1Password app and CLI integration ala NixOS #3997

Open worldofgeese opened 1 year ago

Description

Currently, the 1Password GUI and CLI apps have no method of communicating, which makes using plugins like GitHub or GitLab impossible as they require a desktop app connected.

Would something like this be possible? I've copied in this user's example which looks to be only relevant for NixOS users

{
  # Enable the 1Password CLI, this also enables a SGUID wrapper so the CLI can authorize against the GUI app
  programs._1password = {
    enable = true;
  };

  # Enable the 1Passsword GUI with myself as an authorized user for polkit
  programs._1password-gui = {
    enable = true;
    polkitPolicyOwners = ["matthew"];
  };
}

It will be great to have it, without hard-coding user names :)

Do you know if the SUID/SGUID helpers are owned by root or a special user? If owned by the current user, these wrappers are possible; otherwise, they are not because HM's cli and activation service are meant to be run as the current user. There is no sudo support.
I don't think polkit supports user-level rules. This goes back to my previous point about HM not supporting sudo (you can use HM for the root user, but HM itself will not use sudo in any commands).

Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.

If you are the original author of the issue

* If this is resolved, please consider closing it so that the maintainers know not to focus on this. * If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough. * If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.

If you are not the original author of the issue

* If you are also experiencing this issue, please add details of your situation to help with the debugging process. * If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.

Memorandum on closing issues

Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.

The _1password package expects polkitPolicyOwners to be set to a list of users. If this isn't set it doesn't create ${pkg._1password-gui}/share/polkit-1/actions/com.1password.1Password.policy which is needed for things like the 1password browser extension.

I fixed this in home manager (non-nixos) by adding an overlay for _1password-gui:

nixpkgs = {
  overlays = [
    (final: prev: {
      _1password-gui = prev._1password-gui.override {
        polkitPolicyOwners = [ "ewan" ];
      };
    })
  ];
};

The browser extension now works for me 🥳