✨ [pi4] Nftables firewall config, moved security.nix to security dir

hosts/pi4/default.nix

@@ -13,7 +13,7 @@
     ./development.nix
     ./hardware.nix
     ./networking.nix
-    ./security.nix
+    ./security
   ];
 
   system.stateVersion = systemConfig.version;

hosts/pi4/security/default.nix

@@ -1,4 +1,8 @@
 {
+  imports = [
+    ./firewall.nix
+  ];
+
   programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;

hosts/pi4/security/firewall.nix

@@ -0,0 +1,17 @@
+{
+  networking = {
+    firewall = {
+      enable = true;
+      trustedInterfaces = [ "tailscale0" ];
+      extraInputRules =
+        let
+          localIPv4Range = "192.168.10.0/24";
+        in
+        ''
+          ip saddr ${localIPv4Range} tcp dport 22 accept
+          ip saddr ${localIPv4Range} udp dport 22 accept
+        '';
+    };
+    nftables.enable = true;
+  };
+}