blob: 688bf2df00b817856a2aac744d634a279f8c9fdf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
{ config, pkgs, ... }:
let
nomad-prod = pkgs.writeShellScriptBin "nomad-prod" ''
set -e
if [ $# -ne 1 ]; then
echo "Usage: nomad-ui CELL_ID"
exit 1
fi
CELL_ID=$1
echo ">> Fetching cell definition for $CELL_ID from GitHub"
REGION_ID=$(${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/definitions/''${CELL_ID}.yaml --jq '.content' | base64 -d | yq -r '.regionId')
if [ -z "$REGION_ID" ] || [ "$REGION_ID" = "null" ]; then
echo "Error: Could not retrieve regionId for cell $CELL_ID"
exit 1
fi
echo ">> Found regionId: $REGION_ID"
case "$REGION_ID" in
r002)
VAULT_REGION="chi1"
;;
r003)
VAULT_REGION="ash1"
;;
*)
echo "Error: Unknown regionId $REGION_ID. Expected r002 or r003."
exit 1
;;
esac
echo ">> Using vault region: $VAULT_REGION"
echo ">> Login to $VAULT_REGION vault using Okta"
export VAULT_ADDR="https://$VAULT_REGION-vault.simulprod.com:8200"
export VAULT_TOKEN=$(${pkgs.vault}/bin/vault login -field=token -method=oidc username=$USER)
echo ">> Accessing cell $CELL_ID"
export NOMAD_ADDR="https://$CELL_ID-nomad.simulprod.com"
export NOMAD_TOKEN=$(${pkgs.vault}/bin/vault read -field secret_id ''${CELL_ID}_nomad/creds/management)
${pkgs.nomad}/bin/nomad ui --authenticate
'';
in
{
home.packages = with pkgs; [
nomad-prod
hashi
];
programs.fish = {
shellAbbrs =
let
environments = [
{
name = "chi1";
alias = "chi1";
jumpHost = "chi1-jumpcontainer-es";
}
{
name = "ash1";
alias = "ash1";
jumpHost = "chi1-jumpcontainer-es";
}
{
name = "sitetest3";
alias = "st3";
jumpHost = "st3-jumpcontainer-es";
}
{
name = "sitetest2-snc2";
alias = "st2-snc2";
jumpHost = "st2-snc2-jumpcontainer-es";
}
];
# Generate all environment-specific aliases
envAliases = builtins.listToAttrs (
builtins.concatMap (env: [
{
name = "ssh-sign-${env.alias}";
value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=${config.home.homeDirectory}/.ssh/${env.alias}-cert.pub --key=${config.home.homeDirectory}/.ssh/id_ed25519_sk_rk key.pub";
}
{
name = "hashi-${env.alias}";
value = "${pkgs.hashi}/bin/hashi -e ${env.name} show v";
}
{
name = "ssh-${env.alias}";
value = "${pkgs.kitty}/bin/kitten ssh -o StrictHostKeyChecking=no -J ${env.jumpHost} -o 'CertificateFile=~/.ssh/${env.alias}-cert.pub'";
}
]) environments
);
in
envAliases;
};
}
|
