From f391e467c2cef1b863def78484512bf26e04c93b Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Thu, 29 Jun 2023 10:58:18 +0000
Subject: [PATCH] networkmanager: remove the default plugins

---
 hosts/common/net.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hosts/common/net.nix b/hosts/common/net.nix
index aa2f4fcb..143fb451 100644
--- a/hosts/common/net.nix
+++ b/hosts/common/net.nix
@@ -21,6 +21,20 @@
     General.RoamThreshold5G = "-52";  # default -76
   };
 
+  # plugins mostly add support for establishing different VPN connections.
+  # the default plugin set includes mostly proprietary VPNs:
+  # - fortisslvpn (Fortinet)
+  # - iodine (DNS tunnels)
+  # - l2tp
+  # - openconnect (Cisco Anyconnect / Juniper / ocserv)
+  # - openvpn
+  # - vpnc (Cisco VPN)
+  # - sstp
+  #
+  # i don't use these, and notably they drag in huge dependency sets and don't cross compile well.
+  # e.g. openconnect drags in webkitgtk (for SSO)!
+  networking.networkmanager.plugins = lib.mkForce [];
+
   networking.firewall.allowedUDPPorts = [
     1900  # to received UPnP advertisements. required by sane-ip-check-upnp
   ];