path: root/home/profiles/work.nix

                   
 
{ lib, pkgs, ... }:
{
  imports = [
    ../programs/dev/k8s.nix
    ../programs/security/hashi.nix
    ../programs/security/sapi.nix
  ];

  home.packages = with pkgs; [
    awscli2
    boundary # for secure remote access
    grpcurl
    tfswitch
    vault
  ];

  programs.onepassword.sshKeys = lib.mkAfter [
    {
      account = "roblox.1password.com";
      vault = "Private";
    }
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "ash1";
            alias = "ash1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "sitetest3";
            alias = "st3";
            jumpHost = "st3-jumpcontainer-es";
          }
          {
            name = "sitetest2-snc2";
            alias = "st2-snc2";
            jumpHost = "st2-snc2-jumpcontainer-es";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/${env.alias}-cert.pub'";
            }
          ]) environments
        );
      in
      envAliases;
  };

  programs.ssh.matchBlocks = {
    "github.rbx.com" = {
      hostname = "github.rbx.com";
      user = "git";
      forwardAgent = false;
      extraOptions = {
        preferredAuthentications = "publickey";
        controlMaster = "no";
        controlPath = "none";
      };
    };
  };

  programs.git = {
    extraConfig = {
      url = {
        "ssh://git@github.rbx.com/" = {
          insteadOf = "https://github.rbx.com/";
        };
      };
    };
  };
}
{ lib, pkgs, ... }:
{
  imports = [
    ../programs/dev/k8s.nix
    ../programs/security/hashi.nix
    ../programs/security/sapi.nix
  ];

  home.packages = with pkgs; [
    awscli2
    boundary # for secure remote access
    grpcurl
    tfswitch
    vault
  ];

  programs.onepassword.sshKeys = lib.mkAfter [
    {
      account = "roblox.1password.com";
      vault = "Private";
    }
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "ash1";
            alias = "ash1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "sitetest3";
            alias = "st3";
            jumpHost = "st3-jumpcontainer-es";
          }
          {
            name = "sitetest2-snc2";
            alias = "st2-snc2";
            jumpHost = "st2-snc2-jumpcontainer-es";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/${env.alias}-cert.pub'";
            }
          ]) environments
        );
      in
      envAliases;
  };

  programs.ssh.matchBlocks = {
    "github.rbx.com" = {
      hostname = "github.rbx.com";
      user = "git";
      forwardAgent = false;
      extraOptions = {
        preferredAuthentications = "publickey";
        controlMaster = "no";
        controlPath = "none";
      };
    };
  };

  programs.git = {
    extraConfig = {
      url = {
        "ssh://git@github.rbx.com/" = {
          insteadOf = "https://github.rbx.com/";
        };
      };
    };
  };
}