{ pkgs, ... }: let nomad-prod = pkgs.writeShellScriptBin "nomad-prod" '' #!${pkgs.runtimeShell} set -e if [ $# -ne 1 ]; then echo "Usage: nomad-ui CELL_ID" exit 1 fi CELL_ID=$1 echo ">> Login to chi1 vault using Okta" export VAULT_ADDR="https://chi1-vault.simulprod.com:8200" export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER) echo ">> Accessing cell $CELL_ID" export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com" export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management) nomad ui --authenticate ''; in { imports = [ ./k8s.nix ]; home.packages = with pkgs; [ # hashicorp boundary nomad-pack tfswitch vault # for ssh customPackages.sapi # for tokens customPackages.hashi # for nomad nomad-prod ]; programs.fish = { shellAbbrs = let environments = [ { name = "chi1"; alias = "chi1"; } { name = "ash1"; alias = "ash1"; } { name = "sitetest3"; alias = "st3"; } ]; # Generate all environment-specific aliases envAliases = builtins.listToAttrs ( builtins.concatMap (env: [ { name = "ssh-sign-${env.alias}"; value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key"; } { name = "hashi-${env.alias}"; value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} show v"; } { name = "ssh-${env.alias}"; value = "ssh -J chi1-jumpcontainer-es -o 'CertificateFile=~/.ssh/cert-${env.alias}'"; } ]) environments ); # Add any additional non-environment specific aliases additionalAliases = { "sjump" = "${pkgs.customPackages.sapi}/bin/sapi jump"; }; in envAliases // additionalAliases; }; # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix. programs.ssh.includes = [ "config_sapi" ]; }