feat: many changes

2025-08-01 19:48:49 +02:00
parent 7f01dc4cac
commit 3990566fe5
21 changed files with 363 additions and 170 deletions
--- a/hosts/nb/modules/desktop/bitwarden.nix
+++ b/hosts/nb/modules/desktop/bitwarden.nix
@@ -1,9 +1,42 @@
 { config, pkgs, ... }:
-
+let
+  polkitAgent = pkgs.lxqt.lxqt-policykit;
+in
 {
+  #### Fingerprint stack #######################################################
+  services.fprintd.enable = true;
+  services.fprintd.tod.enable = true;
+  # Change the driver if your sensor isn’t Goodix.
+  services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix;
+
+  #### Polkit (needed for Bitwarden’s “system authentication” prompt) ###########
+  security.polkit.enable = true;
+  services.dbus.enable = true;
+
+  systemd.user.services.polkit-agent = {
+    description = "Polkit authentication agent";
+    after = [ "graphical-session.target" ];
+    wantedBy = [ "graphical-session.target" ];
+    serviceConfig.ExecStart = "${polkitAgent}/bin/lxqt-policykit-agent";
+    serviceConfig.Restart = "on-failure";
+  };
+
+  #### Autostart Bitwarden desktop in your user session ########################
+  systemd.user.services.bitwarden = {
+    description = "Bitwarden Desktop";
+    after = [ "graphical-session.target" ];
+    wantedBy = [ "graphical-session.target" ];
+    serviceConfig.ExecStart = "${pkgs.bitwarden}/bin/bitwarden";
+    serviceConfig.Restart = "on-abort";
+  };
+
+  #### Handy tools #############################################################
  environment.systemPackages = with pkgs; [
+    goldwarden
    bitwarden
    bitwarden-cli
+    fprintd
+    lxqt.lxqt-policykit
  ];

  environment.shellAliases = {
@@ -14,4 +47,43 @@
  environment.shellInit = ''
    mkdir -p ~/.config/bitwarden-cli-epicenter ~/.config/bitwarden-cli-cloonar
  '';
+
+  # environment.systemPackages = with pkgs; [
+  #   bitwarden
+  #   bitwarden-cli
+  #   (runCommand "bitwarden-polkit-policy" {} ''
+  #     mkdir -p $out/share/polkit-1/actions
+  #     cat > $out/share/polkit-1/actions/com.bitwarden.Bitwarden.policy <<'EOF'
+  #     <?xml version="1.0" encoding="UTF-8"?>
+  #     <!DOCTYPE policyconfig PUBLIC
+  #     "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+  #     "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+  #     <policyconfig>
+  #       <action id="com.bitwarden.Bitwarden.unlock">
+  #         <description>Unlock Bitwarden</description>
+  #         <message>Authenticate to unlock Bitwarden</message>
+  #         <defaults>
+  #           <allow_any>no</allow_any>
+  #           <allow_inactive>no</allow_inactive>
+  #           <allow_active>auth_self</allow_active>
+  #         </defaults>
+  #       </action>
+  #     </policyconfig>
+  #     EOF
+  #   '')
+  # ];
+
+  # systemd.user.services.polkit-gnome-authentication-agent-1 = {
+  #   description = "polkit-gnome-authentication-agent-1";
+  #   wantedBy = [ "graphical-session.target" ];
+  #   wants = [ "graphical-session.target" ];
+  #   after = [ "graphical-session.target" ];
+  #   serviceConfig = {
+  #     Type = "simple";
+  #     ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+  #     Restart = "on-failure";
+  #     RestartSec = 1;
+  #     TimeoutStopSec = 10;
+  #   };
+  # };
 }