diff options
Diffstat (limited to 'users/modules')
| -rw-r--r-- | users/modules/onepassword.nix | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/users/modules/onepassword.nix b/users/modules/onepassword.nix new file mode 100644 index 0000000..d98df25 --- /dev/null +++ b/users/modules/onepassword.nix @@ -0,0 +1,148 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.programs.onepassword; + + generateAgentConfig = + keys: + let + keyToToml = + key: + let + lines = + [ "[[ssh-keys]]" ] + ++ optional (key.item != null) ''item = "${key.item}"'' + ++ optional (key.vault != null) ''vault = "${key.vault}"'' + ++ [ ''account = "${key.account}"'' ]; + in + concatStringsSep "\n" lines; + in + concatStringsSep "\n\n" (map keyToToml keys); + + home = config.home.homeDirectory; + darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"; + defaultSockPath = ".1password/agent.sock"; + +in +{ + options.programs.onepassword = { + enable = mkEnableOption "1Password CLI and SSH agent integration"; + + package = mkOption { + type = types.package; + default = pkgs._1password-cli; + description = "The 1Password CLI package to use."; + }; + + socketPath = mkOption { + type = types.str; + default = defaultSockPath; + description = "Relative path from home directory for the SSH agent socket."; + example = ".1password/agent.sock"; + }; + + darwinSocketPath = mkOption { + type = types.str; + default = darwinSockPath; + description = "Full path to the 1Password agent socket on macOS."; + }; + + setSshAuthSock = mkOption { + type = types.bool; + default = true; + description = "Whether to set the SSH_AUTH_SOCK environment variable."; + }; + + configureSshClient = mkOption { + type = types.bool; + default = true; + description = "Whether to configure the SSH client to use 1Password agent."; + }; + + fishIntegration = mkOption { + type = types.bool; + default = false; + description = "Enable fish shell completion for 1Password CLI."; + }; + + sshKeys = mkOption { + type = + with types; + listOf (submodule { + options = { + item = mkOption { + type = nullOr str; + default = null; + description = "The name of the SSH key item in 1Password."; + example = "Git Signing Key"; + }; + + vault = mkOption { + type = nullOr str; + default = null; + description = "The vault name where the SSH key is stored (optional)."; + example = "Private"; + }; + + account = mkOption { + type = str; + default = "my.1password.com"; + description = "The 1Password account identifier."; + example = "my.1password.com"; + }; + }; + }); + default = [ ]; + description = "SSH keys configuration for 1Password agent. Lists from multiple configurations will be merged."; + example = [ + { account = "my.1password.com"; } + { + item = "Git Signing Key"; + vault = "Work"; + account = "ACME, Inc."; + } + { + item = "Personal SSH Key"; + account = "my.1password.com"; + } + ]; + }; + }; + + config = mkIf cfg.enable { + home.packages = [ cfg.package ]; + + home.sessionVariables = mkIf cfg.setSshAuthSock { + SSH_AUTH_SOCK = "${home}/${cfg.socketPath}"; + }; + + # Create symlink to Darwin socket (macOS specific) + home.file."${cfg.socketPath}" = mkIf pkgs.stdenv.isDarwin { + source = config.lib.file.mkOutOfStoreSymlink cfg.darwinSocketPath; + }; + + # Configure SSH client + programs.ssh = mkIf cfg.configureSshClient { + extraConfig = "IdentityAgent ~/${cfg.socketPath}"; + }; + + # Fish shell integration + programs.fish = mkIf cfg.fishIntegration { + interactiveShellInit = '' + op completion fish | source + ''; + }; + + # Generate SSH agent configuration + home.file.".config/1Password/ssh/agent.toml" = mkIf (cfg.sshKeys != [ ]) { + text = generateAgentConfig cfg.sshKeys; + }; + }; +} |