1Password
Using 1Password on NixOS
If you're using NixOS, you can enable 1Password and its GUI by:
/etc/nixos/configuration.nix
{ config, lib, pkgs, ... }:
{
# Enable the unfree 1Password packages
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"1password-gui"
"1password"
];
# Alternatively, you could also just allow all unfree packages
# nixpkgs.config.allowUnfree = true;
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
# Certain features, including CLI integration and system authentication support,
# require enabling PolKit integration on some desktop environments (e.g. Plasma).
polkitPolicyOwners = [ "yourUsernameHere" ];
};
...
}
Unlocking Browser Extensions
The 1Password app can unlock your browser extension using a special NativeMessaging process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.
This is automatically configured for Firefox, Chrome, and Brave browsers. However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the /etc/1password/custom_allowed_browsers
file as follows:
- First, use
ps aux
to find the application name for the browser. For Vivaldi, this isvivaldi-bin
- Add that binary name to
/etc/1password/custom_allowed_browsers
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
vivaldi-bin
wavebox
'';
mode = "0755";
};
};
1Password, SSH keys and Home Manager
If 1Password manages your SSH keys and you use Home Manager, you may also configure your ~/.ssh/config
file using Nix:
_: let
# onePassPath = "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
onePassPath = "~/.1password/agent.sock";
in {
programs.ssh = {
enable = true;
extraConfig = ''
Host *
IdentityAgent ${onePassPath}
'';
};
}
1Password with Git Ssh Signing
You can enable git ssh singing with Home Manager:
programs.git = {
enable = true;
extraConfig = {
gpg = {
format = "ssh";
};
"gpg \"ssh\"" = {
program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
};
commit = {
gpgsign = true;
};
user = {
signingKey = "...";
};
};
};
On non-NixOS installs
Home Manager
home.packages = [
pkgs._1password
pkgs._1password-gui
];