✨ [pi4] Added gnome-keyring for keys

hosts/pi4/default.nix

@@ -13,7 +13,7 @@
     ./development.nix
     ./hardware.nix
     ./networking.nix
-    ./security.nix
+    ./security
   ];
 
   system.stateVersion = systemConfig.version;

hosts/pi4/security.nix

@@ -1,7 +0,0 @@
-{
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-  services.pcscd.enable = true;
-}

hosts/pi4/security/default.nix

@@ -0,0 +1,14 @@
+{
+  imports = [
+    ./firewall.nix
+  ];
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+  services = {
+    pcscd.enable = true;
+    gnome.gnome-keyring.enable = true;
+  };
+}

hosts/pi4/security/firewall.nix

@@ -0,0 +1,17 @@
+{
+  networking = {
+    firewall = {
+      enable = true;
+      trustedInterfaces = [ "tailscale0" ];
+      extraInputRules =
+        let
+          localIPv4Range = "192.168.10.0/24";
+        in
+        ''
+          ip saddr ${localIPv4Range} tcp dport 22 accept
+          ip saddr ${localIPv4Range} udp dport 22 accept
+        '';
+    };
+    nftables.enable = true;
+  };
+}