1Password: Difference between revisions
imported>Drmikecrowe Added details to unlock vivaldi and wavebox, and referenced Home Manager configuration for SSH keys |
import from old wiki |
||
(11 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
= | [https://1password.com/ 1Password] is a password manager. | ||
If you're using NixOS, you can enable 1Password and its GUI | |||
== NixOS == | |||
=== Installation === | |||
If you're using [[NixOS]], you can enable 1Password and its GUI with: | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | {{file|/etc/nixos/configuration.nix|nix|<nowiki> | ||
{ config, lib, pkgs, ... }: | { config, lib, pkgs, ... }: | ||
Line 23: | Line 28: | ||
</nowiki>}} | </nowiki>}} | ||
This is automatically configured for Firefox, Chrome, and Brave browsers. However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the <code>/etc/1password/custom_allowed_browsers</code> file as follows: | === Unlocking browser extensions === | ||
{{warning|1=This only works for browsers that are installed via [[NixOS]]. Browsers installed via [[Flatpak]] are not supported.}} | |||
The 1Password app can unlock your browser extension using a special [https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging native messaging] process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well. | |||
This is automatically configured for [[Firefox]], [[Chrome]], and [[Brave]] browsers. However, [[Vivaldi]] and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the <code>/etc/1password/custom_allowed_browsers</code> file as follows: | |||
* First, use <code>ps aux</code> to find the application name for the browser. For Vivaldi, this is <code>vivaldi-bin</code> | * First, use <code>ps aux</code> to find the application name for the browser. For Vivaldi, this is <code>vivaldi-bin</code> | ||
* Add that binary name to <code>/etc/1password/custom_allowed_browsers</code> | * Add that binary name to <code>/etc/1password/custom_allowed_browsers</code>: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
Line 44: | Line 53: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Home Manager == | |||
{{warning|1=Non-[[NixOS]] installs [https://1password.community/discussion/comment/655813/#Comment_655813 will not link with browser extensions or system authentication] }} | |||
=== Installation === | |||
Add the following to your [[Home Manager]] configuration: | |||
<syntaxhighlight lang="nix"> | |||
home.packages = [ | |||
pkgs._1password | |||
pkgs._1password-gui | |||
]; | |||
</syntaxhighlight> | |||
=== SSH key management === | |||
1Password [https://developer.1password.com/docs/ssh/ can manage SSH keys]. | |||
==== Configuring SSH ==== | |||
If 1Password manages your [[SSH]] keys and you use [[Home Manager]], you may also configure your <code>~/.ssh/config</code> file using Nix: | |||
{{note|In order to start the 1Password SSH agent, you must open the 1Password settings, go to the Developer section and check the checkbox "Use the SSH agent".}} | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
Line 58: | Line 87: | ||
extraConfig = '' | extraConfig = '' | ||
Host * | Host * | ||
IdentityAgent ${onePassPath} | IdentityAgent ${onePassPath} | ||
''; | ''; | ||
Line 65: | Line 93: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
= | ==== Configuring Git ==== | ||
You can enable [[Git]]'s [[SSH]] singing with [[Home Manager]]: | |||
<syntaxhighlight lang="nix"> | |||
{ | |||
programs.git = { | |||
enable = true; | |||
extraConfig = { | |||
gpg = { | |||
format = "ssh"; | |||
}; | |||
"gpg \"ssh\"" = { | |||
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}"; | |||
}; | |||
commit = { | |||
gpgsign = true; | |||
}; | |||
user = { | |||
signingKey = "..."; | |||
}; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
[[Category:Applications]] |
Latest revision as of 14:26, 11 August 2024
1Password is a password manager.
NixOS
Installation
If you're using NixOS, you can enable 1Password and its GUI with:
/etc/nixos/configuration.nix
{ config, lib, pkgs, ... }:
{
# Enable the unfree 1Password packages
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"1password-gui"
"1password"
];
# Alternatively, you could also just allow all unfree packages
# nixpkgs.config.allowUnfree = true;
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
# Certain features, including CLI integration and system authentication support,
# require enabling PolKit integration on some desktop environments (e.g. Plasma).
polkitPolicyOwners = [ "yourUsernameHere" ];
};
...
}
Unlocking browser extensions
The 1Password app can unlock your browser extension using a special native messaging process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.
This is automatically configured for Firefox, Chrome, and Brave browsers. However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the /etc/1password/custom_allowed_browsers
file as follows:
- First, use
ps aux
to find the application name for the browser. For Vivaldi, this isvivaldi-bin
- Add that binary name to
/etc/1password/custom_allowed_browsers
:
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
vivaldi-bin
wavebox
'';
mode = "0755";
};
};
Home Manager
Installation
Add the following to your Home Manager configuration:
home.packages = [
pkgs._1password
pkgs._1password-gui
];
SSH key management
1Password can manage SSH keys.
Configuring SSH
If 1Password manages your SSH keys and you use Home Manager, you may also configure your ~/.ssh/config
file using Nix:
_: let
# onePassPath = "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
onePassPath = "~/.1password/agent.sock";
in {
programs.ssh = {
enable = true;
extraConfig = ''
Host *
IdentityAgent ${onePassPath}
'';
};
}
Configuring Git
You can enable Git's SSH singing with Home Manager:
{
programs.git = {
enable = true;
extraConfig = {
gpg = {
format = "ssh";
};
"gpg \"ssh\"" = {
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
};
commit = {
gpgsign = true;
};
user = {
signingKey = "...";
};
};
};
}