path: root/home/programs/hashi.nix

                      

{ config, pkgs, ... }:
let
  nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
    set -e

    if [ $# -ne 1 ]; then
      echo "Usage: nomad-ui CELL_ID"
      exit 1
    fi

    CELL_ID=$1

    echo ">> Fetching cell definition for $CELL_ID from GitHub"
    REGION_ID=$(${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/definitions/''${CELL_ID}.yaml --jq '.content' | base64 -d | yq -r '.regionId')

    if [ -z "$REGION_ID" ] || [ "$REGION_ID" = "null" ]; then
      echo "Error: Could not retrieve regionId for cell $CELL_ID"
      exit 1
    fi

    echo ">> Found regionId: $REGION_ID"

    case "$REGION_ID" in
      r002)
      VAULT_REGION="chi1"
      ;;
      r003)
      VAULT_REGION="ash1"
      ;;
      *)
      echo "Error: Unknown regionId $REGION_ID. Expected r002 or r003."
      exit 1
      ;;
    esac

    echo ">> Using vault region: $VAULT_REGION"

    echo ">> Login to $VAULT_REGION vault using Okta"
    export VAULT_ADDR="https://$VAULT_REGION-vault.simulprod.com:8200"
    export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)

    echo ">> Accessing cell $CELL_ID"
    export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
    export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)

    ${pkgs.nomad}/bin/nomad ui --authenticate
  '';
in
{
  home.packages = with pkgs; [
    nomad-prod
    hashi
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "ash1";
            alias = "ash1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "sitetest3";
            alias = "st3";
            jumpHost = "st3-jumpcontainer-es";
          }
          {
            name = "sitetest2-snc2";
            alias = "st2-snc2";
            jumpHost = "st2-snc2-jumpcontainer-es";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=${config.home.homeDirectory}/.ssh/${env.alias}-cert.pub --key=${config.home.homeDirectory}/.ssh/id_ed25519_sk_rk key.pub";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/${env.alias}-cert.pub'";
            }
          ]) environments
        );
      in
      envAliases;
  };
}
{ config, pkgs, ... }:
let
  nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
    set -e

    if [ $# -ne 1 ]; then
      echo "Usage: nomad-ui CELL_ID"
      exit 1
    fi

    CELL_ID=$1

    echo ">> Fetching cell definition for $CELL_ID from GitHub"
    REGION_ID=$(${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/definitions/''${CELL_ID}.yaml --jq '.content' | base64 -d | yq -r '.regionId')

    if [ -z "$REGION_ID" ] || [ "$REGION_ID" = "null" ]; then
      echo "Error: Could not retrieve regionId for cell $CELL_ID"
      exit 1
    fi

    echo ">> Found regionId: $REGION_ID"

    case "$REGION_ID" in
      r002)
      VAULT_REGION="chi1"
      ;;
      r003)
      VAULT_REGION="ash1"
      ;;
      *)
      echo "Error: Unknown regionId $REGION_ID. Expected r002 or r003."
      exit 1
      ;;
    esac

    echo ">> Using vault region: $VAULT_REGION"

    echo ">> Login to $VAULT_REGION vault using Okta"
    export VAULT_ADDR="https://$VAULT_REGION-vault.simulprod.com:8200"
    export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)

    echo ">> Accessing cell $CELL_ID"
    export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
    export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)

    ${pkgs.nomad}/bin/nomad ui --authenticate
  '';
in
{
  home.packages = with pkgs; [
    nomad-prod
    hashi
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "ash1";
            alias = "ash1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "sitetest3";
            alias = "st3";
            jumpHost = "st3-jumpcontainer-es";
          }
          {
            name = "sitetest2-snc2";
            alias = "st2-snc2";
            jumpHost = "st2-snc2-jumpcontainer-es";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=${config.home.homeDirectory}/.ssh/${env.alias}-cert.pub --key=${config.home.homeDirectory}/.ssh/id_ed25519_sk_rk key.pub";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/${env.alias}-cert.pub'";
            }
          ]) environments
        );
      in
      envAliases;
  };
}