move around the security stuff

system/default.nix

@@ -6,6 +6,7 @@
     ./persistence.nix
     ./plymouth.nix
     ./secureboot.nix
+    ./security.nix
     ./virtualisation.nix
   ];
 
@@ -66,34 +67,6 @@
     wireless.iwd.enable = true;
   };
 
-  security = {
-    apparmor = {
-      enable = true;
-      enableCache = true;
-    };
-    audit.enable = true;
-    auditd.enable = true;
-    pam.u2f = {
-      enable = true;
-      authFile = "/etc/u2f_keys";
-      cue = true;
-    };
-    polkit.enable = true;
-    rtkit.enable = true;
-    tpm2 = {
-      enable = true;
-      abrmd.enable = true;
-      pkcs11.enable = true;
-      tctiEnvironment.enable = true;
-    };
-    sudo = {
-      package = pkgs.sudo.override { withInsults = true; };
-      extraConfig = ''
-        Defaults lecture="never"
-      '';
-      wheelNeedsPassword = true;
-    };
-  };
 
   sound.enable = true;
   time.timeZone = "Asia/Kolkata";

system/security.nix

@@ -0,0 +1,37 @@
+{ pkgs, ... }: {
+  security = {
+    apparmor = {
+      enable = true;
+      enableCache = true;
+    };
+    audit.enable = true;
+    auditd.enable = true;
+    pam = {
+      services = {
+        passwd.enableGnomeKeyring = true;
+        login.enableGnomeKeyring = true;
+        swaylock = { };
+      };
+      u2f = {
+        enable = true;
+        authFile = "/etc/u2f_keys";
+        cue = true;
+      };
+    };
+    polkit.enable = true;
+    rtkit.enable = true;
+    tpm2 = {
+      enable = true;
+      abrmd.enable = true;
+      pkcs11.enable = true;
+      tctiEnvironment.enable = true;
+    };
+    sudo = {
+      package = pkgs.sudo.override { withInsults = true; };
+      extraConfig = ''
+        Defaults lecture="never"
+      '';
+      wheelNeedsPassword = true;
+    };
+  };
+}

system/services/default.nix

@@ -19,9 +19,4 @@
     thermald.enable = true;
     udisks2.enable = true;
   };
-  security.pam.services = {
-    passwd.enableGnomeKeyring = true;
-    login.enableGnomeKeyring = true;
-    swaylock = { };
-  };
 }