organize programs in a way that makes sense to me

1 files changed, 4 insertions, 101 deletions

diff --git a/home/profiles/work.nix b/home/profiles/work.nix
index 44db120..c4ebe0a 100644
--- a/home/profiles/work.nix
+++ b/home/profiles/work.nix
@@ -1,80 +1,19 @@
 { lib, pkgs, ... }:
-let
-  nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
-    set -e
-
-    if [ $# -ne 1 ]; then
-      echo "Usage: nomad-ui CELL_ID"
-      exit 1
-    fi
-
-    CELL_ID=$1
-
-    echo ">> Fetching cell definition for $CELL_ID from GitHub"
-    REGION_ID=$(${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/definitions/''${CELL_ID}.yaml --jq '.content' | base64 -d | yq -r '.regionId')
-
-    if [ -z "$REGION_ID" ] || [ "$REGION_ID" = "null" ]; then
-      echo "Error: Could not retrieve regionId for cell $CELL_ID"
-      exit 1
-    fi
-
-    echo ">> Found regionId: $REGION_ID"
-
-    case "$REGION_ID" in
-      r002)
-      VAULT_REGION="chi1"
-      ;;
-      r003)
-      VAULT_REGION="ash1"
-      ;;
-      *)
-      echo "Error: Unknown regionId $REGION_ID. Expected r002 or r003."
-      exit 1
-      ;;
-    esac
-
-    echo ">> Using vault region: $VAULT_REGION"
-
-    echo ">> Login to $VAULT_REGION vault using Okta"
-    export VAULT_ADDR="https://$VAULT_REGION-vault.simulprod.com:8200"
-    export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)
-
-    echo ">> Accessing cell $CELL_ID"
-    export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
-    export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)
-
-    ${pkgs.nomad}/bin/nomad ui --authenticate
-  '';
-in
 {
   imports = [
-    ./k8s.nix
+    ../programs/dev/k8s.nix
+    ../programs/security/hashi.nix
+    ../programs/security/sapi.nix
   ];
 
   home.packages = with pkgs; [
     awscli2
     boundary # for secure remote access
     grpcurl
-    hashi
-    nomad-prod
-    sapi
     tfswitch
     vault
   ];
 
-  programs.gh = {
-    enable = true;
-    settings = {
-      version = 1;
-      git_protocol = "ssh";
-      prompt = "enabled";
-      aliases = {
-        co = "pr checkout";
-        vw = "pr view --web";
-      };
-    };
-  };
-
   programs.onepassword.sshKeys = lib.mkAfter [
     {
       account = "roblox.1password.com";
@@ -125,19 +64,8 @@ in
             }
           ]) environments
         );
-
-        # Add any additional non-environment specific aliases
-        additionalAliases = {
-          "sjump-st1-snc2" = "${pkgs.sapi}/bin/sapi jump sitetest1-snc2";
-          "sjump-st1-snc3" = "${pkgs.sapi}/bin/sapi jump sitetest3-snc2";
-          "sjump-st2-snc2" = "${pkgs.sapi}/bin/sapi jump sitetest2-snc2";
-          "sjump-st3" = "${pkgs.sapi}/bin/sapi jump sitetest3";
-          "sjump" = "${pkgs.sapi}/bin/sapi jump";
-          "ssh-edge" =
-            "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (${pkgs._1password-cli}/bin/op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)";
-        };
       in
-      envAliases // additionalAliases;
+      envAliases;
   };
 
   programs.ssh.matchBlocks = {
@@ -153,9 +81,6 @@ in
     };
   };
 
-  # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix.
-  programs.ssh.includes = [ "config_sapi" ];
-
   programs.git = {
     extraConfig = {
       url = {
@@ -164,27 +89,5 @@ in
         };
       };
     };
-    # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working
-    # to test it's working as expected:
-    # run `git config --get-all user.email' in a repository to check that we get all the possible emails
-    # run `git config --get user.email' in a repository to check which email is selected
-    includes = [
-      {
-        condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:git@github.com:Roblox/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:https://github.com/Roblox/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:https://github.rbx.com/*/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-    ];
   };
 }