A collection of Nix flakes and home-manager modules for utility tools and applications.
# Install opx directly
nix run github:zach-source/nix-packages#opx
# Install to profile
nix profile install github:zach-source/nix-packages#opxAdd to your home.nix:
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
home-manager.url = "github:nix-community/home-manager";
utils.url = "github:zach-source/nix-packages";
};
outputs = { nixpkgs, home-manager, utils, ... }: {
homeConfigurations."your-username" = home-manager.lib.homeManagerConfiguration {
modules = [
utils.homeManagerModules.opx
{
services.opx-authd = {
enable = true;
backend = "multi";
enableAuditLog = true;
sessionTimeout = 8;
policy = {
allow = [
{
path = "/usr/bin/kubectl";
refs = [ "op://Production/k8s/*" ];
require_signed = true;
}
];
default_deny = true;
};
};
}
];
};
};
}Features:
- Multi-backend secret access (1Password + Vault + Bao)
- Advanced security with process verification and audit logging
- Session management with configurable timeouts
- Policy-based access control
Configuration Options:
backend: Backend type (opcli, vault, bao, multi, fake)sessionTimeout: Session idle timeout in hoursenableAuditLog: Enable structured audit loggingpolicy: Access control policy configurationenvironmentFile: Path to environment file with secrets
Usage:
# Start service
systemctl --user start opx-authd # Linux
# or it starts automatically with home-manager
# Use client
opx login 1password --account=YOUR_ACCOUNT
opx read "op://vault/item/field"# Enter development shell
nix develop github:zach-source/nix-packages
# Build locally
nix build github:zach-source/nix-packages#opxTo add a new utility package:
- Add package definition to
flake.nix - Create home-manager module in
modules/if needed - Update documentation
- Test the package
- macOS: Full support with Security framework integration
- Linux: Planned support (currently macOS-only due to Security framework)