commit dc36cf37b265c552584bbed7ebf0b159fa957d1e
parent b5debc2196f598144120583fa1c092ae42edf555
Author: Chris <chris@echoz.io>
Date: Mon, 13 Oct 2025 20:15:23 +0200
feat: add kubectl config
Diffstat:
3 files changed, 107 insertions(+), 4 deletions(-)
diff --git a/flake.lock b/flake.lock
@@ -214,11 +214,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1760300355,
- "narHash": "sha256-Rmmg7u/XNRg6V78OqSW6JoqtlIM4JQ2pii5Jd0mEWjc=",
+ "lastModified": 1760375995,
+ "narHash": "sha256-Cj91JlAlsvwNZUvY5eqr3Lfkp8/RV6Nn+XLpcesH8nk=",
"owner": "echozio",
"repo": "sec",
- "rev": "7c06d094c91c08d4e9cd8f3b526b3527e63d424f",
+ "rev": "cb39cc10d8aa6e2c0e5f2f3cc30e3bfcba824d2b",
"type": "github"
},
"original": {
diff --git a/modules/aerc/binds.nix b/modules/aerc/binds.nix
@@ -21,7 +21,7 @@
a = ":read<Enter>,:archive flat<Enter>";
d = ":read<Enter>,:move Spam<Enter>";
f = ":move Important<Enter>";
- "<space>" = ":read -t<Enter>";
+ "<space>" = ":read -t<Enter>";
e = ":envelope -h -s '%s: %s'<Enter>";
E = ":pipe -m -s -- vi - -R -c 'set filetype=mail'<Enter>";
diff --git a/modules/kubectl/default.nix b/modules/kubectl/default.nix
@@ -0,0 +1,103 @@
+{
+ lib,
+ config,
+ pkgs,
+
+ user,
+ ...
+}:
+{
+ home-manager.users.${user} =
+ let
+ cfg = config.home-manager.users.${user}.programs.kubectl;
+ in
+ {
+ options.programs.kubectl.clusters = lib.mkOption {
+ type = lib.types.attrsOf (
+ lib.types.submodule {
+ options = {
+ rbwSecret = lib.mkOption {
+ type = lib.types.str;
+ };
+
+ server = lib.mkOption {
+ type = lib.types.str;
+ };
+
+ caBase64 = lib.mkOption {
+ type = lib.types.str;
+ };
+ };
+ }
+ );
+ };
+
+ config.programs.kubecolor = {
+ enable = true;
+ enableAlias = true;
+ settings = {
+ kubectl = lib.getExe pkgs.kubectl;
+ preset = "dark";
+ theme.data.string = "green";
+ };
+ };
+
+ config.home = {
+ packages = with pkgs; [
+ kubectl
+ kubectx
+ (writeShellScriptBin "kubectl-reveal" ''
+ exec ${lib.getExe yq-go} '.data |= map_values(@base64d)'
+ '')
+ ];
+
+ file.".kube/config" = {
+ force = true;
+ mutable = true;
+ text = builtins.toJSON {
+ apiVersion = "v1";
+ kind = "Config";
+ current-context = "";
+ preferences = { };
+
+ clusters = lib.mapAttrsToList (name: cluster: {
+ inherit name;
+ cluster = {
+ inherit (cluster) server;
+ certificate-authority-data = cluster.caBase64;
+ };
+ }) cfg.clusters;
+
+ contexts = lib.mapAttrsToList (name: cluster: {
+ inherit name;
+ context = {
+ cluster = name;
+ user = name;
+ namespace = "default";
+ };
+ }) cfg.clusters;
+
+ users = lib.mapAttrsToList (name: cluster: {
+ inherit name;
+ user.exec = {
+ apiVersion = "client.authentication.k8s.io/v1beta1";
+ command = pkgs.writeShellScript "kubectl-credential-helper-${name}" ''
+ set -e -o pipefail
+ token="$(${lib.getExe pkgs.rbw} get "${cluster.rbwSecret}")"
+ expiration="$(date -ud '1 hour' '+%Y-%m-%dT%H:%M:%SZ')"
+ ${lib.getExe pkgs.jq} -n --arg token "$token" --arg expiration "$expiration" '{
+ "apiVersion": "client.authentication.k8s.io/v1beta1",
+ "kind": "ExecCredential",
+ "status": {
+ "token": $token,
+ "expirationTimestamp": $expiration,
+ },
+ }'
+ '';
+ };
+ }) cfg.clusters;
+ };
+ };
+ };
+ };
+}
