{ pkgs, ... }: { environment.systemPackages = with pkgs; [ bitwarden bitwarden-cli ]; programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock"; security = { pam = { rssh.enable = true; services = { sudo.rssh = true; }; }; sudo.execWheelOnly = true; }; # We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client services.openssh.openFirewall = false; }