dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2025-12-26 15:04:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

make module

Browse source
This commit is contained in:
Sridhar Ratnakumar 2025-11-20 14:04:20 -05:00
parent 5034fa8cd7
commit a030e215af
1 changed files with 96 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

136
modules/home/all/juspay.nix
View file

@ -1,56 +1,112 @@
# For Juspay work
{ pkgs, config, ... }:
{ pkgs, config, lib, ... }:
let
vanjaram = "vanjaram.tail12b27.ts.net"; # Shared with my tailnet
cfg = config.programs.juspay;
in
{
programs.ssh = {
enable = true;
matchBlocks = {
# For git cloning via another jump host
"ssh.bitbucket.juspay.net" = {
user = "git";
options.programs.juspay = {
enable = lib.mkEnableOption "Juspay work configuration" // {
default = true;
};
# This is the magic line that routes traffic
# through the other machine
proxyJump = vanjaram;
jumpHost = lib.mkOption {
type = lib.types.str;
default = "vanjaram.tail12b27.ts.net";
description = ''
Jump host for Juspay work (used as SSH proxy jump and SOCKS5 tunnel endpoint)
'';
};
# Download this from 1Password
identityFile = "~/.ssh/juspay.pub";
identityFile = lib.mkOption {
type = lib.types.str;
default = "~/.ssh/juspay.pub";
description = ''
Path to SSH identity file used for authenticating to Juspay's Bitbucket (ssh.bitbucket.juspay.net)
'';
};
baseCodeDir = lib.mkOption {
type = lib.types.str;
default = "~/juspay";
description = ''
Base directory containing Juspay code repositories (git commits in subdirectories will use the configured email)
'';
};
email = lib.mkOption {
type = lib.types.str;
default = "sridhar.ratnakumar@juspay.in";
description = ''
Email address to use for git commits within the baseCodeDir
'';
};
socks5Proxy = {
enable = lib.mkEnableOption "SOCKS5 proxy via SSH tunnel" // {
default = true;
};
"${vanjaram}" = {
forwardAgent = true;
port = lib.mkOption {
type = lib.types.port;
default = 1080;
description = ''
Local port to bind the SOCKS5 proxy server (tunneled through jumpHost)
'';
};
};
};
programs.git = {
# Bitbucket git access and policies
includes = [{
condition = "gitdir:~/juspay/**";
contents = {
user.email = "sridhar.ratnakumar@juspay.in";
};
}];
};
config = lib.mkIf cfg.enable {
programs.ssh = {
enable = true;
matchBlocks = {
# For git cloning via another jump host
"ssh.bitbucket.juspay.net" = {
user = "git";
# SOCKS5 proxy via SSH tunnel to vanjaram
launchd.agents.juspay-socks5-proxy = {
enable = true;
config = {
ProgramArguments = [
"${pkgs.openssh}/bin/ssh"
"-D" # Dynamic port forwarding (SOCKS proxy)
"1080"
"-N" # Don't execute remote command
# "-q" # Quiet mode (suppress warnings)
"-C" # Enable compression
vanjaram
# This is the magic line that routes traffic
# through the other machine
proxyJump = cfg.jumpHost;
# Download this from 1Password
identityFile = cfg.identityFile;
};
"${cfg.jumpHost}" = {
forwardAgent = true;
};
};
};
programs.git = {
# Bitbucket git access and policies
includes = [
{
condition = "gitdir:${cfg.baseCodeDir}/**";
contents = {
user.email = cfg.email;
};
}
];
KeepAlive = true;
RunAtLoad = true;
StandardOutPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.log";
StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.err";
};
# SOCKS5 proxy via SSH tunnel to jump host
launchd.agents.juspay-socks5-proxy = lib.mkIf cfg.socks5Proxy.enable {
enable = true;
config = {
ProgramArguments = [
"${pkgs.openssh}/bin/ssh"
"-D" # Dynamic port forwarding (SOCKS proxy)
(toString cfg.socks5Proxy.port)
"-N" # Don't execute remote command
# "-q" # Quiet mode (suppress warnings)
"-C" # Enable compression
cfg.jumpHost
];
KeepAlive = true;
RunAtLoad = true;
StandardOutPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.log";
StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.err";
};
};
};
}