diff options
Diffstat (limited to 'users')
| -rw-r--r-- | users/modules/userinfo.nix | 15 | ||||
| -rw-r--r-- | users/profiles/1password.nix | 41 | ||||
| -rw-r--r-- | users/profiles/bat.nix | 10 | ||||
| -rw-r--r-- | users/profiles/dev.nix | 52 | ||||
| -rw-r--r-- | users/profiles/emacs.nix | 89 | ||||
| -rw-r--r-- | users/profiles/fish.nix | 31 | ||||
| -rw-r--r-- | users/profiles/git.nix | 134 | ||||
| -rw-r--r-- | users/profiles/k8s.nix | 91 | ||||
| -rw-r--r-- | users/profiles/llm.nix | 33 | ||||
| -rw-r--r-- | users/profiles/mac.nix | 73 | ||||
| -rw-r--r-- | users/profiles/media.nix | 8 | ||||
| -rw-r--r-- | users/profiles/minimal.nix | 6 | ||||
| -rw-r--r-- | users/profiles/nixos.nix | 24 | ||||
| -rw-r--r-- | users/profiles/secrets.nix | 17 | ||||
| -rw-r--r-- | users/profiles/ssh.nix | 43 | ||||
| -rw-r--r-- | users/profiles/starship.nix | 40 | ||||
| -rw-r--r-- | users/profiles/work.nix | 97 |
17 files changed, 804 insertions, 0 deletions
diff --git a/users/modules/userinfo.nix b/users/modules/userinfo.nix new file mode 100644 index 0000000..46afc73 --- /dev/null +++ b/users/modules/userinfo.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +{ + options = with lib; { + userinfo = { + fullName = mkOption { + type = types.str; + example = "Someone Someonesson"; + }; + email = mkOption { + type = types.str; + example = "some@email.com"; + }; + }; + }; +} diff --git a/users/profiles/1password.nix b/users/profiles/1password.nix new file mode 100644 index 0000000..63892c7 --- /dev/null +++ b/users/profiles/1password.nix @@ -0,0 +1,41 @@ +{ pkgs, config, ... }: +let + home = config.home.homeDirectory; + darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"; + sockPath = ".1password/agent.sock"; +in +{ + home.packages = with pkgs; [ + _1password-cli + ]; + + home.sessionVariables = { + SSH_AUTH_SOCK = "${home}/${sockPath}"; + }; + + home.file.sock = { + source = config.lib.file.mkOutOfStoreSymlink darwinSockPath; + target = sockPath; + }; + + programs.fish = { + interactiveShellInit = '' + op completion fish | source + ''; + }; + + programs.ssh = { + extraConfig = "IdentityAgent ~/${sockPath}"; + }; + + # Generate ssh agent config for 1Password + # I want both my personal and work keys + home.file.".config/1Password/ssh/agent.toml".text = '' + [[ssh-keys]] + account = "my.1password.com" + + [[ssh-keys]] + account = "roblox.1password.com" + vault = "Private" + ''; +} diff --git a/users/profiles/bat.nix b/users/profiles/bat.nix new file mode 100644 index 0000000..fb27397 --- /dev/null +++ b/users/profiles/bat.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + programs.bat = { + enable = true; + config = { + theme = "ansi"; + pager = "less -FR"; + }; + }; +} diff --git a/users/profiles/dev.nix b/users/profiles/dev.nix new file mode 100644 index 0000000..0c9a07c --- /dev/null +++ b/users/profiles/dev.nix @@ -0,0 +1,52 @@ +{ + config, + pkgs, + ... +}: +{ + home.packages = + with pkgs; + [ + docker + docker-credential-helpers + dive # explore layers in docker images + wireshark + ] + ++ [ + llmPython.llm # llm and claude support + aider-chat + ] + ++ [ + delve + go-tools # collection of tools, https://github.com/dominikh/go-tools + golangci-lint + gopls + ] + ++ [ + nil # nix lsp + nix-direnv # integration with direnv + nixfmt-rfc-style # new formatter + ] + ++ [ + python3 + basedpyright + ruff + # ruff-lsp + uv + ]; + + programs.go = { + enable = true; + goPath = ".local/share/pkg.go"; + goBin = ".local/bin.go"; + goPrivate = [ + "github.rbx.com/*" + "github.com/fcuny/*" + ]; + }; + + home.sessionPath = [ + config.home.sessionVariables.GOBIN + "${config.home.homeDirectory}/.local/bin" + ]; +} diff --git a/users/profiles/emacs.nix b/users/profiles/emacs.nix new file mode 100644 index 0000000..fcf1b8f --- /dev/null +++ b/users/profiles/emacs.nix @@ -0,0 +1,89 @@ +{ + configPath, + pkgs, + lib, + ... +}: +let + packages = + epkgs: with epkgs; [ + aidermacs # pair programming in Emacs with Aider + cape + consult + consult-denote + corfu + denote + denote-journal + denote-markdown + denote-org + denote-silo + denote-sequence + diminish + direnv + docker + docker-compose-mode + dockerfile-mode + exec-path-from-shell + git-link + go-mode + gotest + gptel # LLM client for Emacs + hcl-mode + jq-mode + json-mode + json-reformat + magit + marginalia + markdown-mode + nix-mode + orderless + protobuf-mode + rg + terraform-mode + toml-mode + tree-sitter + tree-sitter-langs + treesit-grammars.with-all-grammars + vertico + yaml-mode + yasnippet + yasnippet-capf + ]; + emacsFiles = [ + "early-init.el" + "init.el" + "site-lisp/init-base.el" + "site-lisp/init-completion.el" + "site-lisp/init-llm.el" + "site-lisp/init-programming.el" + "site-lisp/init-text.el" + "site-lisp/init-ui.el" + ]; + mkEmacsFile = file: { + ".config/emacs/${file}" = { + source = "${configPath}/emacs/${file}"; + }; + }; +in +{ + home.file = lib.mkMerge (map mkEmacsFile emacsFiles); + + programs.emacs = { + enable = true; + extraPackages = packages; + # FIXME: https://github.com/NixOS/nixpkgs/issues/395169 + package = pkgs.emacs.override { withNativeCompilation = false; }; + }; + + home.packages = with pkgs; [ + aspell + aspellDicts.en + aspellDicts.en-science + aspellDicts.en-computers + ]; + + home.sessionVariables = { + EDITOR = "${pkgs.emacs}/bin/emacsclient -a="; + ASPELL_CONF = "dict-dir ${pkgs.aspellDicts.en}/lib/aspell"; + }; +} diff --git a/users/profiles/fish.nix b/users/profiles/fish.nix new file mode 100644 index 0000000..314e9f6 --- /dev/null +++ b/users/profiles/fish.nix @@ -0,0 +1,31 @@ +{ ... }: +{ + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting "" + + fish_add_path -p ~/.cargo/bin/ + + # Add utmctl to PATH + fish_add_path /Applications/UTM.app/Contents/MacOS/ + ''; + shellAbbrs = { + ncg = "nix-collect-garbage --delete-older-than 7d"; + ndc = "nix develop --command"; + nfc = "nix flake check"; + ngcroot = "ls -al /nix/var/nix/gcroots/auto/"; + nph = "nix profile history --profile /nix/var/nix/profiles/system"; + nsn = "nix search nixpkgs"; + nsv = "nix store verify --all"; + + g = "git"; + gap = "git add --patch"; + }; + shellAliases = { + la = "eza -la --git --color=always --group-directories-first"; + ll = "eza -la -L=1 --git --color=always --group-directories-first"; + lt = "eza -aT -L=2 --git --color=always --group-directories-first"; + }; + }; +} diff --git a/users/profiles/git.nix b/users/profiles/git.nix new file mode 100644 index 0000000..de066e2 --- /dev/null +++ b/users/profiles/git.nix @@ -0,0 +1,134 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (config) userinfo; +in +{ + home.packages = with pkgs; [ + gitAndTools.pre-commit + git-credential-manager + ]; + + programs.gh = { + enable = true; + + settings = { + version = 1; + git_protocol = "ssh"; + prompt = "enabled"; + aliases = { + co = "pr checkout"; + vw = "pr view --web"; + }; + }; + }; + + programs.git = { + enable = true; + + delta = { + enable = true; + options.features = "decorations side-by-side line-numbers"; + }; + + userName = lib.mkDefault userinfo.fullName; + userEmail = lib.mkDefault userinfo.email; + + aliases = { + amend = "commit --amend"; + a = "commit --amend --no-edit"; + st = "status"; + co = "checkout"; + br = "branch"; + rb = "pull --rebase"; + hist = "log --pretty=format:\"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)\" --graph --date=relative --decorate --all"; + llog = "log --graph --name-status --pretty=format:\"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset\" --date=relative"; + logo = "log --pretty=format:\"%C(yellow)%h%Cred%d %Creset%s%Cblue (%cn)\" --decorate"; + logf = "log --pretty=format:\"%C(yellow)%h%Cred%d %Creset%s%Cblue (%cn)\" --decorate --numstat"; + }; + + # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working + # to test it's working as expected: + # run `git config --get-all user.email' in a repository to check that we get all the possible emails + # run `git config --get user.email' in a repository to check which email is selected + includes = [ + { + condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**"; + path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + } + { + condition = "hasconfig:remote.*.url:git@github.com:Roblox/**"; + path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + } + { + condition = "hasconfig:remote.*.url:https://github.com/Roblox/**"; + path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + } + { + condition = "hasconfig:remote.*.url:https://github.rbx.com/*/**"; + path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + } + ]; + + ignores = [ + ".DS_Store" + ".aider.*" + ".direnv" + ".envrc" + ]; + + extraConfig = { + core.whitespace = "trailing-space,space-before-tab"; + color.ui = true; + + # nicer output + column.ui = "auto"; + + # https://adamj.eu/tech/2024/01/18/git-improve-diff-histogram/ + diff.algorithm = "histogram"; + + init.defaultBranch = "main"; + + # https://blog.gitbutler.com/how-git-core-devs-configure-git/ + push = { + # abort if the remote branch does not match the local one + default = "simple"; + autoSetupRemote = true; + followTags = true; + }; + + fetch = { + prune = true; + pruneTags = true; + all = true; + }; + + pull.rebase = true; + + rebase = { + autosquash = true; + updateRefs = true; + # Automatically create a temporary stash entry before the + # operation begins, and apply it after the operation ends. + autoStash = true; + # Print a warning if some commits are removed + missingCommitsCheck = "warn"; + }; + + branch = { + autosetuprebase = "remote"; + sort = "authordate"; + }; + + url = { + "ssh://git@github.rbx.com/" = { + insteadOf = "https://github.rbx.com/"; + }; + }; + }; + }; +} diff --git a/users/profiles/k8s.nix b/users/profiles/k8s.nix new file mode 100644 index 0000000..ec59228 --- /dev/null +++ b/users/profiles/k8s.nix @@ -0,0 +1,91 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + kind # k8s in docker + kubebuilder # generate controller + kubectl + kubernetes-helm # deploy applications + kubie # kubeconfig browser https://github.com/sbstp/kubie + kubelogin-oidc # OIDC plugin + ]; + + programs.k9s = { + enable = true; + settings = { + k9s = { + refreshRate = 1; + }; + }; + plugin = { + plugins = { + log-bat = { + shortCut = "Shift-L"; + description = "Logs (bat)"; + scopes = [ "po" ]; + command = "bash"; + background = false; + args = [ + "-c" + "\"$@\" | bat" + "dummy-arg" + "kubectl" + "logs" + "$NAME" + "-n" + "$NAMESPACE" + "--context" + "$CONTEXT" + "--kubeconfig" + "$KUBECONFIG" + ]; + }; + log-bat-container = { + shortCut = "Shift-L"; + description = "Logs (bat)"; + scopes = [ "containers" ]; + command = "bash"; + background = false; + args = [ + "-c" + "\"$@\" | bat" + "dummy-arg" + "kubectl" + "logs" + "-c" + "$NAME" + "$POD" + "-n" + "$NAMESPACE" + "--context" + "$CONTEXT" + "--kubeconfig" + "$KUBECONFIG" + ]; + }; + }; + }; + }; + + home.file.kubie = { + target = ".kube/kubie.yaml"; + text = '' + shell: fish + configs: + include: + - ~/.kube/rksconfig + prompt: + fish_use_rprompt: false + ''; + }; + + programs.fish = { + shellAbbrs = { + k = "kubectl"; + kctx = "kubie ctx"; + klogs = "kubectl logs"; + }; + shellAliases = { + ukctx = "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig"; + }; + }; +} diff --git a/users/profiles/llm.nix b/users/profiles/llm.nix new file mode 100644 index 0000000..2793373 --- /dev/null +++ b/users/profiles/llm.nix @@ -0,0 +1,33 @@ +{ + configPath, + lib, + ... +}: +let + basePath = "llm/templates"; + llmTemplates = [ + "pr-prompt.yaml" + "commit-prompt.yaml" + "readme-gen.yaml" + ]; + mkLlmTemplate = file: { + ".config/${basePath}/${file}" = { + source = "${configPath}/${basePath}/${file}"; + }; + }; +in +{ + home.file = lib.mkMerge (map mkLlmTemplate llmTemplates); + + programs.fish = { + shellAliases = { + commit-msg = "git diff --cached | llm -t commit-prompt"; + pr-msg = "git diff HEAD | llm -t pr-prompt"; + readme-gen = "llm -t readme-gen"; + }; + }; + + home.sessionVariables = { + LLM_USER_PATH = "$HOME/.config/llm"; + }; +} diff --git a/users/profiles/mac.nix b/users/profiles/mac.nix new file mode 100644 index 0000000..d889d21 --- /dev/null +++ b/users/profiles/mac.nix @@ -0,0 +1,73 @@ +{ pkgs, ... }: +{ + imports = [ + ./1password.nix + ./bat.nix + ./dev.nix + ./emacs.nix + ./fish.nix + ./git.nix + ./llm.nix + ./secrets.nix + ./ssh.nix + ./starship.nix + ]; + + home.packages = with pkgs; [ + age + bandwhich + bottom + coreutils + dust + jless + jq + procs + restic + ripgrep + shellcheck + tree + wget + yq + ]; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + config = { + global.disable_stdin = true; + global.strict_env = true; + }; + }; + + # an alternative to ls + programs.eza = { + enable = true; + icons = "never"; + enableFishIntegration = false; + extraOptions = [ + "--group-directories-first" + "--no-quotes" + "--git-ignore" + "--icons=never" + ]; + }; + + # an alternative to find + programs.fd = { + enable = true; + hidden = true; + ignores = [ + ".git/" + ".direnv/" + ]; + }; + + home.sessionVariables = { + LESS = "-FRSXM"; + LESSCHARSET = "utf-8"; + PAGER = "less"; + SHELL = "${pkgs.fish}/bin/fish"; + }; + + xdg.enable = true; +} diff --git a/users/profiles/media.nix b/users/profiles/media.nix new file mode 100644 index 0000000..f0919a3 --- /dev/null +++ b/users/profiles/media.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + mpv + ffmpeg + transmission_4 + ]; +} diff --git a/users/profiles/minimal.nix b/users/profiles/minimal.nix new file mode 100644 index 0000000..aaffdbd --- /dev/null +++ b/users/profiles/minimal.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + htop + ]; +} diff --git a/users/profiles/nixos.nix b/users/profiles/nixos.nix new file mode 100644 index 0000000..a6c302f --- /dev/null +++ b/users/profiles/nixos.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + # add ~/.local/bin to PATH + environment.localBinInPath = true; + + # we're using fish as our shell + programs.fish.enable = true; + + users.users.fcuny = { + isNormalUser = true; + home = "/home/fcuny"; + extraGroups = [ + "docker" + "wheel" + "podman" + ]; + shell = pkgs.fish; + hashedPassword = "$6$U4GoqhuHgdr.h0JP$C/BKslQfOpPJ5lUzrTeQh6i859R/jEKYSF9MaRhWYo5VG6aCDKsvb5xKSifH4nQt6okJixG9ceFh..Mnt93Jt/"; + openssh.authorizedKeys.keys = [ + # key `nixos` in 1password + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + }; +} diff --git a/users/profiles/secrets.nix b/users/profiles/secrets.nix new file mode 100644 index 0000000..65131df --- /dev/null +++ b/users/profiles/secrets.nix @@ -0,0 +1,17 @@ +{ self, config, ... }: +{ + age = { + identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; + secretsDir = "${config.home.homeDirectory}/.local/share/agenix"; + + secrets = { + llm = { + file = "${self}/secrets/users/fcuny/llm.age"; + path = "${config.home.homeDirectory}/.config/llm/keys.json"; + }; + anthropic-api-key = { + file = "${self}/secrets/users/fcuny/anthropic-api-key.age"; + }; + }; + }; +} diff --git a/users/profiles/ssh.nix b/users/profiles/ssh.nix new file mode 100644 index 0000000..322a8bc --- /dev/null +++ b/users/profiles/ssh.nix @@ -0,0 +1,43 @@ +{ pkgs, config, ... }: +{ + # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix + programs.ssh = { + enable = true; + forwardAgent = true; + serverAliveInterval = 60; + controlMaster = "auto"; + controlPersist = "30m"; + controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p"; + + matchBlocks = { + "git.fcuny.net" = { + proxyCommand = "${pkgs.cloudflared}/bin/cloudflared access ssh --hostname %h"; + }; + "github.com" = { + hostname = "github.com"; + user = "git"; + forwardAgent = false; + extraOptions = { + preferredAuthentications = "publickey"; + controlMaster = "no"; + controlPath = "none"; + }; + }; + "github.rbx.com" = { + hostname = "github.rbx.com"; + user = "git"; + forwardAgent = false; + extraOptions = { + preferredAuthentications = "publickey"; + controlMaster = "no"; + controlPath = "none"; + }; + }; + }; + }; + + home.file = { + # we need this path to be created so that the control path can be used. + ".ssh/sockets/.keep".text = "# Managed by Home Manager"; + }; +} diff --git a/users/profiles/starship.nix b/users/profiles/starship.nix new file mode 100644 index 0000000..8a541ce --- /dev/null +++ b/users/profiles/starship.nix @@ -0,0 +1,40 @@ +{ ... }: +{ + programs.starship = { + enable = true; + settings = { + add_newline = false; + character = { + success_symbol = "[›](bold green)"; + error_symbol = "[›](bold red)"; + }; + directory = { + fish_style_pwd_dir_length = 3; + }; + git_branch = { + symbol = "🌱 "; + }; + git_commit = { + commit_hash_length = 4; + }; + git_status = { + deleted = "✗"; + modified = "✶"; + staged = "✓"; + stashed = "≡"; + }; + "$schema" = "https://starship.rs/config-schema.json"; + hostname = { + ssh_only = true; + }; + username = { + disabled = true; + }; + kubernetes = { + disabled = false; + style = "bold blue"; + }; + nix_shell.disabled = false; + }; + }; +} diff --git a/users/profiles/work.nix b/users/profiles/work.nix new file mode 100644 index 0000000..f502b6a --- /dev/null +++ b/users/profiles/work.nix @@ -0,0 +1,97 @@ +{ pkgs, ... }: +let + nomad-prod = pkgs.writeShellScriptBin "nomad-prod" '' + set -e + + if [ $# -ne 1 ]; then + echo "Usage: nomad-ui CELL_ID" + exit 1 + fi + + CELL_ID=$1 + + echo ">> Login to chi1 vault using Okta" + export VAULT_ADDR="https://chi1-vault.simulprod.com:8200" + export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER) + + echo ">> Accessing cell $CELL_ID" + export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com" + export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management) + + ${pkgs.nomad}/bin/nomad ui --authenticate + ''; +in +{ + imports = [ ./k8s.nix ]; + + home.packages = with pkgs; [ + awscli2 + boundary # for secure remote access + customPackages.hashi + customPackages.sapi + nomad-prod + tfswitch + vault + ]; + + programs.fish = { + shellAbbrs = + let + environments = [ + { + name = "chi1"; + alias = "chi1"; + jumpHost = "chi1-jumpcontainer-es"; + } + { + name = "ash1"; + alias = "ash1"; + jumpHost = "chi1-jumpcontainer-es"; + } + { + name = "sitetest3"; + alias = "st3"; + jumpHost = "st3-jumpcontainer-es"; + } + { + name = "sitetest2-snc2"; + alias = "st2-snc2"; + jumpHost = "st2-snc2-jumpcontainer-es"; + } + ]; + + # Generate all environment-specific aliases + envAliases = builtins.listToAttrs ( + builtins.concatMap (env: [ + { + name = "ssh-sign-${env.alias}"; + value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key"; + } + { + name = "hashi-${env.alias}"; + value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} show v"; + } + { + name = "ssh-${env.alias}"; + value = "ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/cert-${env.alias}'"; + } + ]) environments + ); + + # Add any additional non-environment specific aliases + additionalAliases = { + "sjump-st1-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest1-snc2"; + "sjump-st1-snc3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3-snc2"; + "sjump-st2-snc2" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest2-snc2"; + "sjump-st3" = "${pkgs.customPackages.sapi}/bin/sapi jump sitetest3"; + "sjump" = "${pkgs.customPackages.sapi}/bin/sapi jump"; + "ssh-edge" = + "ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (${pkgs._1password-cli}/bin/op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)"; + }; + in + envAliases // additionalAliases; + }; + + # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix. + programs.ssh.includes = [ "config_sapi" ]; +} |