C3C/nix-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: C3C:22511d023802006bfa00f5fe0f65d2fd5514e6a8
Branches Tags
C3C:main
..
compare: C3C:b163b2f9ce897a4a0b66a8b6714bffcc866d6b6f
Branches Tags
C3C:main

2 Commits
22511d0238 ... b163b2f9ce

Author SHA1 Message Date
arnie
b163b2f9ce
Formatting 2025-08-21 12:33:25 +02:00
arnie
7385941c96
Implement okta aws cli 2025-08-21 12:33:12 +02:00
6 changed files with 53 additions and 35 deletions
Show Stats Expand all files Collapse all files

4
flake.nix
View File

@ -97,7 +97,9 @@
system = "aarch64-darwin"; system = "aarch64-darwin";
specialArgs = { specialArgs = {
self = self; self = self;
inputs = inputs // { darwin = inputs.nix-darwin; }; inputs = inputs // {
darwin = inputs.nix-darwin;
};
}; };
modules = [ modules = [
# Add our overlay to the system configuration # Add our overlay to the system configuration

1
home-manager/common.nix
View File

@ -107,7 +107,6 @@
}; };
}; };
programs.starship = { programs.starship = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;

9
home-manager/lcech-mac-veracode.nix
View File

@ -1,4 +1,5 @@
{ {
config,
lib, lib,
pkgs, pkgs,
... ...
@ -11,12 +12,16 @@ let
gitUsername = "Lukas Cech"; gitUsername = "Lukas Cech";
gitEmail = "lcech@veracode.com"; gitEmail = "lcech@veracode.com";
in in
{ {
imports = [ imports = [
(import ./veracode/aws-cli.nix { (import ./veracode/aws-cli.nix {
inherit homedir lib pkgs; inherit
config
homedir
lib
pkgs
;
}) })
]; ];

17
home-manager/programs/zsh.nix
View File

@ -60,11 +60,16 @@ in
SHARABLE_URL="$SSO_URL/#/console?account_id=$ACCOUNT_ID&role_name=$ROLE_NAME&destination=$(${pkgs.urlencode}/bin/urlencode "https://$URL")" SHARABLE_URL="$SSO_URL/#/console?account_id=$ACCOUNT_ID&role_name=$ROLE_NAME&destination=$(${pkgs.urlencode}/bin/urlencode "https://$URL")"
${if isDarwin then '' ${
if isDarwin then
''
echo -n "$SHARABLE_URL" | pbcopy echo -n "$SHARABLE_URL" | pbcopy
'' else '' ''
else
''
echo -n "$SHARABLE_URL" | ${pkgs.xclip}/bin/xclip -selection clipboard echo -n "$SHARABLE_URL" | ${pkgs.xclip}/bin/xclip -selection clipboard
''} ''
}
echo "URL copied to clipboard" echo "URL copied to clipboard"
''}"; ''}";
@ -92,14 +97,16 @@ in
git-sync-remote = lib.mkDefault "git remote update origin --prune"; git-sync-remote = lib.mkDefault "git remote update origin --prune";
cleanup-kube-config = "${pkgs.writeShellApplication { cleanup-kube-config = "${
pkgs.writeShellApplication {
name = "app"; name = "app";
text = ./zsh/aliases/cleanup-kube-config.sh; text = ./zsh/aliases/cleanup-kube-config.sh;
runtimeInputs = [ runtimeInputs = [
pkgs.gnugrep pkgs.gnugrep
pkgs.coreutils pkgs.coreutils
]; ];
}}/bin/app"; }
}/bin/app";
klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" '' klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" ''
ctx="$1" ctx="$1"

16
home-manager/veracode/.okta_aws_login_config Normal file
View File

@ -0,0 +1,16 @@
[govus-stage]
okta_org_url = https://govus-staging-veracode.okta.com
gimme_creds_server = appurl
aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
write_aws_creds = False
cred_profile = role
okta_username = lcech@veracode.com
app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
resolve_aws_alias = False
include_path = True
preferred_mfa_type = push
remember_device = True
aws_default_duration = 3600
output_format = export
force_classic = True
enable_keychain = True

25
home-manager/veracode/aws-cli.nix
View File

@ -1,4 +1,5 @@
{ {
config,
homedir, homedir,
lib, lib,
pkgs, pkgs,
@ -551,24 +552,7 @@ in
}; };
home.file."${homedir}/.okta_aws_login_config" = { home.file."${homedir}/.okta_aws_login_config" = {
text = '' source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
[DEFAULT]
okta_org_url = https://govus-staging-veracode.okta.com
gimme_creds_server = appurl
aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
write_aws_creds = False
cred_profile = role
okta_username = lcech@veracode.com
app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
resolve_aws_alias = False
include_path = True
preferred_mfa_type = push
remember_device = True
aws_default_duration = 3600
output_format = export
force_classic = True
enable_keychain = True
'';
}; };
home.packages = [ home.packages = [
@ -576,6 +560,11 @@ enable_keychain = True
]; ];
programs.zsh.shellAliases = { programs.zsh.shellAliases = {
export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
gimme-aws-creds --profile govus-stage
echo "export AWS_REGION=us-gov-west-1"
''}'';
veracode-find = ''${pkgs.writeShellScript "veracode-find" '' veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
echo "=== $profile ===" echo "=== $profile ==="