diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 754351c..afaf407 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -1,6 +1,8 @@
 { config, pkgs, lib, ... }:
 
 {
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
   imports =
     [
       ./hardware-configuration.nix
@@ -9,25 +11,21 @@
       ../../shared/vim.nix
       ../../shared/input.nix
       ../../shared/sops.nix
+      ../../shared/gpg.nix
     ];
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  # Set your time zone.
   time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
   console = {
     font = "Lat2-Terminus16";
     useXkbConfig = true; # use xkbOptions in tty.
   };
 
-  # Enable the X11 windowing system.
   services.xserver = {
     enable = true;
 
@@ -50,35 +48,13 @@
   hardware.pulseaudio.enable = true;
   hardware.bluetooth.enable = true;
 
-  # enable polkit
-  security.polkit.enable = true;
-
-  # Baseline of installed packages
-  environment.systemPackages = with pkgs; [
-    # essentials
-    wget
-    gcc
-    htop
-    dig
-    traceroute
-    killall
-    # dev
-    jdk
-    maven
-  ];
 
   # control display backlight
   programs.light.enable = true;
 
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
   services = {
     blueman.enable = true; # bluetooth
     devmon.enable = true; # automount stuff
-    pcscd.enable = true; # yubikey and smartcard handling
     printing.enable = true;
     fprintd.enable = true; # log in using fingerprint
     picom.enable = true; # window transparency
@@ -90,6 +66,16 @@
   virtualisation.libvirtd.enable = true;
   virtualisation.spiceUSBRedirection.enable = true;
 
+  environment.systemPackages = with pkgs; [
+    # essentials
+    wget
+    gcc
+    git
+    htop
+    dig
+    traceroute
+    killall
+  ];
+
   system.stateVersion = "22.11";
 }
-
diff --git a/shared/gpg.nix b/shared/gpg.nix
new file mode 100644
index 0000000..18163f1
--- /dev/null
+++ b/shared/gpg.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+  services.pcscd.enable = true;
+}
diff --git a/users/rouven/default.nix b/users/rouven/default.nix
index 016c4ce..290b391 100644
--- a/users/rouven/default.nix
+++ b/users/rouven/default.nix
@@ -3,7 +3,7 @@
   nixpkgs.config.allowUnfree = true;
   users.users.rouven = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "video" "libvirtd" "networkmanager" ];
+    extraGroups = [ "wheel" "video" "libvirtd" ];
   };
   home-manager.useUserPackages = true;
   home-manager.useGlobalPkgs = true;