3 files changed, 0 insertions, 69 deletions

diff --git a/system/default.nix b/system/default.nix
index 9be2937..aba8c11 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -15,7 +15,6 @@
     ./bluetooth.nix
     ./desktop.nix
     ./fingerprint.nix
-    ./hardened.nix
     ./hardware.nix
     ./networking.nix
     ./sshd.nix
diff --git a/system/desktop.nix b/system/desktop.nix
index 8a37148..853296b 100644
--- a/system/desktop.nix
+++ b/system/desktop.nix
@@ -8,10 +8,6 @@
 }: let
   inherit (lib) mkIf;
 in {
-  imports = [
-    inputs.preload-ng.nixosModules.default
-  ];
-
   config = mkIf config.desktops.enable {
     # nix-ld
     programs.nix-ld.enable = true;
@@ -61,12 +57,6 @@ in {
     };
     users.groups.lp.members = [config.user];
 
-    # preload-ng
-    services.preload-ng = {
-      enable = true;
-      package = inputs.preload-ng.packages.${system}.preload-ng-src;
-    };
-
     # secrets
     services.gnome.gnome-keyring.enable = true;
 
diff --git a/system/hardened.nix b/system/hardened.nix
deleted file mode 100644
index 223b358..0000000
--- a/system/hardened.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  lib,
-  config,
-  inputs,
-  ...
-}: let
-  inherit (lib) mkIf;
-in {
-  imports = [
-    inputs.nix-mineral.nixosModules.nix-mineral
-  ];
-
-  config = mkIf config.hardened {
-    nix-mineral = {
-      enable = true;
-      settings = {
-        debug = {
-          coredump = true;
-          zram = false;
-        };
-        network = {
-          icmp = {
-            cast = true;
-            ignore-all = false;
-          };
-        };
-        kernel = {
-          cpu-mitigations = "smt-on";
-          io-uring = true;
-          lockdown = true;
-          only-signed-modules = true;
-          pti = true;
-          sysrq = "none";
-        };
-        system = {
-          yama = "relaxed";
-        };
-      };
-      extras = {
-        kernel = {
-          intelme-kmodules = false;
-        };
-        system = {
-          secure-chrony = true;
-          unprivileged-userns = false;
-        };
-      };
-      filesystems = {
-        normal = {
-          # let me run shell scripts
-          # please and thank you
-          "/home".options.noexec = lib.mkForce false;
-          "/etc".options.noexec = lib.mkForce true;
-        };
-      };
-    };
-  };
-}