diff --git a/README.md b/README.md index c239601..20f0372 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,17 @@ scoop bucket add openpass https://github.com/danieljustus/scoop-bucket scoop install openpass ``` +**Nix (Flake):** +```bash +# Run directly (no install needed) +nix run github:danieljustus/OpenPass + +# Or add as a flake input +# flake.nix: +# inputs.openpass.url = "github:danieljustus/OpenPass"; +``` +> **Note:** The flake is new. Go module dependencies are pinned via `vendorHash` in `flake.nix`. If updating dependencies, run `go mod vendor && nix hash path --sri vendor/` and update the hash. + **Go:** ```bash go install github.com/danieljustus/OpenPass@latest @@ -68,6 +79,7 @@ For manual downloads, Linux packages, release verification, and build-from-sourc | Linux | ✓ | ✓ | Quick install, Homebrew, Go, Manual, deb/rpm/apk | | Windows | ✓ | ✓ | Quick install, Scoop, Go, Manual | | FreeBSD | ✓ | ✓ | Go, Manual | +| NixOS / Nix | ✓ | ✓ | Nix flake (`nix run github:danieljustus/OpenPass`) | ## Quick Start diff --git a/docs/distribution.md b/docs/distribution.md index ceeb7a5..85ba11b 100644 --- a/docs/distribution.md +++ b/docs/distribution.md @@ -10,6 +10,7 @@ OpenPass is distributed through multiple channels to support different platforms | macOS | amd64, arm64 | tar.gz, Homebrew | | Windows | amd64, arm64 | zip | | FreeBSD | amd64, arm64 | tar.gz | +| NixOS / Nix | amd64, arm64 | Nix flake | **Notes:** - **FreeBSD**: Prebuilt binaries are built with `CGO_ENABLED=0`, which disables OS keyring integration. Instead, OpenPass uses an in-memory encrypted session cache (AES-256-GCM) with a 15-minute TTL. See [docs/troubleshooting.md](troubleshooting.md#freebsd) for details. @@ -93,6 +94,20 @@ Expand-Archive OpenPass__windows_.zip Move-Item OpenPass__windows_\openpass.exe C:\Windows\System32\ ``` +### Nix Flake + +OpenPass provides a Nix flake for NixOS and Nix users: + +```bash +# Run directly (no install needed) +nix run github:danieljustus/OpenPass + +# Or add as a flake input in your flake.nix: +# inputs.openpass.url = "github:danieljustus/OpenPass"; +``` + +> **Note:** Go module dependencies are pinned via `vendorHash` in `flake.nix`. If updating dependencies, run `go mod vendor && nix hash path --sri vendor/` and update the hash. + ### Go Install ```bash diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d24e31c --- /dev/null +++ b/flake.nix @@ -0,0 +1,62 @@ +{ + description = "OpenPass — modern CLI password manager with age encryption"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = + { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import nixpkgs { inherit system; }; + in + { + packages.default = pkgs.buildGoModule { + pname = "openpass"; + version = self.version or "dev"; + + src = ./.; + + # Resolved via `go mod vendor; nix hash path --sri vendor/` + vendorHash = "sha256-mFck88bFcrdG4eO+IDdGsG6gQLx8SlOGLyit6A68uL4="; + + # Disable CGO for Linux — reduces distributability and is not needed + # (keyring integration requires CGO only on darwin). + CGO_ENABLED = 0; + + ldflags = [ + "-s" + "-w" + "-X main.version=${self.version or "dev"}" + "-X main.commit=${self.rev or "unknown"}" + "-X main.date=unknown" + ]; + + meta = with pkgs.lib; { + description = "Modern CLI password manager with age encryption"; + homepage = "https://github.com/danieljustus/OpenPass"; + license = licenses.mit; + maintainers = [ ]; + platforms = platforms.linux ++ platforms.darwin; + mainProgram = "openpass"; + }; + }; + + apps.default = flake-utils.lib.mkApp { + drv = self.packages.${system}.default; + }; + + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + go + gopls + gotools + go-tools + ]; + }; + } + ); +}