feat: Add a Nix Flake with a devShell, NixOS module, and home-manager module to configure Shell Plugins

[mrjones2014]

Overview

The flake.nix added does two things:

1. Adds a devShell so Nix users can just run nix develop or use direnv to have a Go environment set up to build the plugins.
2. Add a NixOS module and a home-manager module (users will choose one or the other) to configure 1Password Shell Plugins via Nix; this only works if you're using Nix to manage your shell config, but if you're deep into Nix enough to be using Flakes, you probably are managing your shell config with Nix, too.

With this flake as an input to your own flake, you would then be able to configure 1Password Shell Plugins with the following:

programs._1password-shell-plugins = {
  enable = true;
  plugins = with pkgs; [ gh awscli2 cachix ];
};

Type of change

- [ ] Created a new plugin - [ ] Improved an existing plugin - [ ] Fixed a bug in an existing plugin - [x] Improved contributor utilities or experience ## Related Issue(s) * Resolves: # * Relates: # ## How To Test

Create a home-manager Nix flake that manages your shell configuration:

flake.nix

{
  description = "My dotfiles managed with nix as a flake";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # This should be the path to the repo checkout locally, with this branch checked out
    _1password-shell-plugins.url = "git+file:///$HOME/git/shell-plugins";
  };

  outputs = inputs@{ self, nixpkgs, home-manager, ... }: {
    homeConfigurations = {
      # note: this "my-config" name will be the value you use on the command line
      # to apply the configuration as well
      "my-config" = home-manager.lib.homeManagerConfiguration {
        extraSpecialArgs = { inherit inputs; };
        # or pkgs = nixpkgs.legacyPackages.x86_64-linux; if you're on linux
        pkgs = nixpkgs.legacyPackages.aarch64-darwin;
        modules = [
          inputs._1password-shell-plugins.hmModules.default
          ./home.nix
        ];
      };
    };
  };
}

./home.nix

{ inputs, config, pkgs, lib, ... }: {
  home = {
    username = "<your-os-username>";
    # or `/home/<your-linux-username>` if you're on Linux
    homeDirectory = "/Users/<your-os-username>";
    # this should be set up by home-manager automatically for you, leave it alone
    stateVersion = "22.11";
  };
  # allow 1Password CLI package; Nix doesn't allow any unfree software by default
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      "1password-cli"
    ];
  programs._1password-shell-plugins = {
    enable = true;
     # whatever shell plugins you want to use that have packages
     # available in nixpkgs
    plugins = with pkgs; [ gh ];
  };
  programs.fish = {
    enable = true;
    # the rest of your shell config goes here
  };
}

If you're on macOS, you will need to install home-manager manually as well: https://nix-community.github.io/home-manager/index.xhtml#sec-install-standalone

On NixOS, you can manage home-manager as a NixOS module instead.

For standalone home-manage installation, run home-manager switch --flake ~/path/to/flake-directory/.#my-config to apply the configuration. If you're on NixOS and using a flake to manage home-manager as a NixOS module, you can just run sudo nixos-rebuild switch --flake ~/path/to/flake-directory/.#my-config

Changelog

Add a `flake.nix` that provides a `devShell` for contributors as well as a NixOS and `home-manager` module that can be used to configure 1Password Shell Plugins via Nix.

[AndyTitu]

Hmm, I wasn't able to test according to the How to test section. @mrjones2014 could you help me walk through the use case as someone who just installed nix on their Mac OS machine?

[mrjones2014]

Hmm, I wasn't able to test according to the How to test section. @mrjones2014 could you help me walk through the use case as someone who just installed nix on their Mac OS machine?

Sure thing, I'll send you a message on slack 👍

[mrjones2014]

Just pushed a cool commit that validates the plugins option and gives an error message if the user specified a package that isn't a supported Shell Plugin

[AndyTitu]

Functionally tested as a new Nix user on Mac:

1. dev-mode (after I uninstalled go):

bash-3.2$ nix develop
(nix:Shell-with-Go-toolchain-env) Andis-MacBook-Pro:shell-plugins andititu$go version
go version go1.21.7 darwin/arm64
(nix:Shell-with-Go-toolchain-env) Andis-MacBook-Pro:shell-plugins andititu$ which go
/nix/store/b9wbj651hcyfm63kkcxykpjcqc0qqwp5-go-1.21.7/bin/go

Question: could we only have go and goals installed at the level of the shell-plugin directory, and then when I cd out of this directory, I don't have go installed anymore? From my understanding this is one possibility for Nix UX, right?

2. Prod mode:

After running home-manager switch --flake .#mac

bash-3.2$ which aws
/Users/andititu/.nix-profile/bin/aws
bash-3.2$ aws organizations list-accounts
###############################################################################
# WARNING: 'aws' is not from the official registry.                           #
# Only proceed if you are the developer of 'aws'.                             #
# Otherwise, delete the file at /Users/andititu/.config/op/plugins/local/aws. #
###############################################################################
[ERROR] 2024/03/07 18:40:58 RequestDelegatedSession: cannot connect to 1Password app, make sure it is running

[mrjones2014]

Question: could we only have go and goals installed at the level of the shell-plugin directory, and then when I cd out of this directory, I don't have go installed anymore? From my understanding this is how nix is working right?

Yep, that's the idea of Nix. I don't have any toolchains installed globally (like go, gopls, rustc, cargo, or anything like that); they get installed to temporary environments when I cd into a project directory that has a flake.nix (because I have nix-direnv enabled, it automatically uses the flake.nix when I cd).

If you use direnv or nix-direnv (more optimized with extra caching for Nix stuff), you can create a .envrc file with contents just use flake, and then the Nix shell will be automatically set up when you cd into the directory, and exited when you cd out of the directory. Alternatively you can just manually run nix develop which will start a subshell set up by the flake, only this way you will have to manually exit the shell to get back to your main shell with the flake stuff gone. I have a component in my terminal prompt that tells me when I'm in a nix-shell subshell, and whether its because of a direnv .envrc: