diff options
author | maxine [they] <35892750+maxeaubrey@users.noreply.github.com> | 2022-03-25 21:48:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-25 21:48:31 +0100 |
commit | 65f39165eb6811a05f3eb65eb1e16daa8a3f637e (patch) | |
tree | 75d8f2f73f8cbe41b3c3b8141a550123cf781277 /nixos/modules | |
parent | 206e030ce23c1623b7f45993eb11c67e4ef94a1e (diff) | |
parent | 7f1f6eeffb2b18ed9b2a03f2ae91727e1e615241 (diff) | |
download | nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.tar nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.tar.gz nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.tar.bz2 nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.tar.lz nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.tar.xz nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.tar.zst nixlib-65f39165eb6811a05f3eb65eb1e16daa8a3f637e.zip |
Merge pull request #165479 from savannidgerinel/savanni/1password-browsersupport
nixos/1password-gui: init at 8.6.0
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/_1password-gui.nix | 69 |
2 files changed, 70 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a4c389e69373..71c84fbe6b4b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -118,6 +118,7 @@ ./misc/version.nix ./misc/wordlist.nix ./misc/nixops-autoluks.nix + ./programs/_1password-gui.nix ./programs/adb.nix ./programs/appgate-sdp.nix ./programs/atop.nix diff --git a/nixos/modules/programs/_1password-gui.nix b/nixos/modules/programs/_1password-gui.nix new file mode 100644 index 000000000000..f57de44bb9e2 --- /dev/null +++ b/nixos/modules/programs/_1password-gui.nix @@ -0,0 +1,69 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs._1password-gui; + +in { + options = { + programs._1password-gui = { + enable = mkEnableOption "The 1Password Desktop application with browser integration"; + + groupId = mkOption { + type = types.int; + example = literalExpression "5000"; + description = '' + The GroupID to assign to the onepassword group, which is needed for browser integration. The group ID must be 1000 or greater. + ''; + }; + + polkitPolicyOwners = mkOption { + type = types.listOf types.str; + default = []; + example = literalExpression "[\"user1\" \"user2\" \"user3\"]"; + description = '' + A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms. By default, no users will have such access. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs._1password-gui; + defaultText = literalExpression "pkgs._1password-gui"; + example = literalExpression "pkgs._1password-gui"; + description = '' + The 1Password derivation to use. This can be used to upgrade from the stable release that we keep in nixpkgs to the betas. + ''; + }; + }; + }; + + config = let + package = cfg.package.override { + polkitPolicyOwners = cfg.polkitPolicyOwners; + }; + in mkIf cfg.enable { + environment.systemPackages = [ package ]; + users.groups.onepassword.gid = cfg.groupId; + + security.wrappers = { + "1Password-BrowserSupport" = + { source = "${cfg.package}/share/1password/1Password-BrowserSupport"; + owner = "root"; + group = "onepassword"; + setuid = false; + setgid = true; + }; + + "1Password-KeyringHelper" = + { source = "${cfg.package}/share/1password/1Password-KeyringHelper"; + owner = "root"; + group = "onepassword"; + setuid = true; + setgid = true; + }; + }; + + }; +} |