modules/1password.nix at d60a3e3710c5d992e6cd61f34186a73ebeec7edf · ovyerus.com/dotfiles

ovyerus.com / dotfiles

Nix configurations for my personal machines (Linux & macOS)

dotfiles / modules / 1password.nix

at d60a3e3710c5d992e6cd61f34186a73ebeec7edf 886 B view raw

 1{
 2  delib,
 3  homeConfig,
 4  ...
 5}:
 6delib.module {
 7  name = "_1password";
 8
 9  options = delib.singleEnableOption true;
10
11  nixos.ifEnabled = {
12    services.systembus-notify.enable = true;
13    programs._1password.enable = true;
14    programs._1password-gui = {
15      enable = true;
16      polkitPolicyOwners = ["ovy"]; # TODO: replace
17    };
18
19    environment.etc."1password/custom_allowed_browsers" = {
20      text = ''
21        vivaldi-bin
22        zen
23      '';
24      mode = "0755";
25    };
26  };
27
28  home.ifEnabled.programs.ssh.matchBlocks = let
29    _1passwordAgent = options:
30      homeConfig.lib.dag.entryBefore ["*"] ({
31          extraOptions.IdentityAgent = "~/.1password/agent.sock";
32          extraOptions.IdentitiesOnly = "no";
33        }
34        // options);
35  in {
36    # OpenWrt
37    "192.168.1.1" = _1passwordAgent {user = "root";};
38    "*.repo.borgbase.com" = _1passwordAgent {};
39  };
40}