{ pkgs, ... }:
{
  imports = [ ./k8s.nix ];

  home.packages = with pkgs; [
    # hashicorp
    boundary
    nomad-pack
    tfswitch
    vault

    # for ssh
    sapi

    # for tokens
    hashi
  ];

  programs.fish = {
    shellAbbrs = {
      "ssh-sign-chi" =
        "${pkgs.hashi}/bin/hashi -e chi1 sign --output-path=/Users/fcuny/.ssh/cert-chi1 --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
      "hashi-chi" = "${pkgs.hashi}/bin/hashi -e chi1 show v";
      "hashi-ash" = "${pkgs.hashi}/bin/hashi -e ash1 show v";
      "pssh" = "ssh -J chi1-jumpcontainer-es -o 'CertificateFile=~/.ssh/cert-chi1'";
      "sjump" = "${pkgs.sapi}/bin/sapi jump";
    };
  };

  # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix.
  programs.ssh.includes = [ "config_sapi" ];
}