Official NixOS Wiki

1Password: Difference between revisions

← Older edit
1birkhoff (talk | contribs)
2 edits
VisualWikitext
Hunner (talk | contribs)
1 edit
Added details for getting system authentication working
m auto detect onePassPath for darwin / linux, and add SSH_AUTH_SOCK method
 
(3 intermediate revisions by 3 users not shown)
Line 11: Line 11:
   # Enable the unfree 1Password packages
   # Enable the unfree 1Password packages
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "1password-cli"
     "1password-gui"
     "1password-gui"
     "1password"
     "1password"
Line 57: Line 58:
1Password allows [https://support.1password.com/system-authentication-linux/ unlocking with system authentication]. This means fingerprints or login passwords may be used in addition to the master password. This must be enabled under the Security preferences tab of 1Password as outlined in the 1Password documentation, but also requires a few other system tools to work.
1Password allows [https://support.1password.com/system-authentication-linux/ unlocking with system authentication]. This means fingerprints or login passwords may be used in addition to the master password. This must be enabled under the Security preferences tab of 1Password as outlined in the 1Password documentation, but also requires a few other system tools to work.


For the graphical authentication prompt to work, a user [https://nixos.wiki/wiki/Polkit#Authentication_agents Polkit authentication agent] must be started. The authentication agent may automatically be started under Gnome, KDE, or other DE at login, but may need to be explicitly enabled for other window managers.
For the graphical authentication prompt to work, a user [[Polkit#Authentication_agents|Polkit authentication agent]] must be started. The authentication agent may automatically be started under Gnome, KDE, or other DE at login, but may need to be explicitly enabled for other window managers.


For fingerprint unlocking to work, [https://wiki.nixos.org/wiki/Fingerprint_scanner fingerprint scanning] to be enabled and allowed for typical system authentication.
For fingerprint unlocking to work, [[Fingerprint scanner|fingerprint scanning]] to be enabled and allowed for typical system authentication.


== Home Manager ==
== Home Manager ==


{{warning|1=Non-[[NixOS]] installs [https://1password.community/discussion/comment/655813/#Comment_655813 will not link with browser extensions or system authentication] }}
{{warning|1=Non-[[NixOS]] installs [https://www.1password.community/discussions/1password/sandboxed-application-cant-communicate-with-browser-extension/91984/replies/92015 will not link with browser extensions or system authentication] }}


=== Installation ===
=== Installation ===
Line 87: Line 88:


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
_: let
let
   # onePassPath = "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
   onePassPath = if pkgs.stdenv.isDarwin
  onePassPath = "~/.1password/agent.sock";
    then "${config.home.homeDirectory}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
    else "${config.home.homeDirectory}/.1password/agent.sock";
in {
in {
  home.sessionVariables.SSH_AUTH_SOCK = onePassPath;
  # or, alternatively, set it in `.ssh/config` which has higher precedence:
   programs.ssh = {
   programs.ssh = {
     enable = true;
     enable = true;
Retrieved from "https://wiki.nixos.org/wiki/1Password"