users -> home

author: Franck Cuny <franck@fcuny.net> 2025-08-12 08:52:51 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-08-12 08:52:51 -0700
commit: 61fa2329f553f9c7962e968e1ec98ae675903b70 (patch)
tree: 0afdbf7c8fddda1718abee49db6206a5f8df5b09 /home/modules
parent: directories first (diff)
download: infra-61fa2329f553f9c7962e968e1ec98ae675903b70.tar.gz
2 files changed, 164 insertions, 0 deletions
diff --git a/home/modules/onepassword.nix b/home/modules/onepassword.nix
new file mode 100644
index 0000000..d1851ea
--- /dev/null
+++ b/home/modules/onepassword.nix
@@ -0,0 +1,149 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.programs.onepassword;
+
+  generateAgentConfig =
+    keys:
+    let
+      keyToToml =
+        key:
+        let
+          lines = [
+            "[[ssh-keys]]"
+          ]
+          ++ optional (key.item != null) ''item = "${key.item}"''
+          ++ optional (key.vault != null) ''vault = "${key.vault}"''
+          ++ [ ''account = "${key.account}"'' ];
+        in
+        concatStringsSep "\n" lines;
+    in
+    concatStringsSep "\n\n" (map keyToToml keys);
+
+  home = config.home.homeDirectory;
+  darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
+  defaultSockPath = ".1password/agent.sock";
+
+in
+{
+  options.programs.onepassword = {
+    enable = mkEnableOption "1Password CLI and SSH agent integration";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs._1password-cli;
+      description = "The 1Password CLI package to use.";
+    };
+
+    socketPath = mkOption {
+      type = types.str;
+      default = defaultSockPath;
+      description = "Relative path from home directory for the SSH agent socket.";
+      example = ".1password/agent.sock";
+    };
+
+    darwinSocketPath = mkOption {
+      type = types.str;
+      default = darwinSockPath;
+      description = "Full path to the 1Password agent socket on macOS.";
+    };
+
+    setSshAuthSock = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Whether to set the SSH_AUTH_SOCK environment variable.";
+    };
+
+    configureSshClient = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Whether to configure the SSH client to use 1Password agent.";
+    };
+
+    fishIntegration = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable fish shell completion for 1Password CLI.";
+    };
+
+    sshKeys = mkOption {
+      type =
+        with types;
+        listOf (submodule {
+          options = {
+            item = mkOption {
+              type = nullOr str;
+              default = null;
+              description = "The name of the SSH key item in 1Password.";
+              example = "Git Signing Key";
+            };
+
+            vault = mkOption {
+              type = nullOr str;
+              default = null;
+              description = "The vault name where the SSH key is stored (optional).";
+              example = "Private";
+            };
+
+            account = mkOption {
+              type = str;
+              default = "my.1password.com";
+              description = "The 1Password account identifier.";
+              example = "my.1password.com";
+            };
+          };
+        });
+      default = [ ];
+      description = "SSH keys configuration for 1Password agent. Lists from multiple configurations will be merged.";
+      example = [
+        { account = "my.1password.com"; }
+        {
+          item = "Git Signing Key";
+          vault = "Work";
+          account = "ACME, Inc.";
+        }
+        {
+          item = "Personal SSH Key";
+          account = "my.1password.com";
+        }
+      ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+
+    home.sessionVariables = mkIf cfg.setSshAuthSock {
+      SSH_AUTH_SOCK = "${home}/${cfg.socketPath}";
+    };
+
+    # Create symlink to Darwin socket (macOS specific)
+    home.file."${cfg.socketPath}" = mkIf pkgs.stdenv.isDarwin {
+      source = config.lib.file.mkOutOfStoreSymlink cfg.darwinSocketPath;
+    };
+
+    # Configure SSH client
+    programs.ssh = mkIf cfg.configureSshClient {
+      extraConfig = "IdentityAgent ~/${cfg.socketPath}";
+    };
+
+    # Fish shell integration
+    programs.fish = mkIf cfg.fishIntegration {
+      interactiveShellInit = ''
+        op completion fish | source
+      '';
+    };
+
+    # Generate SSH agent configuration
+    home.file.".config/1Password/ssh/agent.toml" = mkIf (cfg.sshKeys != [ ]) {
+      text = generateAgentConfig cfg.sshKeys;
+    };
+  };
+}
diff --git a/home/modules/userinfo.nix b/home/modules/userinfo.nix
new file mode 100644
index 0000000..46afc73
--- /dev/null
+++ b/home/modules/userinfo.nix
@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  options = with lib; {
+    userinfo = {
+      fullName = mkOption {
+        type = types.str;
+        example = "Someone Someonesson";
+      };
+      email = mkOption {
+        type = types.str;
+        example = "some@email.com";
+      };
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-08-12 08:52:51 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-08-12 08:52:51 -0700
commit	61fa2329f553f9c7962e968e1ec98ae675903b70 (patch)
tree	0afdbf7c8fddda1718abee49db6206a5f8df5b09 /home/modules
parent	directories first (diff)
download	infra-61fa2329f553f9c7962e968e1ec98ae675903b70.tar.gz