diff --git a/systems/default.nix b/systems/default.nix
index 9f4fad5..d339a38 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -16,21 +16,10 @@
     [
       (modulesPath + "/installer/scan/not-detected.nix")
       ./modules/bootloaders/systemd-boot.nix
-      ./modules/programs/tailscale.nix
       ./modules/programs/zsh.nix
+      ./modules/hardware/networking.nix
       inputs.sops-nix.nixosModules.sops
-
       inputs.home-manager.nixosModules.home-manager
-      {
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = specialArgs;
-          users.${username}.imports = [
-            ../users/rafiq.nix
-          ];
-        };
-      }
     ]
     # Options for desktops.
     (lib.optionals (type == "desktop") [
@@ -50,6 +39,10 @@
   ];
 
   boot = {
+    loader = {
+      timeout = 5;
+      efi.canTouchEfiVariables = true;
+    };
     kernelPackages = pkgs.linuxPackages_latest;
     initrd.availableKernelModules = [
       "nvme"
@@ -60,36 +53,14 @@
       "sd_mod"
     ];
   };
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = specialArgs;
+    users.${username}.imports = [ ../users/rafiq.nix ];
+  };
 
   system.stateVersion = "24.11";
-  networking = {
-    hostName = hostname;
-    useDHCP = lib.mkDefault true;
-    networkmanager.enable = true;
-    networkmanager.wifi.backend = "iwd";
-
-    # Configures a simple stateful firewall.
-    # By default, it doesn't allow any incoming connections.
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        22 # SSH
-      ];
-      allowedUDPPorts = [ ];
-    };
-
-    interfaces.enp12s0.wakeOnLan.policy = [
-      "phy"
-      "unicast"
-      "multicast"
-      "broadcast"
-      "arp"
-      "magic"
-      "secureon"
-    ];
-    interfaces.enp12s0.wakeOnLan.enable = true;
-
-  };
 
   users.mutableUsers = false; # Always reset users on system activation
   users.users.${username} = {
@@ -137,8 +108,6 @@
 
   i18n.defaultLocale = "en_SG.UTF-8";
 
-  services.openssh.enable = true;
-
   sops = {
     defaultSopsFile = ../secrets/secrets.yaml;
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
diff --git a/systems/modules/bootloaders/systemd-boot.nix b/systems/modules/bootloaders/systemd-boot.nix
index e9d3fa7..9d16cfc 100644
--- a/systems/modules/bootloaders/systemd-boot.nix
+++ b/systems/modules/bootloaders/systemd-boot.nix
@@ -1,8 +1,6 @@
 {
   boot.loader = {
-    timeout = 5;
     systemd-boot.enable = true;
     systemd-boot.configurationLimit = 5;
-    efi.canTouchEfiVariables = true;
   };
 }
diff --git a/systems/modules/hardware/networking.nix b/systems/modules/hardware/networking.nix
new file mode 100644
index 0000000..0c40795
--- /dev/null
+++ b/systems/modules/hardware/networking.nix
@@ -0,0 +1,32 @@
+{ hostname, lib, ... }:
+{
+  networking = {
+    hostName = hostname;
+    useDHCP = lib.mkDefault true;
+    networkmanager.enable = true;
+    networkmanager.wifi.backend = "iwd";
+
+    # Configures a simple stateful firewall.
+    # By default, it doesn't allow any incoming connections.
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22 # SSH
+      ];
+      allowedUDPPorts = [ ];
+    };
+
+    interfaces.enp12s0.wakeOnLan.policy = [
+      "phy"
+      "unicast"
+      "multicast"
+      "broadcast"
+      "arp"
+      "magic"
+      "secureon"
+    ];
+    interfaces.enp12s0.wakeOnLan.enable = true;
+  };
+  services.openssh.enable = true;
+  services.tailscale.enable = true;
+}
diff --git a/systems/modules/programs/tailscale.nix b/systems/modules/programs/tailscale.nix
deleted file mode 100644
index d886410..0000000
--- a/systems/modules/programs/tailscale.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  services.tailscale.enable = true;
-}