refactor nitrokey ssh

yodaTab/configuration.nix

@@ -10,6 +10,7 @@
       ./hardware-configuration.nix
       ./home-manager.nix
       ./print-and-scan.nix
+      ./nitrokey-ssh-gpg.nix
       ./ssh-unlock.nix
     ];
 
@@ -165,33 +166,6 @@
   # started in user sessions.
   # programs.mtr.enable = true;
 
-  # Enable SSH server.
-  services.openssh = {
-    enable = true;
-    # Forbid root login through SSH.
-    settings.PermitRootLogin = "no";
-    # Use authorized keys only.
-    settings.PasswordAuthentication = false;
-  };
-
-  # Use NitroKey USB smartcard with SSH.
-  # https://nixos.wiki/wiki/Nitrokey
-  #
-  # Restart gpg-agent after config change.
-  # Otherwise there might be a gpg error about "no pinentry".
-  # https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
-  #
-  # Import public key of Nitrokey with GNOME "Passwords and Keys" and set trust to "Ultimate".
-  #
-  services.udev.packages = [ pkgs.nitrokey-udev-rules ];
-  programs = {
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
-  };
-
   nix.settings.auto-optimise-store = true;
 
   # Firewall