{ ... }: {

    flake.nixosModules.hotspot = { config, lib, ... }: {

        networking.firewall.interfaces."wlo1" = {
            allowedUDPPorts = [ 53 67 68 ];
            allowedTCPPorts = [ 53 67 68 ];
        };

        networking.interfaces."wlo1" = {
            ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }];
        };

        services.dnsmasq = {
            enable = true;
            settings = {
                interface = "wlo1";
                dhcp-range = [ "192.168.121.2,192.168.121.10,1h" ];
            };
        };

        sops.secrets."hotspotPass".sopsFile = ./secrets.yaml;

        services.hostapd = {
            enable = true;

            radios.wlo1 = {
                networks.wlo1 = {
                    ssid = "laptopHotspot";
                    authentication.saePasswords = [{ passwordFile = "${config.sops.secrets."hotspotPass".path}"; }];
                };

                countryCode = "US";

                band = "2g";

                channel = 7;

                wifi4 = {
                    enable = true;
                };
            };
        };

        networking.networkmanager.unmanaged = [ "wlo1" ];
    };
}