OpNix

Secure 1Password secrets integration for NixOS, nix-darwin, and Home Manager.

Features

• Declarative Secrets: Define secrets directly in Nix configuration
• Service Integration: Automatic systemd/launchd service restarts on secret changes
• Multi-Platform: Full support for NixOS, nix-darwin, and Home Manager
• Secure: Uses 1Password service accounts with proper file permissions
• Reliable: systemd services ensure secrets are available without breaking system boot

Quick Start

Add OpNix to your flake:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    opnix.url = "github:brizzbuzz/opnix";
  };

  outputs = { nixpkgs, opnix, ... }: {
    # NixOS
    nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
      modules = [
        opnix.nixosModules.default
        ./configuration.nix
      ];
    };

    # nix-darwin
    darwinConfigurations.yourhostname = nix-darwin.lib.darwinSystem {
      modules = [
        opnix.darwinModules.default
        ./configuration.nix
      ];
    };

    # Home Manager
    homeConfigurations.yourusername = home-manager.lib.homeManagerConfiguration {
      modules = [
        opnix.homeManagerModules.default
        ./home.nix
      ];
    };
  };
}

Configure secrets:

# NixOS/nix-darwin
services.onepassword-secrets = {
  enable = true;
  tokenFile = "/etc/opnix-token";
  secrets = {
    databasePassword = {
      reference = "op://Homelab/Database/password";
      owner = "postgres";
      services = ["postgresql"];
    };
  };
};

# Home Manager
programs.onepassword-secrets = {
  enable = true;
  secrets = {
    sshPrivateKey = {
      reference = "op://Personal/SSH/private-key";
      path = ".ssh/id_rsa";
      mode = "0600";
    };
  };
};

Set up your token:

sudo opnix token set
sudo nixos-rebuild switch --flake .

Documentation

📚 Complete Documentation

• Getting Started Guide - Complete setup walkthrough
• Configuration Reference - All configuration options
• Examples - Real-world configuration examples
• Best Practices - Security and operational guidance
• Troubleshooting - Common issues and solutions
• Migration Guide - Upgrading from V0 to V1

Platform Support

| Platform | Module | Use Case | |----------|--------|----------| | NixOS | nixosModules.default | System-wide secret management | | nix-darwin | darwinModules.default | macOS system secrets | | Home Manager | homeManagerModules.default | User-specific secrets |

Getting Help

• 📖 Documentation: Start with the Getting Started Guide
• 🐛 Issues: Report bugs and request features
• 💬 Discussions: Ask questions and share configurations

License

MIT License