From 3b25d027a746707e670b623c4e50708fdd5b0e37 Mon Sep 17 00:00:00 2001 From: Luke Channings <461449+LukeChannings@users.noreply.github.com> Date: Tue, 17 Sep 2024 17:53:19 +0000 Subject: [PATCH] Support 1password ssh and git integration --- config/1password/default.nix | 13 ------- config/1password/home.nix | 67 +++++++++++++++++++++++++++++++++--- config/ssh/home.nix | 14 -------- flake.nix | 4 +-- 4 files changed, 65 insertions(+), 33 deletions(-) delete mode 100644 config/1password/default.nix diff --git a/config/1password/default.nix b/config/1password/default.nix deleted file mode 100644 index 79ae9f6..0000000 --- a/config/1password/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ }: -{ - home = - { inputs, pkgs, ... }: - { - imports = [ inputs._1password-shell-plugins.hmModules.default ]; - - programs._1password-shell-plugins = { - enable = true; - plugins = with pkgs; [ gh ]; - }; - }; -} diff --git a/config/1password/home.nix b/config/1password/home.nix index 38f2cd5..f443695 100644 --- a/config/1password/home.nix +++ b/config/1password/home.nix @@ -1,9 +1,68 @@ -{ inputs, pkgs, ... }: +{ + inputs, + config, + pkgs, + lib, + ... +}: { imports = [ inputs._1password-shell-plugins.hmModules.default ]; - programs._1password-shell-plugins = { - enable = true; - plugins = with pkgs; [ gh ]; + options = + let + inherit (lib) types mkOption; + in + { + programs._1password = { + enable = mkOption { + type = types.bool; + description = '' + Enables 1Password shell integration + ''; + default = true; + }; + shellPluginPackages = mkOption { + type = (with types; listOf package); + description = '' + Packages to be installed with 1Password shell integration + ''; + default = [ pkgs.gh ]; + }; + enableGitSigning = mkOption { + type = types.bool; + description = '' + Enable 1Password git commit signing integration + ''; + default = pkgs.stdenv.isDarwin; + }; + enableSshAgent = mkOption { + type = types.bool; + description = '' + Enable 1Password SSH identity handling + ''; + default = pkgs.stdenv.isDarwin; + }; + }; + }; + + config = { + programs._1password-shell-plugins = { + enable = true; + plugins = with pkgs; [ gh ]; + }; + + programs.ssh.extraConfig = lib.mkIf config.programs._1password.enableSshAgent "IdentityAgent \"${ + if pkgs.stdenv.isDarwin then + "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" + else + "~/.1password/agent.sock" + }\""; + + programs.git = lib.mkIf config.programs._1password.enableGitSigning { + iniContent = { + gpg.format = "ssh"; + "gpg \"ssh\"".program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"; + }; + }; }; } diff --git a/config/ssh/home.nix b/config/ssh/home.nix index d2e6f4a..b6c9904 100644 --- a/config/ssh/home.nix +++ b/config/ssh/home.nix @@ -1,27 +1,13 @@ { - lib, - pkgs, config, ... }: { - options = { - programs.ssh.enable1PasswordAgent = lib.mkOption { - description = "Enable 1Password agent"; - type = lib.types.bool; - default = false; - }; - }; - config.programs.ssh = { enable = true; forwardAgent = true; hashKnownHosts = true; addKeysToAgent = "yes"; - - extraConfig = lib.mkIf ( - pkgs.stdenv.isDarwin && config.programs.ssh.enable1PasswordAgent - ) "IdentityAgent \"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\""; }; } diff --git a/flake.nix b/flake.nix index 0486d5a..cdbb631 100644 --- a/flake.nix +++ b/flake.nix @@ -66,7 +66,8 @@ "aarch64-linux" ]; - flake.vscode.systemExtensions = (nixpkgs.lib.importJSON ./.devcontainer.json).customizations.vscode.extensions; + flake.vscode.systemExtensions = + (nixpkgs.lib.importJSON ./.devcontainer.json).customizations.vscode.extensions; perSystem = { @@ -85,7 +86,6 @@ disabledModules = [ "default-apps" "chromium" - "1password" "wezterm" "vscode" "fonts"