nix: avoid IFD

[auscyber]

Overview

Removed IFD (import from derivation) from the nix module

the current implementation requires building the op executable before anything else can happen which results in significant slowdown of system builds as everything is halted until 1password builds. Removing IFD allows the nix module to be built without building the op executable first, which should speed up system builds significantly. The check still happens, but as a derivation instead of a plugin, which means it can be built in parallel with the rest of the system instead of halting everything until it's done.

Type of change

• Created a new plugin
• Improved an existing plugin
• Fixed a bug in an existing plugin
• Improved contributor utilities or experience

Related Issue(s)

• Resolves: #
• Relates: #

How To Test

Attempt to use the nix module on home-manager or nixos

Changelog

• Removed IFD (import from derivation) from the nix module, allowing it to be built in parallel with the rest of the system instead of halting everything until it's done.

[Copilot]

Pull request overview

This PR aims to remove IFD (import-from-derivation) from the Nix module by moving plugin support validation from evaluation-time file reads into a separate derivation, so NixOS/Home Manager builds can proceed in parallel instead of being blocked on building/running op early.

Changes:

• Replaces the eval-time supported-plugin list generation with a runCommand-based support check derivation that runs op plugin list.
• Introduces opPkg to consistently choose the op package used by the check.
• Attempts to hook the support check into Home Manager / NixOS via new home.checks / system.checks assignments.

Comments suppressed due to low confidence (2)

nix/shell-plugins.nix:141

• home.checks is not a standard Home Manager option, so this will likely fail module evaluation with “The option home.checks does not exist”. Consider wiring the derivation into an existing mechanism (e.g., assertions/warnings, activation, or another supported dependency hook) so the check is actually built/run.

      (optionalAttrs is-home-manager {
	  home.checks = [ plugin-support-check ];
        programs = {
          # for the Bash and Zsh home-manager modules,
          # the initExtra/initContent option is equivalent to Fish's interactiveShellInit
          bash.initExtra = initExtraPosix;

nix/shell-plugins.nix:155

• system.checks is not a standard NixOS module option, so this will likely fail module evaluation with “The option system.checks does not exist”. Consider adding the derivation via a supported NixOS hook (e.g., system.extraDependencies if available, or another established mechanism) to ensure it builds without breaking evaluation.

      (optionalAttrs (!is-home-manager) {
	  system.checks = [ plugin-support-check ];
        programs = {
          bash.interactiveShellInit =
            strings.concatStringsSep "\n" posixFunctions;
          zsh.interactiveShellInit = strings.concatStringsSep "\n" posixFunctions;
        };

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[auscyber]

@copilot apply changes based on this feedback