diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-07-21 07:31:45 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-07-21 08:13:11 -0700 |
| commit | 23f8df7396d35744069a4bda0d1d38a55ff64b79 (patch) | |
| tree | 772b5e72355e9ee5b3ae31aef37fe1d4508e8f30 /nix/users/fcuny | |
| parent | add docker helpers and clean up some dependencies (diff) | |
| download | infra-23f8df7396d35744069a4bda0d1d38a55ff64b79.tar.gz | |
refactoring to use flake-parts and automatic imports of hosts
This is the first step in a large refactoring to use flake-parts, and to
automatically imports hosts based on paths.
Diffstat (limited to 'nix/users/fcuny')
| -rw-r--r-- | nix/users/fcuny/1password.nix | 41 | ||||
| -rw-r--r-- | nix/users/fcuny/darwin.nix | 9 | ||||
| -rw-r--r-- | nix/users/fcuny/dev.nix | 130 | ||||
| -rw-r--r-- | nix/users/fcuny/emacs.nix | 89 | ||||
| -rw-r--r-- | nix/users/fcuny/git.nix | 126 | ||||
| -rw-r--r-- | nix/users/fcuny/home-manager.nix | 28 | ||||
| -rw-r--r-- | nix/users/fcuny/k8s.nix | 91 | ||||
| -rw-r--r-- | nix/users/fcuny/llm.nix | 33 | ||||
| -rw-r--r-- | nix/users/fcuny/media.nix | 8 | ||||
| -rw-r--r-- | nix/users/fcuny/nixos.nix | 24 | ||||
| -rw-r--r-- | nix/users/fcuny/personal.nix | 8 | ||||
| -rw-r--r-- | nix/users/fcuny/secrets.nix | 17 | ||||
| -rw-r--r-- | nix/users/fcuny/shell.nix | 153 | ||||
| -rw-r--r-- | nix/users/fcuny/ssh.nix | 43 | ||||
| -rw-r--r-- | nix/users/fcuny/work.nix | 97 |
15 files changed, 0 insertions, 897 deletions
diff --git a/nix/users/fcuny/1password.nix b/nix/users/fcuny/1password.nix deleted file mode 100644 index 63892c7..0000000 --- a/nix/users/fcuny/1password.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, config, ... }: -let - home = config.home.homeDirectory; - darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"; - sockPath = ".1password/agent.sock"; -in -{ - home.packages = with pkgs; [ - _1password-cli - ]; - - home.sessionVariables = { - SSH_AUTH_SOCK = "${home}/${sockPath}"; - }; - - home.file.sock = { - source = config.lib.file.mkOutOfStoreSymlink darwinSockPath; - target = sockPath; - }; - - programs.fish = { - interactiveShellInit = '' - op completion fish | source - ''; - }; - - programs.ssh = { - extraConfig = "IdentityAgent ~/${sockPath}"; - }; - - # Generate ssh agent config for 1Password - # I want both my personal and work keys - home.file.".config/1Password/ssh/agent.toml".text = '' - [[ssh-keys]] - account = "my.1password.com" - - [[ssh-keys]] - account = "roblox.1password.com" - vault = "Private" - ''; -} diff --git a/nix/users/fcuny/darwin.nix b/nix/users/fcuny/darwin.nix deleted file mode 100644 index fc412c9..0000000 --- a/nix/users/fcuny/darwin.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - # The user should already exist, but we need to set this up so Nix knows - # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). - users.users.fcuny = { - home = "/Users/fcuny"; - shell = pkgs.fish; - }; -} diff --git a/nix/users/fcuny/dev.nix b/nix/users/fcuny/dev.nix deleted file mode 100644 index 7fb8f93..0000000 --- a/nix/users/fcuny/dev.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ - config, - pkgs, - ... -}: -{ - home.packages = with pkgs; [ - aider-chat - basedpyright - customPackages.llmPython.llm # llm and claude support - delve - dive # explore layers in docker images - docker - docker-credential-helpers - go-tools # collection of tools, https://github.com/dominikh/go-tools - golangci-lint - gopls - nil # nix lsp - nix-direnv # integration with direnv - nixfmt-rfc-style # new formatter - python3 - ruff - # ruff-lsp - rustup - uv - wireshark - ]; - - # https://wezterm.org/config/lua/general.html - programs.wezterm = { - enable = true; - extraConfig = '' - local config = {} - if wezterm.config_builder then - config = wezterm.config_builder() - end - - config.color_scheme = 'Catppuccin Macchiato' - - config.scrollback_lines = 10000 - - config.font = wezterm.font("Source Code Pro") - config.font_size = 14.0 - config.line_height = 1.0 - - config.window_frame = { - font = wezterm.font({ family = 'Source Code Pro', weight = 'Bold' }), - font_size = 11.0, - } - - config.bold_brightens_ansi_colors = true - config.window_decorations = 'RESIZE|INTEGRATED_BUTTONS' - config.window_padding = { left = '0.5cell', right = '0.5cell', top = '0.5cell', bottom = '0.5cell' } - config.window_background_opacity = 0.97 - config.macos_window_background_blur = 30 - config.default_cursor_style = 'BlinkingBar' - - local act = wezterm.action - config.keys = { - -- Override CMD+t to always start new tabs in the home directory. - { key = 't', mods = 'SUPER', action = act.SpawnCommandInNewTab { cwd = wezterm.home_dir } }, - } - - config.audible_bell = "Disabled" - config.visual_bell = { - fade_in_duration_ms = 75, - fade_out_duration_ms = 75, - target = 'CursorColor', - }; - - config.term = "xterm-256color" - - config.front_end = "WebGpu" - - -- in order to access menu bar when in fullscreen - config.native_macos_fullscreen_mode = true - - -- select the pane with the mouse - config.pane_focus_follows_mouse = true - - -- Set initial size - config.initial_cols = 120 - config.initial_rows = 36 - - -- Since we're managing the binary with nix, no need for this - config.check_for_updates = false - - wezterm.on('update-status', function(window) - -- Grab the utf8 character for the "powerline" left facing - -- solid arrow. - local SOLID_LEFT_ARROW = utf8.char(0xe0b2) - - -- Grab the current window's configuration, and from it the - -- palette (this is the combination of your chosen colour scheme - -- including any overrides). - local color_scheme = window:effective_config().resolved_palette - local bg = color_scheme.background - local fg = color_scheme.foreground - - window:set_right_status(wezterm.format({ - -- First, we draw the arrow... - { Background = { Color = 'none' } }, - { Foreground = { Color = bg } }, - { Text = SOLID_LEFT_ARROW }, - -- Then we draw our text - { Background = { Color = bg } }, - { Foreground = { Color = fg } }, - { Text = ' ' .. wezterm.hostname() .. ' ' }, - })) - end) - - return config - ''; - }; - - programs.go = { - enable = true; - goPath = ".local/share/pkg.go"; - goBin = ".local/bin.go"; - goPrivate = [ - "github.rbx.com/*" - "github.com/fcuny/*" - ]; - }; - - home.sessionPath = [ - config.home.sessionVariables.GOBIN - "${config.home.homeDirectory}/.local/bin" - ]; -} diff --git a/nix/users/fcuny/emacs.nix b/nix/users/fcuny/emacs.nix deleted file mode 100644 index fcf1b8f..0000000 --- a/nix/users/fcuny/emacs.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ - configPath, - pkgs, - lib, - ... -}: -let - packages = - epkgs: with epkgs; [ - aidermacs # pair programming in Emacs with Aider - cape - consult - consult-denote - corfu - denote - denote-journal - denote-markdown - denote-org - denote-silo - denote-sequence - diminish - direnv - docker - docker-compose-mode - dockerfile-mode - exec-path-from-shell - git-link - go-mode - gotest - gptel # LLM client for Emacs - hcl-mode - jq-mode - json-mode - json-reformat - magit - marginalia - markdown-mode - nix-mode - orderless - protobuf-mode - rg - terraform-mode - toml-mode - tree-sitter - tree-sitter-langs - treesit-grammars.with-all-grammars - vertico - yaml-mode - yasnippet - yasnippet-capf - ]; - emacsFiles = [ - "early-init.el" - "init.el" - "site-lisp/init-base.el" - "site-lisp/init-completion.el" - "site-lisp/init-llm.el" - "site-lisp/init-programming.el" - "site-lisp/init-text.el" - "site-lisp/init-ui.el" - ]; - mkEmacsFile = file: { - ".config/emacs/${file}" = { - source = "${configPath}/emacs/${file}"; - }; - }; -in -{ - home.file = lib.mkMerge (map mkEmacsFile emacsFiles); - - programs.emacs = { - enable = true; - extraPackages = packages; - # FIXME: https://github.com/NixOS/nixpkgs/issues/395169 - package = pkgs.emacs.override { withNativeCompilation = false; }; - }; - - home.packages = with pkgs; [ - aspell - aspellDicts.en - aspellDicts.en-science - aspellDicts.en-computers - ]; - - home.sessionVariables = { - EDITOR = "${pkgs.emacs}/bin/emacsclient -a="; - ASPELL_CONF = "dict-dir ${pkgs.aspellDicts.en}/lib/aspell"; - }; -} diff --git a/nix/users/fcuny/git.nix b/nix/users/fcuny/git.nix deleted file mode 100644 index ad96bfb..0000000 --- a/nix/users/fcuny/git.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ lib, pkgs, ... }: -{ - home.packages = with pkgs; [ - gitAndTools.pre-commit - git-credential-manager - ]; - - programs.gh = { - enable = true; - - settings = { - version = 1; - git_protocol = "ssh"; - prompt = "enabled"; - aliases = { - co = "pr checkout"; - vw = "pr view --web"; - }; - }; - }; - - programs.git = { - enable = true; - - delta = { - enable = true; - options.features = "decorations side-by-side line-numbers"; - }; - - userName = "Franck Cuny"; - userEmail = "franck@fcuny.net"; - - aliases = { - amend = "commit --amend"; - a = "commit --amend --no-edit"; - st = "status"; - co = "checkout"; - br = "branch"; - rb = "pull --rebase"; - hist = "log --pretty=format:\"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)\" --graph --date=relative --decorate --all"; - llog = "log --graph --name-status --pretty=format:\"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset\" --date=relative"; - logo = "log --pretty=format:\"%C(yellow)%h%Cred%d %Creset%s%Cblue (%cn)\" --decorate"; - logf = "log --pretty=format:\"%C(yellow)%h%Cred%d %Creset%s%Cblue (%cn)\" --decorate --numstat"; - }; - - # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working - # to test it's working as expected: - # run `git config --get-all user.email' in a repository to check that we get all the possible emails - # run `git config --get user.email' in a repository to check which email is selected - includes = [ - { - condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - { - condition = "hasconfig:remote.*.url:git@github.com:Roblox/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - { - condition = "hasconfig:remote.*.url:https://github.com/Roblox/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - { - condition = "hasconfig:remote.*.url:https://github.rbx.com/*/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - ]; - - ignores = [ - ".DS_Store" - ".aider.chat.history.md" - ".direnv" - ".envrc" - ]; - - extraConfig = { - core.whitespace = "trailing-space,space-before-tab"; - color.ui = true; - - # nicer output - column.ui = "auto"; - - # https://adamj.eu/tech/2024/01/18/git-improve-diff-histogram/ - diff.algorithm = "histogram"; - - init.defaultBranch = "main"; - - # https://blog.gitbutler.com/how-git-core-devs-configure-git/ - push = { - # abort if the remote branch does not match the local one - default = "simple"; - autoSetupRemote = true; - followTags = true; - }; - - fetch = { - prune = true; - pruneTags = true; - all = true; - }; - - pull.rebase = true; - - rebase = { - autosquash = true; - updateRefs = true; - # Automatically create a temporary stash entry before the - # operation begins, and apply it after the operation ends. - autoStash = true; - # Print a warning if some commits are removed - missingCommitsCheck = "warn"; - }; - - branch = { - autosetuprebase = "remote"; - sort = "authordate"; - }; - - url = { - "ssh://git@github.rbx.com/" = { - insteadOf = "https://github.rbx.com/"; - }; - }; - }; - }; -} diff --git a/nix/users/fcuny/home-manager.nix b/nix/users/fcuny/home-manager.nix deleted file mode 100644 index 987a6a2..0000000 --- a/nix/users/fcuny/home-manager.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ darwin, systemName, ... }: - -{ lib, ... }: -let - machineUtils = import ../../lib/machine-utils.nix { inherit lib; }; -in -{ - home.stateVersion = "23.05"; - - xdg.enable = true; - - imports = - [ - ./shell.nix - ./ssh.nix - ./git.nix - ] - ++ lib.optionals darwin [ - ./emacs.nix - ./1password.nix - ./dev.nix - ./media.nix - ./secrets.nix - ./llm.nix - ] - ++ lib.optionals (machineUtils.isMachineType "work" systemName) [ ./work.nix ] - ++ lib.optionals (machineUtils.isMachineType "personal" systemName) [ ./personal.nix ]; -} diff --git a/nix/users/fcuny/k8s.nix b/nix/users/fcuny/k8s.nix deleted file mode 100644 index ec59228..0000000 --- a/nix/users/fcuny/k8s.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - kind # k8s in docker - kubebuilder # generate controller - kubectl - kubernetes-helm # deploy applications - kubie # kubeconfig browser https://github.com/sbstp/kubie - kubelogin-oidc # OIDC plugin - ]; - - programs.k9s = { - enable = true; - settings = { - k9s = { - refreshRate = 1; - }; - }; - plugin = { - plugins = { - log-bat = { - shortCut = "Shift-L"; - description = "Logs (bat)"; - scopes = [ "po" ]; - command = "bash"; - background = false; - args = [ - "-c" - "\"$@\" | bat" - "dummy-arg" - "kubectl" - "logs" - "$NAME" - "-n" - "$NAMESPACE" - "--context" - "$CONTEXT" - "--kubeconfig" - "$KUBECONFIG" - ]; - }; - log-bat-container = { - shortCut = "Shift-L"; - description = "Logs (bat)"; - scopes = [ "containers" ]; - command = "bash"; - background = false; - args = [ - "-c" - "\"$@\" | bat" - "dummy-arg" - "kubectl" - "logs" - "-c" - "$NAME" - "$POD" - "-n" - "$NAMESPACE" - "--context" - "$CONTEXT" - "--kubeconfig" - "$KUBECONFIG" - ]; - }; - }; - }; - }; - - home.file.kubie = { - target = ".kube/kubie.yaml"; - text = '' - shell: fish - configs: - include: - - ~/.kube/rksconfig - prompt: - fish_use_rprompt: false - ''; - }; - - programs.fish = { - shellAbbrs = { - k = "kubectl"; - kctx = "kubie ctx"; - klogs = "kubectl logs"; - }; - shellAliases = { - ukctx = "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig"; - }; - }; -} diff --git a/nix/users/fcuny/llm.nix b/nix/users/fcuny/llm.nix deleted file mode 100644 index 2793373..0000000 --- a/nix/users/fcuny/llm.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - configPath, - lib, - ... -}: -let - basePath = "llm/templates"; - llmTemplates = [ - "pr-prompt.yaml" - "commit-prompt.yaml" - "readme-gen.yaml" - ]; - mkLlmTemplate = file: { - ".config/${basePath}/${file}" = { - source = "${configPath}/${basePath}/${file}"; - }; - }; -in -{ - home.file = lib.mkMerge (map mkLlmTemplate llmTemplates); - - programs.fish = { - shellAliases = { - commit-msg = "git diff --cached | llm -t commit-prompt"; - pr-msg = "git diff HEAD | llm -t pr-prompt"; - readme-gen = "llm -t readme-gen"; - }; - }; - - home.sessionVariables = { - LLM_USER_PATH = "$HOME/.config/llm"; - }; -} diff --git a/nix/users/fcuny/media.nix b/nix/users/fcuny/media.nix deleted file mode 100644 index f0919a3..0000000 --- a/nix/users/fcuny/media.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - mpv - ffmpeg - transmission_4 - ]; -} diff --git a/nix/users/fcuny/nixos.nix b/nix/users/fcuny/nixos.nix deleted file mode 100644 index a6c302f..0000000 --- a/nix/users/fcuny/nixos.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: -{ - # add ~/.local/bin to PATH - environment.localBinInPath = true; - - # we're using fish as our shell - programs.fish.enable = true; - - users.users.fcuny = { - isNormalUser = true; - home = "/home/fcuny"; - extraGroups = [ - "docker" - "wheel" - "podman" - ]; - shell = pkgs.fish; - hashedPassword = "$6$U4GoqhuHgdr.h0JP$C/BKslQfOpPJ5lUzrTeQh6i859R/jEKYSF9MaRhWYo5VG6aCDKsvb5xKSifH4nQt6okJixG9ceFh..Mnt93Jt/"; - openssh.authorizedKeys.keys = [ - # key `nixos` in 1password - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - }; -} diff --git a/nix/users/fcuny/personal.nix b/nix/users/fcuny/personal.nix deleted file mode 100644 index b57dbf8..0000000 --- a/nix/users/fcuny/personal.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - element-desktop - vlc-bin - zoom-us - ]; -} diff --git a/nix/users/fcuny/secrets.nix b/nix/users/fcuny/secrets.nix deleted file mode 100644 index 65131df..0000000 --- a/nix/users/fcuny/secrets.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ self, config, ... }: -{ - age = { - identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; - secretsDir = "${config.home.homeDirectory}/.local/share/agenix"; - - secrets = { - llm = { - file = "${self}/secrets/users/fcuny/llm.age"; - path = "${config.home.homeDirectory}/.config/llm/keys.json"; - }; - anthropic-api-key = { - file = "${self}/secrets/users/fcuny/anthropic-api-key.age"; - }; - }; - }; -} diff --git a/nix/users/fcuny/shell.nix b/nix/users/fcuny/shell.nix deleted file mode 100644 index 269c617..0000000 --- a/nix/users/fcuny/shell.nix +++ /dev/null @@ -1,153 +0,0 @@ -{ - lib, - pkgs, - ... -}: -let - isLinux = pkgs.stdenv.isLinux; -in -{ - home.packages = - with pkgs; - [ - age # encryption tool - bandwhich # bandwhich - a better ifconfig - bottom # btm - a better top - coreutils # GNU core utilities - direnv # direnv - directory environment tool - dust # dust - a more intuitive du - jless # jless - a better cat - jq # jq - a better json - procs # procs - a better ps - restic # to manage backups - ripgrep # ripgrep - a better grep - shellcheck # shell script linter - tree # tree - a better ls - wget # wget - another download tool - yq # yq - a better yaml - ] - ++ (lib.optionals (isLinux) [ htop ]); - - # https://github.com/nix-community/home-manager/blob/master/modules/programs/fish.nix - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting "" - - fish_add_path -p ~/.cargo/bin/ - - # Add utmctl to PATH - fish_add_path /Applications/UTM.app/Contents/MacOS/ - ''; - shellAbbrs = { - ncg = "nix-collect-garbage --delete-older-than 7d"; - ndc = "nix develop --command"; - nfc = "nix flake check"; - ngcroot = "ls -al /nix/var/nix/gcroots/auto/"; - nph = "nix profile history --profile /nix/var/nix/profiles/system"; - nsn = "nix search nixpkgs"; - nsv = "nix store verify --all"; - - g = "git"; - gap = "git add --patch"; - }; - shellAliases = { - la = "eza -la --git --color=always --group-directories-first"; - ll = "eza -la -L=1 --git --color=always --group-directories-first"; - lt = "eza -aT -L=2 --git --color=always --group-directories-first"; - }; - }; - - # an alternative to ls - programs.eza = { - enable = true; - icons = "never"; - enableFishIntegration = false; - extraOptions = [ - "--group-directories-first" - "--no-quotes" - "--git-ignore" - "--icons=never" - ]; - }; - - # an alternative to find - programs.fd = { - enable = true; - hidden = true; - ignores = [ - ".git/" - ".direnv/" - ]; - }; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - enableZshIntegration = true; - config = { - global.disable_stdin = true; - global.strict_env = true; - }; - }; - - programs.bat = { - enable = true; - config = { - theme = "ansi"; - pager = "less -FR"; - }; - }; - - programs.starship = { - enable = true; - settings = { - add_newline = false; - directory = { - fish_style_pwd_dir_length = 3; - }; - git_branch = { - symbol = "🌱 "; - }; - git_commit = { - commit_hash_length = 4; - tag_symbol = "🔖 "; - }; - git_state = { - format = "[($state($progress_current of $progress_total))]($style) "; - cherry_pick = "[🍒 PICKING](bold red)"; - }; - git_status = { - conflicted = "💢"; - ahead = "💨"; - behind = "😰"; - diverged = "😵"; - untracked = "🤷"; - stashed = "📦"; - modified = "📝"; - staged = "[++($count)](green)"; - renamed = "👅"; - deleted = "🗑️"; - }; - "$schema" = "https://starship.rs/config-schema.json"; - hostname = { - ssh_only = true; - }; - username = { - disabled = true; - }; - kubernetes = { - disabled = false; - style = "bold blue"; - }; - nix_shell.disabled = false; - }; - }; - - home.sessionVariables = { - LESS = "-FRSXM"; - LESSCHARSET = "utf-8"; - PAGER = "less"; - SHELL = "${pkgs.fish}/bin/fish"; - }; -} diff --git a/nix/users/fcuny/ssh.nix b/nix/users/fcuny/ssh.nix deleted file mode 100644 index 322a8bc..0000000 --- a/nix/users/fcuny/ssh.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, config, ... }: -{ - # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix - programs.ssh = { - enable = true; - forwardAgent = true; - serverAliveInterval = 60; - controlMaster = "auto"; - controlPersist = "30m"; - controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p"; - - matchBlocks = { - "git.fcuny.net" = { - proxyCommand = "${pkgs.cloudflared}/bin/cloudflared access ssh --hostname %h"; - }; - "github.com" = { - hostname = "github.com"; - user = "git"; - forwardAgent = false; - extraOptions = { - preferredAuthentications = "publickey"; - controlMaster = "no"; - controlPath = "none"; - }; - }; - "github.rbx.com" = { - hostname = "github.rbx.com"; - user = "git"; - forwardAgent = false; - extraOptions = { - preferredAuthentications = "publickey"; - controlMaster = "no"; - controlPath = "none"; - }; - }; - }; - }; - - home.file = { - # we need this path to be created so that the control path can be used. - ".ssh/sockets/.keep".text = "# Managed by Home Manager"; - }; -} diff --git a/nix/users/fcuny/work.nix b/nix/users/fcuny/work.nix deleted file mode 100644 index f502b6a..0000000 --- a/nix/users/fcuny/work.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ pkgs, ... }: -let - nomad-prod = pkgs.writeShellScriptBin "nomad-prod" '' - set -e - - if [ $# -ne 1 ]; then - echo "Usage: nomad-ui CELL_ID" - exit 1 - fi - - CELL_ID=$1 - - echo ">> Login to chi1 vault using Okta" - export VAULT_ADDR="https://chi1-vault.simulprod.com:8200" - export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER) - - echo ">> Accessing cell $CELL_ID" - export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com" - export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management) - - ${pkgs.nomad}/bin/nomad ui --authenticate - ''; -in -{ - imports = [ ./k8s.nix ]; - - home.packages = with pkgs; [ - awscli2 - boundary # for secure remote access - customPackages.hashi - customPackages.sapi - nomad-prod - tfswitch - vault - ]; - - programs.fish = { - shellAbbrs = - let - environments = [ - { - name = "chi1"; - alias = "chi1"; - jumpHost = "chi1-jumpcontainer-es"; - } - { - name = "ash1"; - alias = "ash1"; - jumpHost = "chi1-jumpcontainer-es"; - } - { - name = "sitetest3"; - alias = "st3"; - jumpHost = "st3-jumpcontainer-es"; - } - { - name = "sitetest2-snc2"; - alias = "st2-snc2"; - jumpHost = "st2-snc2-jumpcontainer-es"; - } - ]; - - # Generate all environment-specific aliases - envAliases = builtins.listToAttrs ( - builtins.concatMap (env: [ - { - name = "ssh-sign-${env.alias}"; - value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key"; - } - { - name = "hashi-${env.alias}"; - value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} show v"; - } - { - name = "ssh-${env.alias}"; - value = "ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/cert-${env.alias}'"; - } - ]) environments - ); - - # Add any additional non-environment specific aliases - additionalAliases = { - "sjump-st1-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest1-snc2"; - "sjump-st1-snc3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3-snc2"; - "sjump-st2-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest2-snc2"; - "sjump-st3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3"; - "sjump" = "${pkgs.customPackages.sapi}/bin/sapi jump"; - "ssh-edge" = - "ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (${pkgs._1password-cli}/bin/op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)"; - }; - in - envAliases // additionalAliases; - }; - - # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix. - programs.ssh.includes = [ "config_sapi" ]; -} |