nixos/_1password-gui: cleanup

* Change groupId to gid to align with the rest of NixOS modules
* Add a check to the gid option to ensure it is greater than or equal
to 1000
* Use the overridden package for the wrappers
This commit is contained in:
Cole Helbling 2022-03-29 16:08:17 -07:00
parent 83a8390791
commit 6e6558711f

View File

@ -3,61 +3,60 @@
with lib;
let
cfg = config.programs._1password-gui;
in {
in
{
options = {
programs._1password-gui = {
enable = mkEnableOption "The 1Password Desktop application with browser integration";
enable = mkEnableOption "the 1Password GUI application";
groupId = mkOption {
type = types.int;
gid = mkOption {
type = types.addCheck types.int (x: x >= 1000);
example = literalExpression "5000";
description = ''
The GroupID to assign to the onepassword group, which is needed for browser integration. The group ID must be 1000 or greater.
The gid to assign to the onepassword group, which is needed for browser integration.
It must be 1000 or greater.
'';
};
polkitPolicyOwners = mkOption {
type = types.listOf types.str;
default = [];
example = literalExpression "[\"user1\" \"user2\" \"user3\"]";
default = [ ];
example = literalExpression ''["user1" "user2" "user3"]'';
description = ''
A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms. By default, no users will have such access.
A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
'';
};
package = mkOption {
type = types.package;
default = pkgs._1password-gui;
defaultText = literalExpression "pkgs._1password-gui";
example = literalExpression "pkgs._1password-gui";
description = ''
The 1Password derivation to use. This can be used to upgrade from the stable release that we keep in nixpkgs to the betas.
'';
package = mkPackageOption pkgs "1Password GUI" {
default = [ "_1password-gui" ];
};
};
};
config = let
config =
let
package = cfg.package.override {
polkitPolicyOwners = cfg.polkitPolicyOwners;
};
in mkIf cfg.enable {
in
mkIf cfg.enable {
environment.systemPackages = [ package ];
users.groups.onepassword.gid = cfg.groupId;
users.groups.onepassword.gid = cfg.gid;
security.wrappers = {
"1Password-BrowserSupport" =
{ source = "${cfg.package}/share/1password/1Password-BrowserSupport";
"1Password-BrowserSupport" = {
source = "${package}/share/1password/1Password-BrowserSupport";
owner = "root";
group = "onepassword";
setuid = false;
setgid = true;
};
"1Password-KeyringHelper" =
{ source = "${cfg.package}/share/1password/1Password-KeyringHelper";
"1Password-KeyringHelper" = {
source = "${package}/share/1password/1Password-KeyringHelper";
owner = "root";
group = "onepassword";
setuid = true;