{ pkgs, ... }:
{
  environment.systemPackages = with pkgs; [
    bitwarden
    bitwarden-cli
  ];

  programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
  security = {
    pam = {
      rssh.enable = true;
      services = {
        sudo.rssh = true;
      };
    };
    sudo.execWheelOnly = true;
  };

  # We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
  services.openssh.openFirewall = false;
}