1 files changed, 0 insertions, 161 deletions
diff --git a/users/profiles/work.nix b/users/profiles/work.nix
deleted file mode 100644
index 538b547..0000000
--- a/users/profiles/work.nix
+++ /dev/null
@@ -1,161 +0,0 @@
-{
-  lib,
-  self,
-  pkgs,
-  config,
-  ...
-}:
-let
-  nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
-    set -e
-
-    if [ $# -ne 1 ]; then
-      echo "Usage: nomad-ui CELL_ID"
-      exit 1
-    fi
-
-    CELL_ID=$1
-
-    echo ">> Login to chi1 vault using Okta"
-    export VAULT_ADDR="https://chi1-vault.simulprod.com:8200"
-    export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)
-
-    echo ">> Accessing cell $CELL_ID"
-    export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
-    export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)
-
-    ${pkgs.nomad}/bin/nomad ui --authenticate
-  '';
-in
-{
-  imports = [
-    "${self}/users/programs/gh.nix"
-    ./k8s.nix
-  ];
-
-  home.packages = with pkgs; [
-    awscli2
-    boundary # for secure remote access
-    hashi
-    sapi
-    nomad-prod
-    tfswitch
-    vault
-  ];
-
-  programs.onepassword = lib.mkMerge [
-    config.programs.onepassword.sshKeys
-    [
-      {
-        account = "roblox.1password.com";
-        vault = "Private";
-      }
-    ]
-  ];
-
-  programs.fish = {
-    shellAbbrs =
-      let
-        environments = [
-          {
-            name = "chi1";
-            alias = "chi1";
-            jumpHost = "chi1-jumpcontainer-es";
-          }
-          {
-            name = "ash1";
-            alias = "ash1";
-            jumpHost = "chi1-jumpcontainer-es";
-          }
-          {
-            name = "sitetest3";
-            alias = "st3";
-            jumpHost = "st3-jumpcontainer-es";
-          }
-          {
-            name = "sitetest2-snc2";
-            alias = "st2-snc2";
-            jumpHost = "st2-snc2-jumpcontainer-es";
-          }
-        ];
-
-        # Generate all environment-specific aliases
-        envAliases = builtins.listToAttrs (
-          builtins.concatMap (env: [
-            {
-              name = "ssh-sign-${env.alias}";
-              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key";
-            }
-            {
-              name = "hashi-${env.alias}";
-              value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v";
-            }
-            {
-              name = "ssh-${env.alias}";
-              value = "ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/cert-${env.alias}'";
-            }
-          ]) environments
-        );
-
-        # Add any additional non-environment specific aliases
-        additionalAliases = {
-          "sjump-st1-snc2" = "${pkgs.sapi}/bin/sapi jump sitetest1-snc2";
-          "sjump-st1-snc3" = "${pkgs.sapi}/bin/sapi jump sitetest3-snc2";
-          "sjump-st2-snc2" = "${pkgs.sapi}/bin/sapi jump sitetest2-snc2";
-          "sjump-st3" = "${pkgs.sapi}/bin/sapi jump sitetest3";
-          "sjump" = "${pkgs.sapi}/bin/sapi jump";
-          "ssh-edge" =
-            "ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (${pkgs._1password-cli}/bin/op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)";
-        };
-      in
-      envAliases // additionalAliases;
-  };
-
-  programs.ssh.matchBlocks = {
-    "github.rbx.com" = {
-      hostname = "github.rbx.com";
-      user = "git";
-      forwardAgent = false;
-      extraOptions = {
-        preferredAuthentications = "publickey";
-        controlMaster = "no";
-        controlPath = "none";
-      };
-    };
-  };
-
-  # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix.
-  programs.ssh.includes = [ "config_sapi" ];
-
-  programs.git = {
-    extraConfig = {
-      url = {
-        "ssh://git@github.rbx.com/" = {
-          insteadOf = "https://github.rbx.com/";
-        };
-      };
-    };
-    # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working
-    # to test it's working as expected:
-    # run `git config --get-all user.email' in a repository to check that we get all the possible emails
-    # run `git config --get user.email' in a repository to check which email is selected
-    includes = [
-      {
-        condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:git@github.com:Roblox/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:https://github.com/Roblox/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:https://github.rbx.com/*/**";
-        path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-    ];
-  };
-}