Support 1password ssh and git integration

LukeChannings · Sep 17, 2024 · 3b25d02 · 3b25d02
1 parent 1445a14
commit 3b25d02
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 33 deletions.
diff --git a/config/1password/default.nix b/config/1password/default.nix
diff --git a/config/1password/home.nix b/config/1password/home.nix
@@ -1,9 +1,68 @@
-{ inputs, pkgs, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
   imports = [ inputs._1password-shell-plugins.hmModules.default ];
 
-  programs._1password-shell-plugins = {
-    enable = true;
-    plugins = with pkgs; [ gh ];
+  options =
+    let
+      inherit (lib) types mkOption;
+    in
+    {
+      programs._1password = {
+        enable = mkOption {
+          type = types.bool;
+          description = ''
+            Enables 1Password shell integration
+          '';
+          default = true;
+        };
+        shellPluginPackages = mkOption {
+          type = (with types; listOf package);
+          description = ''
+            Packages to be installed with 1Password shell integration
+          '';
+          default = [ pkgs.gh ];
+        };
+        enableGitSigning = mkOption {
+          type = types.bool;
+          description = ''
+            Enable 1Password git commit signing integration
+          '';
+          default = pkgs.stdenv.isDarwin;
+        };
+        enableSshAgent = mkOption {
+          type = types.bool;
+          description = ''
+            Enable 1Password SSH identity handling
+          '';
+          default = pkgs.stdenv.isDarwin;
+        };
+      };
+    };
+
+  config = {
+    programs._1password-shell-plugins = {
+      enable = true;
+      plugins = with pkgs; [ gh ];
+    };
+
+    programs.ssh.extraConfig = lib.mkIf config.programs._1password.enableSshAgent "IdentityAgent \"${
+      if pkgs.stdenv.isDarwin then
+        "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
+      else
+        "~/.1password/agent.sock"
+    }\"";
+
+    programs.git = lib.mkIf config.programs._1password.enableGitSigning {
+      iniContent = {
+        gpg.format = "ssh";
+        "gpg \"ssh\"".program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign";
+      };
+    };
   };
 }
diff --git a/config/ssh/home.nix b/config/ssh/home.nix
@@ -1,27 +1,13 @@
 {
-  lib,
-  pkgs,
   config,
   ...
 }:
 {
-  options = {
-    programs.ssh.enable1PasswordAgent = lib.mkOption {
-      description = "Enable 1Password agent";
-      type = lib.types.bool;
-      default = false;
-    };
-  };
-
   config.programs.ssh = {
     enable = true;
 
     forwardAgent = true;
     hashKnownHosts = true;
     addKeysToAgent = "yes";
-
-    extraConfig = lib.mkIf (
-      pkgs.stdenv.isDarwin && config.programs.ssh.enable1PasswordAgent
-    ) "IdentityAgent \"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
   };
 }
diff --git a/flake.nix b/flake.nix
@@ -66,7 +66,8 @@
         "aarch64-linux"
       ];
 
-      flake.vscode.systemExtensions = (nixpkgs.lib.importJSON ./.devcontainer.json).customizations.vscode.extensions;
+      flake.vscode.systemExtensions =
+        (nixpkgs.lib.importJSON ./.devcontainer.json).customizations.vscode.extensions;
 
       perSystem =
         {
@@ -85,7 +86,6 @@
             disabledModules = [
               "default-apps"
               "chromium"
-              "1password"
               "wezterm"
               "vscode"
               "fonts"