hosts/pi4/default.nix

@@ -13,7 +13,7 @@
     ./development.nix
     ./hardware.nix
     ./networking.nix
-    ./security
+    ./security.nix
   ];
 
   system.stateVersion = systemConfig.version;

hosts/pi4/security.nix

@@ -0,0 +1,7 @@
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+  services.pcscd.enable = true;
+}

hosts/pi4/security/default.nix

@@ -1,14 +0,0 @@
-{
-  imports = [
-    ./firewall.nix
-  ];
-
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-  services = {
-    pcscd.enable = true;
-    gnome.gnome-keyring.enable = true;
-  };
-}

hosts/pi4/security/firewall.nix

@@ -1,17 +0,0 @@
-{
-  networking = {
-    firewall = {
-      enable = true;
-      trustedInterfaces = [ "tailscale0" ];
-      extraInputRules =
-        let
-          localIPv4Range = "192.168.10.0/24";
-        in
-        ''
-          ip saddr ${localIPv4Range} tcp dport 22 accept
-          ip saddr ${localIPv4Range} udp dport 22 accept
-        '';
-    };
-    nftables.enable = true;
-  };
-}