upstream

2025-12-26 23:14:57 +08:00 · 2025-11-20 14:29:17 -05:00 · 2025-11-20 14:29:17 -05:00 · 16d7918892
commit 16d7918892
parent 00846d03e8
8 changed files with 39 additions and 143 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "vendor/jumphost-nix"]
+	path = vendor/jumphost-nix
+	url = git@github.com:srid/jumphost-nix.git
--- a/configurations/home/srid@vixen.nix
+++ b/configurations/home/srid@vixen.nix
@ -17,7 +17,6 @@ in
    "${homeMod}/all/starship.nix"
    "${homeMod}/all/bash.nix"
    "${homeMod}/all/terminal.nix"
-    "${homeMod}/all/juspay-vertex.nix"
    "${homeMod}/all/1password.nix"
    "${homeMod}/all/obsidian.nix"

--- a/configurations/home/srid@zest.nix
+++ b/configurations/home/srid@zest.nix
@ -9,7 +9,6 @@ in
    flake.inputs.self.homeModules.default
    flake.inputs.self.homeModules.darwin-only
    "${homeMod}/all/1password.nix"
-    "${homeMod}/all/juspay-vertex.nix"
    "${homeMod}/claude-code"
    "${homeMod}/all/juspay.nix"
    "${homeMod}/all/obsidian.nix"
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,10 @@
 {
  description = "Srid's NixOS / nix-darwin configuration";

+
  inputs = {
+    self.submodules = true; # See ./vendor
+
    flake-parts.url = "github:hercules-ci/flake-parts";

    # Principle inputs
--- a/modules/home/all/juspay-vertex.nix
+++ b/modules/home/all/juspay-vertex.nix
@ -1,24 +0,0 @@
-{
-  # Mirroring configuration from https://github.com/juspay/vertex
-  home.sessionVariables = {
-    # Enable Vertex AI integration
-    CLAUDE_CODE_USE_VERTEX = "1";
-    CLOUD_ML_REGION = "us-east5";
-    ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma";
-
-    # Optional: Disable prompt caching if needed
-    DISABLE_PROMPT_CACHING = "1";
-
-    # Optional: Override regions for specific models
-    VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1";
-    VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4";
-    VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5";
-
-    # Model configuration
-    ANTHROPIC_MODEL = "claude-sonnet-4-5";
-    ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku";
-  };
-}
--- a/modules/home/all/juspay.nix
+++ b/modules/home/all/juspay.nix
@ -1,130 +1,46 @@
-# For Juspay work
-{ pkgs, config, lib, ... }:
-let
-  cfg = config.programs.juspay;
-in
+# Juspay-specific configuration using the work jump host module
 {
-  options.programs.juspay = {
-    enable = lib.mkEnableOption "Juspay work configuration" // {
-      default = true;
+  imports = [ ../../../vendor/jumphost-nix/module.nix ];
+
+  # https://github.com/srid/jumphost-nix
+  programs.jumphost = {
+    enable = true;
+    host = "vanjaram.tail12b27.ts.net";
+
+    sshHosts = {
+      "ssh.bitbucket.juspay.net".user = "git";
    };

-    jumpHost = lib.mkOption {
-      type = lib.types.str;
-      default = "vanjaram.tail12b27.ts.net";
-      description = ''
-        Jump host (a machine in Juspay office) used to access Juspay services without VPN.
-        Used as SSH proxy jump for Bitbucket and as SOCKS5 tunnel endpoint.
-      '';
-    };
-
-    identityFile = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-      description = ''
-        Optional path to SSH identity file used for authenticating to Juspay's Bitbucket (ssh.bitbucket.juspay.net).
-        If not specified, SSH will use default authentication methods.
-      '';
-    };
-
-    baseCodeDir = lib.mkOption {
-      type = lib.types.str;
-      default = "~/juspay";
-      description = ''
-        Base directory containing Juspay code repositories (git commits in subdirectories will use the configured email)
-      '';
-    };
-
-    email = lib.mkOption {
-      type = lib.types.str;
-      default = "sridhar.ratnakumar@juspay.in";
-      description = ''
-        Email address to use for git commits within the baseCodeDir
-      '';
+    git = {
+      baseCodeDir = "~/juspay";
+      email = "sridhar.ratnakumar@juspay.in";
    };

    socks5Proxy = {
-      enable = lib.mkEnableOption "SOCKS5 proxy via SSH tunnel" // {
-        default = true;
-      };
-
-      port = lib.mkOption {
-        type = lib.types.port;
-        default = 1080;
-        description = ''
-          Local port to bind the SOCKS5 proxy server (tunneled through jumpHost)
-        '';
-      };
+      enable = true;
    };
  };

-  config = lib.mkIf cfg.enable {
-    programs.ssh = {
-      enable = true;
-      matchBlocks = {
-        # For git cloning via another jump host
-        "ssh.bitbucket.juspay.net" = {
-          user = "git";
+  # Mirroring configuration from https://github.com/juspay/vertex
+  home.sessionVariables = {
+    # Enable Vertex AI integration
+    CLAUDE_CODE_USE_VERTEX = "1";
+    CLOUD_ML_REGION = "us-east5";
+    ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma";

-          # This is the magic line that routes traffic 
-          # through the other machine
-          proxyJump = cfg.jumpHost;
+    # Optional: Disable prompt caching if needed
+    DISABLE_PROMPT_CACHING = "1";

-          identityFile = lib.mkIf (cfg.identityFile != null) cfg.identityFile;
-        };
-        "${cfg.jumpHost}" = {
-          forwardAgent = true;
-        };
-      };
-    };
+    # Optional: Override regions for specific models
+    VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1";
+    VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5";
+    VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5";
+    VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4";
+    VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5";
+    VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5";

-    programs.git = {
-      # Bitbucket git access and policies
-      includes = [
-        {
-          condition = "gitdir:${cfg.baseCodeDir}/**";
-          contents = {
-            user.email = cfg.email;
-          };
-        }
-      ];
-    };
-
-    # SOCKS5 proxy via SSH tunnel to jump host
-    launchd.agents.juspay-socks5-proxy = lib.mkIf (cfg.socks5Proxy.enable && pkgs.stdenv.isDarwin) {
-      enable = true;
-      config = {
-        ProgramArguments = [
-          "${pkgs.openssh}/bin/ssh"
-          "-D" # Dynamic port forwarding (SOCKS proxy)
-          (toString cfg.socks5Proxy.port)
-          "-N" # Don't execute remote command
-          # "-q" # Quiet mode (suppress warnings)
-          "-C" # Enable compression
-          cfg.jumpHost
-        ];
-        KeepAlive = true;
-        RunAtLoad = true;
-        StandardOutPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.log";
-        StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.err";
-      };
-    };
-
-    systemd.user.services.juspay-socks5-proxy = lib.mkIf (cfg.socks5Proxy.enable && pkgs.stdenv.isLinux) {
-      Unit = {
-        Description = "SOCKS5 proxy via SSH tunnel to Juspay jump host";
-        After = [ "network.target" ];
-      };
-
-      Service = {
-        ExecStart = "${pkgs.openssh}/bin/ssh -D ${toString cfg.socks5Proxy.port} -N -C ${cfg.jumpHost}";
-        Restart = "always";
-        RestartSec = "10s";
-      };
-
-      Install = {
-        WantedBy = [ "default.target" ];
-      };
-    };
+    # Model configuration
+    ANTHROPIC_MODEL = "claude-sonnet-4-5";
+    ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku";
  };
 }
--- a/modules/home/linux-only.nix
+++ b/modules/home/linux-only.nix
@ -2,7 +2,6 @@
  imports = [
    ./all/bash.nix
    ./claude-code
-    ./all/juspay-vertex.nix
    # ./all/zsh.nix
    # ./all/vscode-server.nix
  ];
--- a/vendor/jumphost-nix
+++ b/vendor/jumphost-nix
@ -0,0 +1 @@
+Subproject commit ff29409a94fa648cf5bc7084ff7c617204dbb0a0
				`@ -0,0 +1 @@`
				`Subproject commit ff29409a94fa648cf5bc7084ff7c617204dbb0a0`