36 lines
725 B
Nix
36 lines
725 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.custom.bitwarden;
|
|
in
|
|
{
|
|
options.custom.bitwarden.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
bitwarden
|
|
bitwarden-cli
|
|
];
|
|
|
|
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
|
|
security = {
|
|
pam = {
|
|
rssh.enable = true;
|
|
services = {
|
|
sudo.rssh = true;
|
|
};
|
|
};
|
|
sudo.execWheelOnly = true;
|
|
};
|
|
|
|
# We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
|
|
services.openssh.openFirewall = false;
|
|
};
|
|
}
|