nixos-conf/modules/programs/bitwarden.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.custom.programs.bitwarden;
in
{
  options.custom.programs.bitwarden.enable = lib.mkEnableOption "Bitwarden desktop applications";

  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      bitwarden
      bitwarden-cli
    ];

    programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
    security = {
      pam = {
        rssh.enable = true;
        services = {
          sudo.rssh = true;
        };
      };
      sudo.execWheelOnly = true;
    };

    # We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
    services.openssh.openFirewall = false;
  };
}
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
Add hierarchy to custom options 2025-07-06 03:22:09 +03:00			`cfg = config.custom.programs.bitwarden;`
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00			`in`
			`{`
Use lib.mkEnableOption where possible 2025-07-25 13:12:41 +03:00			`options.custom.programs.bitwarden.enable = lib.mkEnableOption "Bitwarden desktop applications";`
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00
			`config = lib.mkIf cfg.enable {`
			`environment.systemPackages = with pkgs; [`
			`bitwarden`
			`bitwarden-cli`
			`];`

			`programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";`
			`security = {`
			`pam = {`
			`rssh.enable = true;`
			`services = {`
			`sudo.rssh = true;`
			`};`
			`};`
			`sudo.execWheelOnly = true;`
			`};`

			`# We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client`
			`services.openssh.openFirewall = false;`
			`};`
			`}`