{ lib, pkgs, ... }: { imports = [ ../programs/dev/k8s.nix ../programs/dev/k9s.nix ../programs/dev/kubie.nix ../programs/security/hashi.nix ../programs/security/sapi.nix ]; home.packages = with pkgs; [ awscli2 boundary # for secure remote access grpcurl tfswitch vault ]; programs.onepassword.sshKeys = lib.mkAfter [ { account = "roblox.1password.com"; vault = "Private"; } ]; programs.fish = { shellAbbrs = let environments = [ { name = "chi1"; alias = "chi1"; jumpHost = "chi1-jumpcontainer-es"; } { name = "ash1"; alias = "ash1"; jumpHost = "chi1-jumpcontainer-es"; } { name = "sitetest3"; alias = "st3"; jumpHost = "st3-jumpcontainer-es"; } { name = "sitetest2-snc2"; alias = "st2-snc2"; jumpHost = "st2-snc2-jumpcontainer-es"; } ]; # Generate all environment-specific aliases envAliases = builtins.listToAttrs ( builtins.concatMap (env: [ { name = "ssh-sign-${env.alias}"; value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key"; } { name = "hashi-${env.alias}"; value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v"; } { name = "ssh-${env.alias}"; value = "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/${env.alias}-cert.pub'"; } ]) environments ); in envAliases; }; programs.ssh.matchBlocks = { "github.rbx.com" = { hostname = "github.rbx.com"; user = "git"; forwardAgent = false; extraOptions = { preferredAuthentications = "publickey"; controlMaster = "no"; controlPath = "none"; }; }; }; programs.git = { extraConfig = { url = { "ssh://git@github.rbx.com/" = { insteadOf = "https://github.rbx.com/"; }; }; }; }; }