1Password

From NixOS Wiki
Jump to: navigation, search

Using 1Password on NixOS

If you're using NixOS, you can enable 1Password and its GUI by:

Breeze-text-x-plain.png
/etc/nixos/configuration.nix
{ config, lib, pkgs, ... }:
{
  # Enable the unfree 1Password packages
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "1password-gui"
    "1password"
  ];
  # Alternatively, you could also just allow all unfree packages
  # nixpkgs.config.allowUnfree = true;

  programs._1password.enable = true;
  programs._1password-gui = {
    enable = true;
    # Certain features, including CLI integration and system authentication support,
    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
    polkitPolicyOwners = [ "yourUsernameHere" ];
  };
  ...
}


Unlocking Browser Extensions

Warning: This only works for browsers that are installed via NixOS -- Browsers installed via flatpak are not supported

The 1Password app can unlock your browser extension using a special NativeMessaging process. This streamlines your 1Password experience: Once you unlock 1Password from your tray icon, your browser extensions will be unlocked as well.

This is automatically configured for Firefox, Chrome, and Brave browsers. However, Vivaldi and other custom Chrome-based browsers may not unlock when you unlock 1Password. If you find this to be the case, the solution is to set the /etc/1password/custom_allowed_browsers file as follows:

  • First, use ps aux to find the application name for the browser. For Vivaldi, this is vivaldi-bin
  • Add that binary name to /etc/1password/custom_allowed_browsers
    environment.etc = {
      "1password/custom_allowed_browsers" = {
        text = ''
          vivaldi-bin
          wavebox
        '';
        mode = "0755";
      };
    };


1Password, SSH keys and Home Manager

If 1Password manages your SSH keys and you use Home Manager, you may also configure your ~/.ssh/config file using Nix:

_: let
  # onePassPath = "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
  onePassPath = "~/.1password/agent.sock";
in {
  programs.ssh = {
    enable = true;
    extraConfig = ''
      Host *
          IdentityAgent ${onePassPath}
    '';
  };
}
Note: In order to start the 1Password SSH agent, you must open the 1Password settings, go to the Developer section and check the checkbox "Use the SSH agent".

1Password with Git Ssh Signing

You can enable git ssh singing with Home Manager:

  programs.git = {
    enable = true;
    extraConfig = {
      gpg = {
        format = "ssh";
      };
      "gpg \"ssh\"" = {
        program = "${lib.getExe' pkgs._1password-gui "op-ssh-sign"}";
      };
      commit = {
        gpgsign = true;
      };

      user = {
        signingKey = "...";
      };
    };
  };

On non-NixOS installs

Home Manager

  home.packages = [
    pkgs._1password
    pkgs._1password-gui
  ];