dot

NixOS dotfiles
git clone https://git.echoz.io/dot.git
Log | Files | Refs

default.nix (2849B)

      1 {
      2   lib,
      3   config,
      4   pkgs,
      5 
      6   user,
      7   ...
      8 }:
      9 {
     10   home-manager.users.${user} =
     11     let
     12       cfg = config.home-manager.users.${user}.programs.kubectl;
     13     in
     14     {
     15       options.programs.kubectl.clusters = lib.mkOption {
     16         type = lib.types.attrsOf (
     17           lib.types.submodule {
     18             options = {
     19               rbwSecret = lib.mkOption {
     20                 type = lib.types.str;
     21               };
     22 
     23               server = lib.mkOption {
     24                 type = lib.types.str;
     25               };
     26 
     27               caBase64 = lib.mkOption {
     28                 type = lib.types.str;
     29               };
     30             };
     31           }
     32         );
     33       };
     34 
     35       config.programs.kubecolor = {
     36         enable = true;
     37         enableAlias = true;
     38         settings = {
     39           kubectl = lib.getExe pkgs.kubectl;
     40           preset = "dark";
     41           theme.data.string = "green";
     42         };
     43       };
     44 
     45       config.home = {
     46         packages = with pkgs; [
     47           kubectl
     48           kubectx
     49           (writeShellScriptBin "kubectl-reveal" ''
     50             exec ${lib.getExe yq-go} '.data |= map_values(@base64d)'
     51           '')
     52         ];
     53 
     54         file.".kube/config" = {
     55           force = true;
     56           mutable = true;
     57           text = builtins.toJSON {
     58             apiVersion = "v1";
     59             kind = "Config";
     60             current-context = "";
     61             preferences = { };
     62 
     63             clusters = lib.mapAttrsToList (name: cluster: {
     64               inherit name;
     65               cluster = {
     66                 inherit (cluster) server;
     67                 certificate-authority-data = cluster.caBase64;
     68               };
     69             }) cfg.clusters;
     70 
     71             contexts = lib.mapAttrsToList (name: cluster: {
     72               inherit name;
     73               context = {
     74                 cluster = name;
     75                 user = name;
     76                 namespace = "default";
     77               };
     78             }) cfg.clusters;
     79 
     80             users = lib.mapAttrsToList (name: cluster: {
     81               inherit name;
     82               user.exec = {
     83                 apiVersion = "client.authentication.k8s.io/v1beta1";
     84                 command = pkgs.writeShellScript "kubectl-credential-helper-${name}" ''
     85                   set -e -o pipefail
     86                   token="$(${lib.getExe pkgs.rbw} get "${cluster.rbwSecret}")"
     87                   expiration="$(date -ud '1 hour' '+%Y-%m-%dT%H:%M:%SZ')"
     88                   ${lib.getExe pkgs.jq} -n --arg token "$token" --arg expiration "$expiration" '{
     89                     "apiVersion": "client.authentication.k8s.io/v1beta1",
     90                     "kind": "ExecCredential",
     91                     "status": {
     92                       "token": $token,
     93                       "expirationTimestamp": $expiration,
     94                     },
     95                   }'
     96                 '';
     97               };
     98             }) cfg.clusters;
     99           };
    100         };
    101       };
    102     };
    103 }