nixos-conf/modules/programs/bitwarden.nix

36 lines
725 B
Nix

{
config,
lib,
pkgs,
...
}:
let
cfg = config.custom.bitwarden;
in
{
options.custom.bitwarden.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
bitwarden
bitwarden-cli
];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
security = {
pam = {
rssh.enable = true;
services = {
sudo.rssh = true;
};
};
sudo.execWheelOnly = true;
};
# We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
services.openssh.openFirewall = false;
};
}