From 9d5c2fae01dc260312c2722c0ac7e445525bc5ec Mon Sep 17 00:00:00 2001
From: Jens Nolte <git@queezle.net>
Date: Fri, 7 Jan 2022 19:12:03 +0100
Subject: [PATCH] Disable bluetooth sap profile

Reduces logged errors and should only be enabled explicitly when
required, since it's a big security risk.
---
 layers/pulseaudio.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/layers/pulseaudio.nix b/layers/pulseaudio.nix
index 1d57bc7..bcd4db9 100644
--- a/layers/pulseaudio.nix
+++ b/layers/pulseaudio.nix
@@ -24,6 +24,10 @@ in
   users.groups.bluetooth = {};
   users.groups.pulse-access = {};
 
+  # Bluetooth SIM access profile
+  # Gives external devices (e.g. car radio) access to a SIM card (if available)
+  hardware.bluetooth.disabledPlugins = [ "sap" ];
+
   # Open PulseAudio port to qnet
   networking.firewall.interfaces.qnet = mkIf config.queezle.qnet.enable {
     allowedTCPPorts = [ 4713 ];
-- 
GitLab