nix/users/fcuny/work.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

{ pkgs, ... }:
{
  imports = [ ./k8s.nix ];

  home.packages = with pkgs; [
    # hashicorp
    boundary
    nomad-pack
    tfswitch
    vault

    # for ssh
    customPackages.sapi

    # for tokens
    customPackages.hashi
  ];

  programs.fish = {
    shellAbbrs =
      let
        environments = [
          {
            name = "chi1";
            alias = "chi1";
          }
          {
            name = "ash1";
            alias = "ash1";
          }
          {
            name = "sitetest3";
            alias = "st3";
          }
        ];

        # Generate all environment-specific aliases
        envAliases = builtins.listToAttrs (
          builtins.concatMap (env: [
            {
              name = "ssh-sign-${env.alias}";
              value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/cert-${env.alias} --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
            }
            {
              name = "hashi-${env.alias}";
              value = "${pkgs.customPackages.hashi}/bin/hashi -e ${env.name} show v";
            }
            {
              name = "ssh-${env.alias}";
              value = "ssh -J chi1-jumpcontainer-es -o 'CertificateFile=~/.ssh/cert-${env.alias}'";
            }
          ]) environments
        );

        # Add any additional non-environment specific aliases
        additionalAliases = {
          "sjump" = "${pkgs.customPackages.sapi}/bin/sapi jump";
        };
      in
      envAliases // additionalAliases;
  };

  # the configuration for sapi is generated when we run `sapi jump`, there's no need to manage it with nix.
  programs.ssh.includes = [ "config_sapi" ];
}