nixos/modules/programs/_1password.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

{ config, pkgs, lib, ... }:

with lib;

let

  cfg = config.programs._1password;

in
{
  options = {
    programs._1password = {
      enable = mkEnableOption "the 1Password CLI tool";

      gid = mkOption {
        type = types.addCheck types.int (x: x >= 1000);
        example = literalExpression "5001";
        description = ''
          The gid to assign to the onepassword-cli group, which is needed for integration with the 1Password GUI.
          It must be 1000 or greater.
        '';
      };

      package = mkPackageOption pkgs "1Password CLI" {
        default = [ "_1password" ];
      };
    };
  };

  config = mkIf cfg.enable {
    environment.systemPackages = [ cfg.package ];
    users.groups.onepassword-cli.gid = cfg.gid;

    security.wrappers = {
      "op" = {
        source = "${cfg.package}/bin/op";
        owner = "root";
        group = "onepassword-cli";
        setuid = false;
        setgid = true;
      };
    };
  };
}