1Password: Difference between revisions

From NixOS Wiki
imported>Pluiedev
m forgot to specify nixpkgs as an input
import from old wiki
 
(13 intermediate revisions by 8 users not shown)
Line 1: Line 1:
= Using 1Password on NixOS =
[https://1password.com/ 1Password] is a password manager.
If you're using NixOS, you can enable 1Password and its GUI by:
 
== NixOS ==
 
=== Installation ===
 
If you're using [[NixOS]], you can enable 1Password and its GUI with:
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{ config, lib, pkgs, nixpkgs, ... }:
{ config, lib, pkgs, ... }:
{
{
   # Enable the unfree 1Password packages
   # Enable the unfree 1Password packages
Line 23: Line 28:
</nowiki>}}
</nowiki>}}


= On non-NixOS installs (TODO) =
 
 
=== Unlocking browser extensions ===
 
{{warning|1=This only works for browsers that are installed via [[NixOS]]. Browsers installed via [[Flatpak]] are not supported.}}
 
The 1Password app can unlock your browser extension using a special [https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging native messaging] process.  This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well. 
 
This is automatically configured for [[Firefox]], [[Chrome]], and [[Brave]] browsers.  However, [[Vivaldi]] and other custom Chrome-based browsers may not unlock when you unlock 1Password.  If you find this to be the case, the solution is to set the  <code>/etc/1password/custom_allowed_browsers</code> file as follows:
 
* First, use <code>ps aux</code> to find the application name for the browser.  For Vivaldi, this is <code>vivaldi-bin</code>
* Add that binary name to <code>/etc/1password/custom_allowed_browsers</code>:
 
<syntaxhighlight lang="nix">
    environment.etc = {
      "1password/custom_allowed_browsers" = {
        text = ''
          vivaldi-bin
          wavebox
        '';
        mode = "0755";
      };
    };
</syntaxhighlight>
 
== Home Manager ==
 
{{warning|1=Non-[[NixOS]] installs [https://1password.community/discussion/comment/655813/#Comment_655813 will not link with browser extensions or system authentication] }}
 
=== Installation ===
 
Add the following to your [[Home Manager]] configuration:
 
<syntaxhighlight lang="nix">
  home.packages = [
    pkgs._1password
    pkgs._1password-gui
  ];
</syntaxhighlight>
 
=== SSH key management ===
 
1Password [https://developer.1password.com/docs/ssh/ can manage SSH keys].
 
==== Configuring SSH ====
 
If 1Password manages your [[SSH]] keys and you use [[Home Manager]], you may also configure your <code>~/.ssh/config</code> file using Nix:
 
{{note|In order to start the 1Password SSH agent, you must open the 1Password settings, go to the Developer section and check the checkbox "Use the SSH agent".}}
 
<syntaxhighlight lang="nix">
_: let
  # onePassPath = "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
  onePassPath = "~/.1password/agent.sock";
in {
  programs.ssh = {
    enable = true;
    extraConfig = ''
      Host *
          IdentityAgent ${onePassPath}
    '';
  };
}
</syntaxhighlight>
 
==== Configuring Git ====
 
You can enable [[Git]]'s [[SSH]] singing with [[Home Manager]]:
 
<syntaxhighlight lang="nix">
{
  programs.git = {
    enable = true;
    extraConfig = {
      gpg = {
        format = "ssh";
      };
      "gpg \"ssh\"" = {
        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
      };
      commit = {
        gpgsign = true;
      };
 
      user = {
        signingKey = "...";
      };
    };
  };
}
</syntaxhighlight>
 
 
[[Category:Applications]]

Latest revision as of 14:26, 11 August 2024

1Password is a password manager.

NixOS

Installation

If you're using NixOS, you can enable 1Password and its GUI with:

/etc/nixos/configuration.nix
{ config, lib, pkgs, ... }:
{
  # Enable the unfree 1Password packages
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "1password-gui"
    "1password"
  ];
  # Alternatively, you could also just allow all unfree packages
  # nixpkgs.config.allowUnfree = true;

  programs._1password.enable = true;
  programs._1password-gui = {
    enable = true;
    # Certain features, including CLI integration and system authentication support,
    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
    polkitPolicyOwners = [ "yourUsernameHere" ];
  };
  ...
}


Unlocking browser extensions

Warning: This only works for browsers that are installed via NixOS. Browsers installed via Flatpak are not supported.

The 1Password app can unlock your browser extension using a special native messaging process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.

This is automatically configured for Firefox, Chrome, and Brave browsers. However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the /etc/1password/custom_allowed_browsers file as follows:

  • First, use ps aux to find the application name for the browser. For Vivaldi, this is vivaldi-bin
  • Add that binary name to /etc/1password/custom_allowed_browsers:
    environment.etc = {
      "1password/custom_allowed_browsers" = {
        text = ''
          vivaldi-bin
          wavebox
        '';
        mode = "0755";
      };
    };

Home Manager

Installation

Add the following to your Home Manager configuration:

  home.packages = [
    pkgs._1password
    pkgs._1password-gui
  ];

SSH key management

1Password can manage SSH keys.

Configuring SSH

If 1Password manages your SSH keys and you use Home Manager, you may also configure your ~/.ssh/config file using Nix:

Note: In order to start the 1Password SSH agent, you must open the 1Password settings, go to the Developer section and check the checkbox "Use the SSH agent".
_: let
  # onePassPath = "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
  onePassPath = "~/.1password/agent.sock";
in {
  programs.ssh = {
    enable = true;
    extraConfig = ''
      Host *
          IdentityAgent ${onePassPath}
    '';
  };
}

Configuring Git

You can enable Git's SSH singing with Home Manager:

{
  programs.git = {
    enable = true;
    extraConfig = {
      gpg = {
        format = "ssh";
      };
      "gpg \"ssh\"" = {
        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
      };
      commit = {
        gpgsign = true;
      };

      user = {
        signingKey = "...";
      };
    };
  };
}