path: root/nix/users/fcuny/work.nix

              

{ pkgs, ... }:
let
  nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
    #!${pkgs.runtimeShell}
    set -e

    if [ $# -ne 1 ]; then
      echo "Usage: nomad-ui CELL_ID"
      exit 1
    fi

    CELL_ID=$1

    echo ">> Login to chi1 vault using Okta"
    export VAULT_ADDR="https://chi1-vault.simulprod.com:8200"
    export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)

    echo ">> Accessing cell $CELL_ID"
    export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
    export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)

    nomad ui --authenticate
  '';
in
{
  imports = [ ./k8s.nix ];

  home.packages = with pkgs; [
    awscli2
    boundary # for secure remote access
    customPackages.hashi
    customPackages.sapi
    nomad-pack
    nomad-prod
    tfswitch
    vault
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "ash1";
            alias = "ash1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "sitetest3";
            alias = "st3";
            jumpHost = "st3-jumpcontainer-es";
          }
          {
            name = "sitetest2-snc2";
            alias = "st2-snc2";
            jumpHost = "st2-snc2-jumpcontainer-es";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/cert-${env.alias}'";
            }
          ]) environments
        );

        # Add any additional non-environment specific aliases
        additionalAliases = {
          "sjump-st1-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest1-snc2";
          "sjump-st1-snc3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3-snc2";
          "sjump-st2-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest2-snc2";
          "sjump-st3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3";
          "sjump" = "${pkgs.customPackages.sapi}/bin/sapi jump";
          "ssh-edge" =
            "ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)";
        };
      in
      envAliases // additionalAliases;
  };

  # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix.
  programs.ssh.includes = [ "config_sapi" ];
}
{ pkgs, ... }:
let
  nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
    #!${pkgs.runtimeShell}
    set -e

    if [ $# -ne 1 ]; then
      echo "Usage: nomad-ui CELL_ID"
      exit 1
    fi

    CELL_ID=$1

    echo ">> Login to chi1 vault using Okta"
    export VAULT_ADDR="https://chi1-vault.simulprod.com:8200"
    export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)

    echo ">> Accessing cell $CELL_ID"
    export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
    export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)

    nomad ui --authenticate
  '';
in
{
  imports = [ ./k8s.nix ];

  home.packages = with pkgs; [
    awscli2
    boundary # for secure remote access
    customPackages.hashi
    customPackages.sapi
    nomad-pack
    nomad-prod
    tfswitch
    vault
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "ash1";
            alias = "ash1";
            jumpHost = "chi1-jumpcontainer-es";
          }
          {
            name = "sitetest3";
            alias = "st3";
            jumpHost = "st3-jumpcontainer-es";
          }
          {
            name = "sitetest2-snc2";
            alias = "st2-snc2";
            jumpHost = "st2-snc2-jumpcontainer-es";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/cert-${env.alias}'";
            }
          ]) environments
        );

        # Add any additional non-environment specific aliases
        additionalAliases = {
          "sjump-st1-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest1-snc2";
          "sjump-st1-snc3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3-snc2";
          "sjump-st2-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest2-snc2";
          "sjump-st3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3";
          "sjump" = "${pkgs.customPackages.sapi}/bin/sapi jump";
          "ssh-edge" =
            "ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)";
        };
      in
      envAliases // additionalAliases;
  };

  # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix.
  programs.ssh.includes = [ "config_sapi" ];
}