wpa_supplicant: remove unused services --- hosts/common/programs/networkmanager.nix | 2 +- hosts/common/programs/wpa_supplicant.nix | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/common/programs/networkmanager.nix b/hosts/common/programs/networkmanager.nix index 5a7b0156..982c9d7f 100644 --- a/hosts/common/programs/networkmanager.nix +++ b/hosts/common/programs/networkmanager.nix @@ -72,7 +72,7 @@ in # "CAP_DAC_OVERRIDE" "CAP_NET_ADMIN" "CAP_NET_RAW" - "CAP_NET_BIND_SERVICE" #< TODO: is this needed? why? (DNS?) + "CAP_NET_BIND_SERVICE" #< this *does* seem to be necessary, though i don't understand why. DHCP? # "CAP_SYS_MODULE" "CAP_AUDIT_WRITE" #< allow writing to the audit log # "CAP_KILL" diff --git a/hosts/common/programs/wpa_supplicant.nix b/hosts/common/programs/wpa_supplicant.nix index a7331c9f..b395c195 100644 --- a/hosts/common/programs/wpa_supplicant.nix +++ b/hosts/common/programs/wpa_supplicant.nix @@ -17,6 +17,10 @@ in postInstall = upstream.postInstall + '' substituteInPlace $out/share/dbus-1/system-services/* --replace-fail \ "$out$out" "$out" + '' + # remove unused services to avoid unexpected interactions + + '' + rm $out/etc/systemd/system/{wpa_supplicant-nl80211@,wpa_supplicant-wired@,wpa_supplicant@}.service ''; }); # sandbox.enable = false; #< TODO: re-enable