Opnix
Agenix inspired tool enabling users to inject secrets from 1password into their Nix servers at build time
Install / Use
/learn @brizzbuzz/OpnixREADME
OpNix
Secure 1Password secrets integration for NixOS, nix-darwin, and Home Manager.
Features
- Declarative Secrets: Define secrets directly in Nix configuration
- Service Integration: Automatic systemd/launchd service restarts on secret changes
- Multi-Platform: Full support for NixOS, nix-darwin, and Home Manager
- Secure: Uses 1Password service accounts with proper file permissions
- Reliable: systemd services ensure secrets are available without breaking system boot
- Developer Shells: Export 1Password secrets as environment variables inside flake devshells
Quick Start
Add OpNix to your flake:
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
opnix.url = "github:brizzbuzz/opnix";
};
outputs = { nixpkgs, opnix, ... }: {
# NixOS
nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
modules = [
opnix.nixosModules.default
./configuration.nix
];
};
# nix-darwin
darwinConfigurations.yourhostname = nix-darwin.lib.darwinSystem {
modules = [
opnix.darwinModules.default
./configuration.nix
];
};
# Home Manager
homeConfigurations.yourusername = home-manager.lib.homeManagerConfiguration {
modules = [
opnix.homeManagerModules.default
./home.nix
];
};
};
}
Configure secrets:
# NixOS/nix-darwin
services.onepassword-secrets = {
enable = true;
tokenFile = "/etc/opnix-token";
secrets = {
databasePassword = {
reference = "op://Homelab/Database/password";
owner = "postgres";
services = ["postgresql"];
};
};
};
# Home Manager
programs.onepassword-secrets = {
enable = true;
secrets = {
sshPrivateKey = {
reference = "op://Personal/SSH/private-key";
path = ".ssh/id_rsa";
mode = "0600";
};
};
};
Set up your token:
sudo opnix token set
sudo nixos-rebuild switch --flake .
Documentation
- Getting Started Guide - Complete setup walkthrough
- Configuration Reference - All configuration options
- Examples - Real-world configuration examples
- Best Practices - Security and operational guidance
- Troubleshooting - Common issues and solutions
- Migration Guide - Upgrading from V0 to V1
Platform Support
| Platform | Module | Use Case |
|----------|--------|----------|
| NixOS | nixosModules.default | System-wide secret management |
| nix-darwin | darwinModules.default | macOS system secrets |
| Home Manager | homeManagerModules.default | User-specific secrets |
Getting Help
- 📖 Documentation: Start with the Getting Started Guide
- 🐛 Issues: Report bugs and request features
- 💬 Discussions: Ask questions and share configurations
License
Related Skills
node-connect
341.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
84.5kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
341.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
84.5kCommit, push, and open a PR
