From 665c76bee5f2c269bc4e890a96fdcee21cfbfba0 Mon Sep 17 00:00:00 2001
From: "Stian R. Sporaland" <mail@stianrs.dev>
Date: Sun, 1 Sep 2024 10:26:05 +0200
Subject: [PATCH] feat: Add _1password home-manager module and enable it on
 gamer and laptop hosts

---
 flake.lock                                    | 30 +++++++++----------
 .../_modules/security/_1password/default.nix  | 19 ++++++++++++
 homes/_modules/security/default.nix           |  2 ++
 homes/stianrs/hosts/gamer.nix                 | 10 ++-----
 homes/stianrs/hosts/laptop.nix                |  8 ++---
 5 files changed, 41 insertions(+), 28 deletions(-)
 create mode 100644 homes/_modules/security/_1password/default.nix

diff --git a/flake.lock b/flake.lock
index e60caca..d5221a1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -75,11 +75,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722555600,
-        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "lastModified": 1725024810,
+        "narHash": "sha256-ODYRm8zHfLTH3soTFWE452ydPYz2iTvr9T8ftDMUQ3E=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "rev": "af510d4a62d071ea13925ce41c95e3dec816c01d",
         "type": "github"
       },
       "original": {
@@ -260,11 +260,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724561770,
-        "narHash": "sha256-zv8C9RNa86CIpyHwPIVO/k+5TfM8ZbjGwOOpTe1grls=",
+        "lastModified": 1724994893,
+        "narHash": "sha256-yutISDGg6HUaZqCaa54EcsfTwew3vhNtt/FNXBBo44g=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "ac5694a0b855a981e81b4d9f14052e3ff46ca39e",
+        "rev": "c8d3157d1f768e382de5526bb38e74d2245cad04",
         "type": "github"
       },
       "original": {
@@ -280,11 +280,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1724576102,
-        "narHash": "sha256-uM7n5nNL6fmA0bwMJBNll11f4cMWOFa2Ni6F5KeIldM=",
+        "lastModified": 1725161148,
+        "narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "e333d62b70b179da1dd78d94315e8a390f2d12e5",
+        "rev": "32058e9138248874773630c846563b1a78ee7a5b",
         "type": "github"
       },
       "original": {
@@ -362,11 +362,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1725067332,
-        "narHash": "sha256-bMi5zhDwR6jdmN5mBHEu9gQQf9CibIEasA/6mc34Iek=",
+        "lastModified": 1725099143,
+        "narHash": "sha256-CHgumPZaC7z+WYx72WgaLt2XF0yUVzJS60rO4GZ7ytY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "192e7407cc66e2eccc3a6c5ad3834dd62fae3800",
+        "rev": "5629520edecb69630a3f4d17d3d33fc96c13f6fe",
         "type": "github"
       },
       "original": {
@@ -406,11 +406,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1724910205,
-        "narHash": "sha256-eH2yPsTkaGp87rtxATx9d2dGBQUXH3kQPEOTKmaEb0s=",
+        "lastModified": 1725107436,
+        "narHash": "sha256-84Rz+GeFifzaJHnyMlkz4TdnrWxQdryTQKU3XVFQR1Q=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "d150ce320e4eda99d8865bbd4c74ee8c47a88097",
+        "rev": "7cae6d0202140ec322e18b65b63d03b423d595f7",
         "type": "github"
       },
       "original": {
diff --git a/homes/_modules/security/_1password/default.nix b/homes/_modules/security/_1password/default.nix
new file mode 100644
index 0000000..8c62c30
--- /dev/null
+++ b/homes/_modules/security/_1password/default.nix
@@ -0,0 +1,19 @@
+{ lib, config, ... }:
+let
+  cfg = config.modules.security._1password;
+in
+{
+  options.modules.security._1password = {
+    enable = lib.mkEnableOption "_1password";
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      # TODO: See if I can get this to work with home.sessionVariables instead
+      programs.fish.shellInit = ''
+        set -gx OP_CONNECT_HOST (jq -r .host ${config.sops.secrets.op_connect.path})
+        set -gx OP_CONNECT_TOKEN (jq -r .token ${config.sops.secrets.op_connect.path})
+      '';
+    })
+  ];
+}
diff --git a/homes/_modules/security/default.nix b/homes/_modules/security/default.nix
index 34b8f34..e03464a 100644
--- a/homes/_modules/security/default.nix
+++ b/homes/_modules/security/default.nix
@@ -1,7 +1,9 @@
 { ... }:
 {
   imports = [
+    ./_1password
     ./gnugpg
     ./ssh
   ];
+
 }
diff --git a/homes/stianrs/hosts/gamer.nix b/homes/stianrs/hosts/gamer.nix
index 741a64b..7739c50 100644
--- a/homes/stianrs/hosts/gamer.nix
+++ b/homes/stianrs/hosts/gamer.nix
@@ -1,13 +1,9 @@
-{ config, ... }:
+{ ... }:
 {
   modules = {
     development.enable = true;
     kubernetes.enable = true;
+    # TODO: See if I can automate this based on the nixos module being enabled on the host
+    security._1password.enable = true;
   };
-
-  # TODO: See if I can get this to work with home.sessionVariables instead
-  programs.fish.shellInit = ''
-    set -gx OP_CONNECT_HOST (jq -r .host ${config.sops.secrets.op_connect.path})
-    set -gx OP_CONNECT_TOKEN (jq -r .token ${config.sops.secrets.op_connect.path})
-  '';
 }
diff --git a/homes/stianrs/hosts/laptop.nix b/homes/stianrs/hosts/laptop.nix
index 987f131..bfebf40 100644
--- a/homes/stianrs/hosts/laptop.nix
+++ b/homes/stianrs/hosts/laptop.nix
@@ -1,12 +1,8 @@
-{ config, ... }:
+{ ... }:
 {
   modules = {
     development.enable = true;
     kubernetes.enable = true;
+    security._1password.enable = true;
   };
-
-  programs.fish.shellInit = ''
-    set -gx OP_CONNECT_HOST (jq -r .host ${config.sops.secrets.op_connect.path})
-    set -gx OP_CONNECT_TOKEN (jq -r .token ${config.sops.secrets.op_connect.path})
-  '';
 }