diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..bb62f73 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "vendor/jumphost-nix"] + path = vendor/jumphost-nix + url = git@github.com:srid/jumphost-nix.git diff --git a/configurations/home/srid@vixen.nix b/configurations/home/srid@vixen.nix index e3689c6..bf20677 100644 --- a/configurations/home/srid@vixen.nix +++ b/configurations/home/srid@vixen.nix @@ -17,7 +17,6 @@ in "${homeMod}/all/starship.nix" "${homeMod}/all/bash.nix" "${homeMod}/all/terminal.nix" - "${homeMod}/all/juspay-vertex.nix" "${homeMod}/all/1password.nix" "${homeMod}/all/obsidian.nix" diff --git a/configurations/home/srid@zest.nix b/configurations/home/srid@zest.nix index 0363781..dc6a1ba 100644 --- a/configurations/home/srid@zest.nix +++ b/configurations/home/srid@zest.nix @@ -9,7 +9,6 @@ in flake.inputs.self.homeModules.default flake.inputs.self.homeModules.darwin-only "${homeMod}/all/1password.nix" - "${homeMod}/all/juspay-vertex.nix" "${homeMod}/claude-code" "${homeMod}/all/juspay.nix" "${homeMod}/all/obsidian.nix" diff --git a/flake.nix b/flake.nix index a592f91..e019fcd 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,10 @@ { description = "Srid's NixOS / nix-darwin configuration"; + inputs = { + self.submodules = true; # See ./vendor + flake-parts.url = "github:hercules-ci/flake-parts"; # Principle inputs diff --git a/modules/home/all/juspay-vertex.nix b/modules/home/all/juspay-vertex.nix deleted file mode 100644 index 6b35517..0000000 --- a/modules/home/all/juspay-vertex.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - # Mirroring configuration from https://github.com/juspay/vertex - home.sessionVariables = { - # Enable Vertex AI integration - CLAUDE_CODE_USE_VERTEX = "1"; - CLOUD_ML_REGION = "us-east5"; - ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma"; - - # Optional: Disable prompt caching if needed - DISABLE_PROMPT_CACHING = "1"; - - # Optional: Override regions for specific models - VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1"; - VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5"; - VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5"; - VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4"; - VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5"; - VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5"; - - # Model configuration - ANTHROPIC_MODEL = "claude-sonnet-4-5"; - ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku"; - }; -} diff --git a/modules/home/all/juspay.nix b/modules/home/all/juspay.nix index d0ab37e..11dceee 100644 --- a/modules/home/all/juspay.nix +++ b/modules/home/all/juspay.nix @@ -1,130 +1,46 @@ -# For Juspay work -{ pkgs, config, lib, ... }: -let - cfg = config.programs.juspay; -in +# Juspay-specific configuration using the work jump host module { - options.programs.juspay = { - enable = lib.mkEnableOption "Juspay work configuration" // { - default = true; + imports = [ ../../../vendor/jumphost-nix/module.nix ]; + + # https://github.com/srid/jumphost-nix + programs.jumphost = { + enable = true; + host = "vanjaram.tail12b27.ts.net"; + + sshHosts = { + "ssh.bitbucket.juspay.net".user = "git"; }; - jumpHost = lib.mkOption { - type = lib.types.str; - default = "vanjaram.tail12b27.ts.net"; - description = '' - Jump host (a machine in Juspay office) used to access Juspay services without VPN. - Used as SSH proxy jump for Bitbucket and as SOCKS5 tunnel endpoint. - ''; - }; - - identityFile = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = '' - Optional path to SSH identity file used for authenticating to Juspay's Bitbucket (ssh.bitbucket.juspay.net). - If not specified, SSH will use default authentication methods. - ''; - }; - - baseCodeDir = lib.mkOption { - type = lib.types.str; - default = "~/juspay"; - description = '' - Base directory containing Juspay code repositories (git commits in subdirectories will use the configured email) - ''; - }; - - email = lib.mkOption { - type = lib.types.str; - default = "sridhar.ratnakumar@juspay.in"; - description = '' - Email address to use for git commits within the baseCodeDir - ''; + git = { + baseCodeDir = "~/juspay"; + email = "sridhar.ratnakumar@juspay.in"; }; socks5Proxy = { - enable = lib.mkEnableOption "SOCKS5 proxy via SSH tunnel" // { - default = true; - }; - - port = lib.mkOption { - type = lib.types.port; - default = 1080; - description = '' - Local port to bind the SOCKS5 proxy server (tunneled through jumpHost) - ''; - }; + enable = true; }; }; - config = lib.mkIf cfg.enable { - programs.ssh = { - enable = true; - matchBlocks = { - # For git cloning via another jump host - "ssh.bitbucket.juspay.net" = { - user = "git"; + # Mirroring configuration from https://github.com/juspay/vertex + home.sessionVariables = { + # Enable Vertex AI integration + CLAUDE_CODE_USE_VERTEX = "1"; + CLOUD_ML_REGION = "us-east5"; + ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma"; - # This is the magic line that routes traffic - # through the other machine - proxyJump = cfg.jumpHost; + # Optional: Disable prompt caching if needed + DISABLE_PROMPT_CACHING = "1"; - identityFile = lib.mkIf (cfg.identityFile != null) cfg.identityFile; - }; - "${cfg.jumpHost}" = { - forwardAgent = true; - }; - }; - }; + # Optional: Override regions for specific models + VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1"; + VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5"; + VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5"; + VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4"; + VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5"; + VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5"; - programs.git = { - # Bitbucket git access and policies - includes = [ - { - condition = "gitdir:${cfg.baseCodeDir}/**"; - contents = { - user.email = cfg.email; - }; - } - ]; - }; - - # SOCKS5 proxy via SSH tunnel to jump host - launchd.agents.juspay-socks5-proxy = lib.mkIf (cfg.socks5Proxy.enable && pkgs.stdenv.isDarwin) { - enable = true; - config = { - ProgramArguments = [ - "${pkgs.openssh}/bin/ssh" - "-D" # Dynamic port forwarding (SOCKS proxy) - (toString cfg.socks5Proxy.port) - "-N" # Don't execute remote command - # "-q" # Quiet mode (suppress warnings) - "-C" # Enable compression - cfg.jumpHost - ]; - KeepAlive = true; - RunAtLoad = true; - StandardOutPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.log"; - StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.err"; - }; - }; - - systemd.user.services.juspay-socks5-proxy = lib.mkIf (cfg.socks5Proxy.enable && pkgs.stdenv.isLinux) { - Unit = { - Description = "SOCKS5 proxy via SSH tunnel to Juspay jump host"; - After = [ "network.target" ]; - }; - - Service = { - ExecStart = "${pkgs.openssh}/bin/ssh -D ${toString cfg.socks5Proxy.port} -N -C ${cfg.jumpHost}"; - Restart = "always"; - RestartSec = "10s"; - }; - - Install = { - WantedBy = [ "default.target" ]; - }; - }; + # Model configuration + ANTHROPIC_MODEL = "claude-sonnet-4-5"; + ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku"; }; } diff --git a/modules/home/linux-only.nix b/modules/home/linux-only.nix index b3f531c..32125a7 100644 --- a/modules/home/linux-only.nix +++ b/modules/home/linux-only.nix @@ -2,7 +2,6 @@ imports = [ ./all/bash.nix ./claude-code - ./all/juspay-vertex.nix # ./all/zsh.nix # ./all/vscode-server.nix ]; diff --git a/vendor/jumphost-nix b/vendor/jumphost-nix new file mode 160000 index 0000000..ff29409 --- /dev/null +++ b/vendor/jumphost-nix @@ -0,0 +1 @@ +Subproject commit ff29409a94fa648cf5bc7084ff7c617204dbb0a0