From 7281f05669e92e3568f837591912350b32951555 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Tue, 30 Dec 2025 10:33:31 -0800 Subject: organize programs in a way that makes sense to me --- home/profiles/darwin.nix | 27 ++++++ home/profiles/direnv.nix | 13 --- home/profiles/eza.nix | 22 ----- home/profiles/fd.nix | 12 --- home/profiles/fish.nix | 21 ----- home/profiles/git.nix | 91 ------------------- home/profiles/go.nix | 19 ---- home/profiles/k8s.nix | 43 --------- home/profiles/kitty.nix | 24 ----- home/profiles/mac.nix | 70 --------------- home/profiles/media.nix | 37 -------- home/profiles/minimal.nix | 9 +- home/profiles/onepassword.nix | 9 -- home/profiles/personal.nix | 12 +++ home/profiles/restic.nix | 197 ------------------------------------------ home/profiles/security.nix | 12 --- home/profiles/ssh.nix | 48 ---------- home/profiles/starship.nix | 25 ------ home/profiles/work.nix | 105 +--------------------- 19 files changed, 47 insertions(+), 749 deletions(-) create mode 100644 home/profiles/darwin.nix delete mode 100644 home/profiles/direnv.nix delete mode 100644 home/profiles/eza.nix delete mode 100644 home/profiles/fd.nix delete mode 100644 home/profiles/fish.nix delete mode 100644 home/profiles/git.nix delete mode 100644 home/profiles/go.nix delete mode 100644 home/profiles/k8s.nix delete mode 100644 home/profiles/kitty.nix delete mode 100644 home/profiles/mac.nix delete mode 100644 home/profiles/media.nix delete mode 100644 home/profiles/onepassword.nix create mode 100644 home/profiles/personal.nix delete mode 100644 home/profiles/restic.nix delete mode 100644 home/profiles/security.nix delete mode 100644 home/profiles/ssh.nix delete mode 100644 home/profiles/starship.nix (limited to 'home/profiles') diff --git a/home/profiles/darwin.nix b/home/profiles/darwin.nix new file mode 100644 index 0000000..4347384 --- /dev/null +++ b/home/profiles/darwin.nix @@ -0,0 +1,27 @@ +{ config, ... }: +{ + age = { + identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; + secretsDir = "${config.home.homeDirectory}/.local/share/agenix"; + }; + + imports = [ + ../programs/dev/direnv.nix + ../programs/cli/bat.nix + ../programs/cli/core.nix + ../programs/cli/eza.nix + ../programs/cli/fd.nix + ../programs/dev/delta.nix + ../programs/dev/direnv.nix + ../programs/dev/git.nix + ../programs/dev/go.nix + ../programs/emacs + ../programs/firefox + ../programs/security/onepassword.nix + ../programs/security/ssh.nix + ../programs/shell/fish.nix + ../programs/term/kitty.nix + ]; + + xdg.enable = true; +} diff --git a/home/profiles/direnv.nix b/home/profiles/direnv.nix deleted file mode 100644 index bad971d..0000000 --- a/home/profiles/direnv.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - config.global = { - disable_stdin = true; - strict_env = true; - hide_env_diff = true; - warn_timeout = 0; - }; - }; -} diff --git a/home/profiles/eza.nix b/home/profiles/eza.nix deleted file mode 100644 index cf34d5c..0000000 --- a/home/profiles/eza.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: -{ - programs.eza = { - enable = true; - icons = "always"; - colors = "always"; - git = true; - # I setup my own aliases - enableFishIntegration = false; - extraOptions = [ - "--group-directories-first" - "--no-quotes" - "--git-ignore" - ]; - }; - - programs.fish.shellAliases = { - la = "eza -la"; - ll = "eza -la -L=1"; - lt = "eza -aT -L=2"; - }; -} diff --git a/home/profiles/fd.nix b/home/profiles/fd.nix deleted file mode 100644 index 8fc3a75..0000000 --- a/home/profiles/fd.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - programs.fd = { - enable = true; - hidden = true; - ignores = [ - ".git/" - ".direnv/" - "vendor/" - ]; - }; -} diff --git a/home/profiles/fish.nix b/home/profiles/fish.nix deleted file mode 100644 index 5adb99b..0000000 --- a/home/profiles/fish.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: -{ - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting "" - - # Add utmctl to PATH - fish_add_path /Applications/UTM.app/Contents/MacOS/ - ''; - shellAbbrs = { - ncg = "nix-collect-garbage --delete-older-than 7d"; - ndc = "nix develop --command"; - nfc = "nix flake check"; - ngcroot = "ls -al /nix/var/nix/gcroots/auto/"; - nph = "nix profile history --profile /nix/var/nix/profiles/system"; - nsn = "nix search nixpkgs"; - nsv = "nix store verify --all"; - }; - }; -} diff --git a/home/profiles/git.nix b/home/profiles/git.nix deleted file mode 100644 index 4821498..0000000 --- a/home/profiles/git.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (config) userinfo; -in -{ - home.packages = with pkgs; [ - git-credential-manager - pre-commit - ]; - - programs.delta = { - enable = true; - options.features = "decorations side-by-side line-numbers"; - }; - - programs.git = { - enable = true; - settings = { - user = { - name = lib.mkDefault userinfo.fullName; - email = lib.mkDefault userinfo.email; - }; - - core.whitespace = "trailing-space,space-before-tab"; - color.ui = true; - - # nicer output - column.ui = "auto"; - - # https://adamj.eu/tech/2024/01/18/git-improve-diff-histogram/ - diff.algorithm = "histogram"; - - init.defaultBranch = "main"; - - # https://blog.gitbutler.com/how-git-core-devs-configure-git/ - push = { - # abort if the remote branch does not match the local one - default = "simple"; - autoSetupRemote = true; - followTags = true; - }; - - fetch = { - prune = true; - pruneTags = true; - all = true; - }; - - pull.rebase = true; - - rebase = { - autosquash = true; - updateRefs = true; - # Automatically create a temporary stash entry before the - # operation begins, and apply it after the operation ends. - autoStash = true; - # Print a warning if some commits are removed - missingCommitsCheck = "warn"; - }; - - branch = { - autosetuprebase = "remote"; - sort = "authordate"; - }; - - aliases = { - amend = "commit --amend"; - a = "commit --amend --no-edit"; - st = "status"; - co = "checkout"; - br = "branch"; - rb = "pull --rebase"; - hist = "log --pretty=format:\"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)\" --graph --date=relative --decorate --all"; - llog = "log --graph --name-status --pretty=format:\"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset\" --date=relative"; - logo = "log --pretty=format:\"%C(yellow)%h%Cred%d %Creset%s%Cblue (%cn)\" --decorate"; - logf = "log --pretty=format:\"%C(yellow)%h%Cred%d %Creset%s%Cblue (%cn)\" --decorate --numstat"; - }; - }; - - ignores = [ - ".DS_Store" - ".aider.*" - ".direnv" - ]; - }; -} diff --git a/home/profiles/go.nix b/home/profiles/go.nix deleted file mode 100644 index d6ea5f4..0000000 --- a/home/profiles/go.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: -{ - home.packages = with pkgs; [ - go-tools # collection of tools, https://github.com/dominikh/go-tools - golangci-lint - gopls - ]; - - programs.go = { - enable = true; - env = { - GOPATH = "${config.xdg.dataHome}/pkg.go"; - GOPRIVATE = [ - "github.rbx.com/*" - "fcuny.net/*" - ]; - }; - }; -} diff --git a/home/profiles/k8s.nix b/home/profiles/k8s.nix deleted file mode 100644 index 1e6cd41..0000000 --- a/home/profiles/k8s.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - kind # k8s in docker - kubebuilder # generate controller - kubectl - kubie # kubeconfig browser https://github.com/sbstp/kubie - kubernetes-helm # deploy applications - kubelogin-oidc # OIDC plugin - ]; - - programs.k9s = { - enable = true; - settings = { - k9s = { - refreshRate = 1; - }; - }; - }; - - home.file.kubie = { - target = ".kube/kubie.yaml"; - text = '' - shell: fish - configs: - include: - - ~/.kube/rksconfig - prompt: - fish_use_rprompt: false - ''; - }; - - programs.fish = { - shellAbbrs = { - k = "kubectl"; - kctx = "kubie ctx"; - klogs = "kubectl logs"; - }; - shellAliases = { - ukctx = "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig"; - }; - }; -} diff --git a/home/profiles/kitty.nix b/home/profiles/kitty.nix deleted file mode 100644 index b02702d..0000000 --- a/home/profiles/kitty.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: -{ - programs.kitty = { - enable = true; - themeFile = "Modus_Operandi_Tinted"; - settings = { - copy_on_select = "yes"; - bold_font = "auto"; - italic_font = "auto"; - bold_italic_font = "auto"; - window_padding_width = "3 10"; - enable_audio_bell = "no"; - tab_bar_edge = "bottom"; - tab_title_template = "{title}{' :{}:'.format(num_windows) if num_windows > 1 else ''}"; - tab_bar_style = "powerline"; - font_family = "Source Code Pro"; - font_size = "15.0"; - }; - }; - - programs.fish.shellAliases = { - s = "${pkgs.kitty}/bin/kitten ssh"; - }; -} diff --git a/home/profiles/mac.nix b/home/profiles/mac.nix deleted file mode 100644 index 2aa369f..0000000 --- a/home/profiles/mac.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ pkgs, config, ... }: -let - inherit (config.home) username; -in -{ - age = { - identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; - secretsDir = "${config.home.homeDirectory}/.local/share/agenix"; - }; - - imports = [ - ./direnv.nix - ./eza.nix - ./fd.nix - ./fish.nix - ./git.nix - ./go.nix - ./kitty.nix - ./onepassword.nix - ./ssh.nix - ./starship.nix - ../programs/emacs - ../programs/firefox - ]; - - home.homeDirectory = "/Users/${username}"; - - programs.bat.enable = true; - - home.packages = with pkgs; [ - age - aider-chat - bandwhich - bottom - coreutils - delve - dive # explore layers in docker images - docker - docker-credential-helpers - dust - fish - jless - jq - nil # nix lsp - nix-direnv # integration with direnv - nixfmt-rfc-style # new formatter - procs - restic - ripgrep - shellcheck - tree - wget - wireshark - yq - yubikey-manager - ]; - - home.sessionVariables = { - LESS = "-FRSXM"; - LESSCHARSET = "utf-8"; - PAGER = "less"; - SHELL = "${pkgs.fish}/bin/fish"; - }; - - home.sessionPath = [ - "${config.home.homeDirectory}/.local/bin" - ]; - - xdg.enable = true; -} diff --git a/home/profiles/media.nix b/home/profiles/media.nix deleted file mode 100644 index a2cfd9d..0000000 --- a/home/profiles/media.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ - ffmpeg - transmission_4 - vlc-bin - ]; - - programs.mpv = { - enable = true; - config = { - screenshot-directory = "~/Documents/screenshots"; - ontop = true; - profile = "gpu-hq"; - }; - scripts = with pkgs.mpvScripts; [ - sponsorblock - quality-menu # Switch video quality from YT on-the-go - vr-reversal # Script for mpv to play VR video with optional saving of head tracking data - ]; - }; - - programs.yt-dlp = { - enable = true; - - settings = { - mtime = false; - merge-output-format = "mkv"; - restrict-filenames = true; - embed-thumbnail = true; - embed-metadata = true; - embed-chapters = true; - sponsorblock-mark = "sponsor"; - output = "~/Movies/%(uploader)s/%(upload_date>%Y-%m-%d)s-%(title)s-%(id)s.%(ext)s"; - }; - }; -} diff --git a/home/profiles/minimal.nix b/home/profiles/minimal.nix index 8590dd9..d519374 100644 --- a/home/profiles/minimal.nix +++ b/home/profiles/minimal.nix @@ -4,13 +4,12 @@ let in { imports = [ - ./eza.nix - ./fish.nix + ../programs/cli/bat.nix + ../programs/cli/eza.nix + ../programs/cli/tmux.nix + ../programs/shell/fish.nix ]; - programs.bat.enable = true; - programs.tmux.enable = true; - home.homeDirectory = "/home/${username}"; home.stateVersion = "25.05"; } diff --git a/home/profiles/onepassword.nix b/home/profiles/onepassword.nix deleted file mode 100644 index f364a9e..0000000 --- a/home/profiles/onepassword.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - programs.onepassword = { - enable = true; - sshKeys = [ - { account = "my.1password.com"; } # All keys from personal account - ]; - }; -} diff --git a/home/profiles/personal.nix b/home/profiles/personal.nix new file mode 100644 index 0000000..1ac8613 --- /dev/null +++ b/home/profiles/personal.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + imports = [ + ../programs/backups/restic.nix + ../programs/media/mpv.nix + ../programs/media/videos.nix + ../programs/media/yt-dlp.nix + ../programs/messengers/matrix.nix + ../programs/security/age.nix + ../programs/security/yubikey.nix + ]; +} diff --git a/home/profiles/restic.nix b/home/profiles/restic.nix deleted file mode 100644 index 96ae8d4..0000000 --- a/home/profiles/restic.nix +++ /dev/null @@ -1,197 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - nasHost = "nas"; - repoPath = "/backups/workstation"; - - resticRepository = "sftp:${nasHost}:${repoPath}"; - - backupPaths = [ - "${config.home.homeDirectory}/Documents" - "${config.home.homeDirectory}/Pictures" - ]; - - excludeFile = "${config.home.homeDirectory}/.config/restic/exclude"; - includeFile = "${config.home.homeDirectory}/.config/restic/includes"; -in -{ - home.packages = with pkgs; [ restic ]; - - age.secrets.restic-password = { - file = ../../secrets/restic-pw.age; - path = "${config.home.homeDirectory}/.config/restic/password"; - mode = "400"; - }; - - home.sessionVariables = { - RESTIC_REPOSITORY = resticRepository; - RESTIC_PASSWORD_FILE = config.age.secrets.restic-password.path; - }; - - home.file.".config/restic/includes" = { - text = lib.concatStringsSep "\n" backupPaths; - onChange = '' - echo "Restic backup paths updated" - ''; - }; - - home.file.".config/restic/exclude" = { - text = '' - # macOS specific - .DS_Store - .Trash - .Spotlight-V100 - .fseventsd - .TemporaryItems - .DocumentRevisions-V100 - .VolumeIcon.icns - .AppleDouble - .LSOverride - Library/Caches - Library/Logs - - # Development artifacts - **/node_modules - **/.venv - **/__pycache__ - **/*.pyc - **/venv - **/target # Rust - **/dist - **/build - **/.tox - **/.pytest_cache - **/.coverage - **/.mypy_cache - - # Large files that might not need backup - *.dmg - *.iso - *.pkg - - # Version control - **/.git/objects - **/.git/lfs - - # IDE - **/.idea - **/.vscode - *.swp - *~ - ''; - }; - - home.file.".local/bin/restic-now" = { - executable = true; - text = '' - #!/usr/bin/env bash - set -euo pipefail - - # Colors for output - RED='\033[0;31m' - GREEN='\033[0;32m' - YELLOW='\033[1;33m' - NC='\033[0m' # No Color - - echo -e "''${GREEN}Starting restic backup...''${NC}" - - # Check if repository exists, initialize if not - echo -e "''${YELLOW}Checking repository...''${NC}" - if ! ${pkgs.restic}/bin/restic cat config > /dev/null 2>&1; then - echo -e "''${YELLOW}Repository not found. Initializing...''${NC}" - ${pkgs.restic}/bin/restic init - fi - - # Run backup - echo -e "''${GREEN}Running backup...''${NC}" - ${pkgs.restic}/bin/restic backup \ - --compression max \ - --files-from="${includeFile}" \ - --exclude-file="${excludeFile}" \ - --verbose=1 \ - --host="$(hostname -s)" - - # Unlock in case of stale locks - echo -e "''${YELLOW}Checking for stale locks...''${NC}" - ${pkgs.restic}/bin/restic unlock || true - - # Prune old snapshots - echo -e "''${GREEN}Pruning old snapshots...''${NC}" - ${pkgs.restic}/bin/restic forget \ - --prune \ - --keep-daily=7 \ - --keep-weekly=4 \ - --keep-monthly=12 \ - --compression max \ - --verbose=1 - - # Check repository integrity (optional, can be slow) - echo -e "''${GREEN}Checking repository integrity...''${NC}" - ${pkgs.restic}/bin/restic check --read-data-subset=5% - - echo -e "''${GREEN}Backup completed successfully!''${NC}" - ''; - }; - - home.file.".local/bin/restic-status" = { - executable = true; - text = '' - #!/usr/bin/env bash - set -euo pipefail - - echo "Repository: $RESTIC_REPOSITORY" - echo "" - echo "=== Latest snapshots ===" - ${pkgs.restic}/bin/restic snapshots --latest 5 --compact - echo "" - echo "=== Repository stats ===" - ${pkgs.restic}/bin/restic stats - ''; - }; - - home.file.".local/bin/restic-mount" = { - executable = true; - text = '' - #!/usr/bin/env bash - set -euo pipefail - - MOUNT_POINT="''${1:-$HOME/mnt/restic}" - - if [ ! -d "$MOUNT_POINT" ]; then - echo "Creating mount point: $MOUNT_POINT" - mkdir -p "$MOUNT_POINT" - fi - - echo "Mounting restic repository at $MOUNT_POINT" - echo "Press Ctrl+C to unmount" - ${pkgs.restic}/bin/restic mount "$MOUNT_POINT" - ''; - }; - - home.file.".local/bin/restic-restore" = { - executable = true; - text = '' - #!/usr/bin/env bash - set -euo pipefail - - if [ $# -lt 1 ]; then - echo "Usage: $0 [target-directory]" - echo "" - echo "Available snapshots:" - ${pkgs.restic}/bin/restic snapshots --compact - exit 1 - fi - - SNAPSHOT="$1" - TARGET="''${2:-$HOME/restic-restore}" - - echo "Restoring snapshot $SNAPSHOT to $TARGET" - ${pkgs.restic}/bin/restic restore "$SNAPSHOT" --target "$TARGET" - ''; - }; -} diff --git a/home/profiles/security.nix b/home/profiles/security.nix deleted file mode 100644 index fd82167..0000000 --- a/home/profiles/security.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, config, ... }: -{ - home.packages = with pkgs; [ - age-plugin-yubikey - passage - ]; - - home.sessionVariables = { - "PASSAGE_DIR" = "${config.xdg.dataHome}/passage"; - "PASSAGE_IDENTITIES_FILE" = "${config.xdg.dataHome}/passage/identities"; - }; -} diff --git a/home/profiles/ssh.nix b/home/profiles/ssh.nix deleted file mode 100644 index 004b082..0000000 --- a/home/profiles/ssh.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, ... }: -{ - programs.ssh = { - enable = true; - enableDefaultConfig = false; - matchBlocks = { - "*" = { - forwardAgent = true; - serverAliveInterval = 60; - controlPersist = "30m"; - controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p"; - controlMaster = "auto"; - }; - "rivendell" = { - hostname = "192.168.1.114"; - }; - "riv-unlock" = { - hostname = "192.168.1.114"; - user = "root"; - port = 911; - }; - "nas" = { - hostname = "192.168.1.68"; - }; - "bree" = { - hostname = "192.168.1.50"; - }; - "argonath" = { - hostname = "fcuny.net"; - }; - "github.com" = { - hostname = "github.com"; - user = "git"; - forwardAgent = false; - extraOptions = { - preferredAuthentications = "publickey"; - controlMaster = "no"; - controlPath = "none"; - }; - }; - }; - }; - - home.file = { - # we need this path to be created so that the control path can be used. - ".ssh/sockets/.keep".text = "# Managed by Home Manager"; - }; -} diff --git a/home/profiles/starship.nix b/home/profiles/starship.nix deleted file mode 100644 index 5f0f87a..0000000 --- a/home/profiles/starship.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: -{ - programs.starship = { - enable = true; - settings = { - add_newline = false; - character = { - success_symbol = "[›](bold green)"; - error_symbol = "[›](bold red)"; - }; - "$schema" = "https://starship.rs/config-schema.json"; - hostname = { - ssh_only = true; - }; - username = { - disabled = true; - }; - kubernetes = { - disabled = false; - style = "bold blue"; - }; - nix_shell.disabled = false; - }; - }; -} diff --git a/home/profiles/work.nix b/home/profiles/work.nix index 44db120..c4ebe0a 100644 --- a/home/profiles/work.nix +++ b/home/profiles/work.nix @@ -1,80 +1,19 @@ { lib, pkgs, ... }: -let - nomad-prod = pkgs.writeShellScriptBin "nomad-prod" '' - set -e - - if [ $# -ne 1 ]; then - echo "Usage: nomad-ui CELL_ID" - exit 1 - fi - - CELL_ID=$1 - - echo ">> Fetching cell definition for $CELL_ID from GitHub" - REGION_ID=$(${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/definitions/''${CELL_ID}.yaml --jq '.content' | base64 -d | yq -r '.regionId') - - if [ -z "$REGION_ID" ] || [ "$REGION_ID" = "null" ]; then - echo "Error: Could not retrieve regionId for cell $CELL_ID" - exit 1 - fi - - echo ">> Found regionId: $REGION_ID" - - case "$REGION_ID" in - r002) - VAULT_REGION="chi1" - ;; - r003) - VAULT_REGION="ash1" - ;; - *) - echo "Error: Unknown regionId $REGION_ID. Expected r002 or r003." - exit 1 - ;; - esac - - echo ">> Using vault region: $VAULT_REGION" - - echo ">> Login to $VAULT_REGION vault using Okta" - export VAULT_ADDR="https://$VAULT_REGION-vault.simulprod.com:8200" - export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER) - - echo ">> Accessing cell $CELL_ID" - export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com" - export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management) - - ${pkgs.nomad}/bin/nomad ui --authenticate - ''; -in { imports = [ - ./k8s.nix + ../programs/dev/k8s.nix + ../programs/security/hashi.nix + ../programs/security/sapi.nix ]; home.packages = with pkgs; [ awscli2 boundary # for secure remote access grpcurl - hashi - nomad-prod - sapi tfswitch vault ]; - programs.gh = { - enable = true; - settings = { - version = 1; - git_protocol = "ssh"; - prompt = "enabled"; - aliases = { - co = "pr checkout"; - vw = "pr view --web"; - }; - }; - }; - programs.onepassword.sshKeys = lib.mkAfter [ { account = "roblox.1password.com"; @@ -125,19 +64,8 @@ in } ]) environments ); - - # Add any additional non-environment specific aliases - additionalAliases = { - "sjump-st1-snc2" = "${pkgs.sapi}/bin/sapi jump sitetest1-snc2"; - "sjump-st1-snc3" = "${pkgs.sapi}/bin/sapi jump sitetest3-snc2"; - "sjump-st2-snc2" = "${pkgs.sapi}/bin/sapi jump sitetest2-snc2"; - "sjump-st3" = "${pkgs.sapi}/bin/sapi jump sitetest3"; - "sjump" = "${pkgs.sapi}/bin/sapi jump"; - "ssh-edge" = - "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -J chi1-jumpcontainer-es -i (${pkgs._1password-cli}/bin/op read 'op://Infra-Compute-Edge-rks/ice_ssh-private-key/ice_rsa'|psub)"; - }; in - envAliases // additionalAliases; + envAliases; }; programs.ssh.matchBlocks = { @@ -153,9 +81,6 @@ in }; }; - # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix. - programs.ssh.includes = [ "config_sapi" ]; - programs.git = { extraConfig = { url = { @@ -164,27 +89,5 @@ in }; }; }; - # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working - # to test it's working as expected: - # run `git config --get-all user.email' in a repository to check that we get all the possible emails - # run `git config --get user.email' in a repository to check which email is selected - includes = [ - { - condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - { - condition = "hasconfig:remote.*.url:git@github.com:Roblox/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - { - condition = "hasconfig:remote.*.url:https://github.com/Roblox/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - { - condition = "hasconfig:remote.*.url:https://github.rbx.com/*/**"; - path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); - } - ]; }; } -- cgit v1.2.3