opnix

module

v0.9.0 Latest Latest Go to latest Published: Jan 13, 2026 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/brizzbuzz/opnix

Links

Open Source Insights

README ¶

OpNix

Secure 1Password secrets integration for NixOS, nix-darwin, and Home Manager.

Features

Declarative Secrets: Define secrets directly in Nix configuration
Service Integration: Automatic systemd/launchd service restarts on secret changes
Multi-Platform: Full support for NixOS, nix-darwin, and Home Manager
Secure: Uses 1Password service accounts with proper file permissions
Reliable: systemd services ensure secrets are available without breaking system boot
Developer Shells: Export 1Password secrets as environment variables inside flake devshells

Quick Start

Add OpNix to your flake:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    opnix.url = "github:brizzbuzz/opnix";
  };

  outputs = { nixpkgs, opnix, ... }: {
    # NixOS
    nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
      modules = [
        opnix.nixosModules.default
        ./configuration.nix
      ];
    };

    # nix-darwin
    darwinConfigurations.yourhostname = nix-darwin.lib.darwinSystem {
      modules = [
        opnix.darwinModules.default
        ./configuration.nix
      ];
    };

    # Home Manager
    homeConfigurations.yourusername = home-manager.lib.homeManagerConfiguration {
      modules = [
        opnix.homeManagerModules.default
        ./home.nix
      ];
    };
  };
}

Configure secrets:

# NixOS/nix-darwin
services.onepassword-secrets = {
  enable = true;
  tokenFile = "/etc/opnix-token";
  secrets = {
    databasePassword = {
      reference = "op://Homelab/Database/password";
      owner = "postgres";
      services = ["postgresql"];
    };
  };
};

# Home Manager
programs.onepassword-secrets = {
  enable = true;
  secrets = {
    sshPrivateKey = {
      reference = "op://Personal/SSH/private-key";
      path = ".ssh/id_rsa";
      mode = "0600";
    };
  };
};

Set up your token:

sudo opnix token set
sudo nixos-rebuild switch --flake .

Documentation

📚 Complete Documentation

Getting Started Guide - Complete setup walkthrough
Configuration Reference - All configuration options
Examples - Real-world configuration examples
Best Practices - Security and operational guidance
Troubleshooting - Common issues and solutions
Migration Guide - Upgrading from V0 to V1

Platform Support

Platform	Module	Use Case
NixOS	`nixosModules.default`	System-wide secret management
nix-darwin	`darwinModules.default`	macOS system secrets
Home Manager	`homeManagerModules.default`	User-specific secrets

Getting Help

📖 Documentation: Start with the Getting Started Guide
🐛 Issues: Report bugs and request features
💬 Discussions: Ask questions and share configurations

License

MIT License

Directories ¶

Path	Synopsis
cmd
opnix command cmd/opnix/token.go	cmd/opnix/token.go
internal
config
errors
onepass
secrets
systemd
types
validation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL