From 553600d88bd4c23412e4d8926d2af20ee84379a2 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 5 Jan 2026 18:38:59 -0800 Subject: don't use 1password ssh agent --- home/modules/onepassword.nix | 149 ------------------------------------------ home/profiles/darwin.nix | 1 - home/programs/onepassword.nix | 9 --- machines/mbp-work.nix | 15 +---- profiles/home-manager.nix | 1 - 5 files changed, 1 insertion(+), 174 deletions(-) delete mode 100644 home/modules/onepassword.nix delete mode 100644 home/programs/onepassword.nix diff --git a/home/modules/onepassword.nix b/home/modules/onepassword.nix deleted file mode 100644 index d1851ea..0000000 --- a/home/modules/onepassword.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; - -let - cfg = config.programs.onepassword; - - generateAgentConfig = - keys: - let - keyToToml = - key: - let - lines = [ - "[[ssh-keys]]" - ] - ++ optional (key.item != null) ''item = "${key.item}"'' - ++ optional (key.vault != null) ''vault = "${key.vault}"'' - ++ [ ''account = "${key.account}"'' ]; - in - concatStringsSep "\n" lines; - in - concatStringsSep "\n\n" (map keyToToml keys); - - home = config.home.homeDirectory; - darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"; - defaultSockPath = ".1password/agent.sock"; - -in -{ - options.programs.onepassword = { - enable = mkEnableOption "1Password CLI and SSH agent integration"; - - package = mkOption { - type = types.package; - default = pkgs._1password-cli; - description = "The 1Password CLI package to use."; - }; - - socketPath = mkOption { - type = types.str; - default = defaultSockPath; - description = "Relative path from home directory for the SSH agent socket."; - example = ".1password/agent.sock"; - }; - - darwinSocketPath = mkOption { - type = types.str; - default = darwinSockPath; - description = "Full path to the 1Password agent socket on macOS."; - }; - - setSshAuthSock = mkOption { - type = types.bool; - default = true; - description = "Whether to set the SSH_AUTH_SOCK environment variable."; - }; - - configureSshClient = mkOption { - type = types.bool; - default = true; - description = "Whether to configure the SSH client to use 1Password agent."; - }; - - fishIntegration = mkOption { - type = types.bool; - default = false; - description = "Enable fish shell completion for 1Password CLI."; - }; - - sshKeys = mkOption { - type = - with types; - listOf (submodule { - options = { - item = mkOption { - type = nullOr str; - default = null; - description = "The name of the SSH key item in 1Password."; - example = "Git Signing Key"; - }; - - vault = mkOption { - type = nullOr str; - default = null; - description = "The vault name where the SSH key is stored (optional)."; - example = "Private"; - }; - - account = mkOption { - type = str; - default = "my.1password.com"; - description = "The 1Password account identifier."; - example = "my.1password.com"; - }; - }; - }); - default = [ ]; - description = "SSH keys configuration for 1Password agent. Lists from multiple configurations will be merged."; - example = [ - { account = "my.1password.com"; } - { - item = "Git Signing Key"; - vault = "Work"; - account = "ACME, Inc."; - } - { - item = "Personal SSH Key"; - account = "my.1password.com"; - } - ]; - }; - }; - - config = mkIf cfg.enable { - home.packages = [ cfg.package ]; - - home.sessionVariables = mkIf cfg.setSshAuthSock { - SSH_AUTH_SOCK = "${home}/${cfg.socketPath}"; - }; - - # Create symlink to Darwin socket (macOS specific) - home.file."${cfg.socketPath}" = mkIf pkgs.stdenv.isDarwin { - source = config.lib.file.mkOutOfStoreSymlink cfg.darwinSocketPath; - }; - - # Configure SSH client - programs.ssh = mkIf cfg.configureSshClient { - extraConfig = "IdentityAgent ~/${cfg.socketPath}"; - }; - - # Fish shell integration - programs.fish = mkIf cfg.fishIntegration { - interactiveShellInit = '' - op completion fish | source - ''; - }; - - # Generate SSH agent configuration - home.file.".config/1Password/ssh/agent.toml" = mkIf (cfg.sshKeys != [ ]) { - text = generateAgentConfig cfg.sshKeys; - }; - }; -} diff --git a/home/profiles/darwin.nix b/home/profiles/darwin.nix index b7d7ae6..c0e9a8e 100644 --- a/home/profiles/darwin.nix +++ b/home/profiles/darwin.nix @@ -21,7 +21,6 @@ ../programs/firefox ../programs/fish.nix ../programs/kitty.nix - ../programs/onepassword.nix ../programs/ssh.nix ]; diff --git a/home/programs/onepassword.nix b/home/programs/onepassword.nix deleted file mode 100644 index f364a9e..0000000 --- a/home/programs/onepassword.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - programs.onepassword = { - enable = true; - sshKeys = [ - { account = "my.1password.com"; } # All keys from personal account - ]; - }; -} diff --git a/machines/mbp-work.nix b/machines/mbp-work.nix index a7b80c6..618f536 100644 --- a/machines/mbp-work.nix +++ b/machines/mbp-work.nix @@ -1,9 +1,4 @@ -{ - adminUser, - pkgs, - lib, - ... -}: +{ adminUser, pkgs, ... }: { imports = [ ../profiles/darwin.nix @@ -33,18 +28,10 @@ tfswitch vault ]; - programs.onepassword.sshKeys = lib.mkAfter [ - { - account = "roblox.1password.com"; - vault = "Private"; - } - ]; programs.ssh.matchBlocks."github.rbx.com" = { hostname = "github.rbx.com"; user = "git"; - forwardAgent = false; extraOptions = { - preferredAuthentications = "publickey"; controlMaster = "no"; controlPath = "none"; }; diff --git a/profiles/home-manager.nix b/profiles/home-manager.nix index a8559c3..6db8dd0 100644 --- a/profiles/home-manager.nix +++ b/profiles/home-manager.nix @@ -23,7 +23,6 @@ home-manager.sharedModules = [ inputs.agenix.homeManagerModules.default ../home/modules/userinfo.nix - ../home/modules/onepassword.nix ] ++ (if pkgs.stdenv.isDarwin then [ inputs.mac-app-util.homeManagerModules.default ] else [ ]); } -- cgit v1.2.3