From a030e215af0749cfd60bfb9dc97d7479f12a2460 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Thu, 20 Nov 2025 14:04:20 -0500
Subject: [PATCH] make module

---
 modules/home/all/juspay.nix | 136 +++++++++++++++++++++++++-----------
 1 file changed, 96 insertions(+), 40 deletions(-)

diff --git a/modules/home/all/juspay.nix b/modules/home/all/juspay.nix
index 876fb27..2e4a5b2 100644
--- a/modules/home/all/juspay.nix
+++ b/modules/home/all/juspay.nix
@@ -1,56 +1,112 @@
 # For Juspay work
-{ pkgs, config, ... }:
+{ pkgs, config, lib, ... }:
 let
-  vanjaram = "vanjaram.tail12b27.ts.net"; # Shared with my tailnet
+  cfg = config.programs.juspay;
 in
 {
-  programs.ssh = {
-    enable = true;
-    matchBlocks = {
-      # For git cloning via another jump host
-      "ssh.bitbucket.juspay.net" = {
-        user = "git";
+  options.programs.juspay = {
+    enable = lib.mkEnableOption "Juspay work configuration" // {
+      default = true;
+    };
 
-        # This is the magic line that routes traffic 
-        # through the other machine
-        proxyJump = vanjaram;
+    jumpHost = lib.mkOption {
+      type = lib.types.str;
+      default = "vanjaram.tail12b27.ts.net";
+      description = ''
+        Jump host for Juspay work (used as SSH proxy jump and SOCKS5 tunnel endpoint)
+      '';
+    };
 
-        # Download this from 1Password
-        identityFile = "~/.ssh/juspay.pub";
+    identityFile = lib.mkOption {
+      type = lib.types.str;
+      default = "~/.ssh/juspay.pub";
+      description = ''
+        Path to SSH identity file used for authenticating to Juspay's Bitbucket (ssh.bitbucket.juspay.net)
+      '';
+    };
+
+    baseCodeDir = lib.mkOption {
+      type = lib.types.str;
+      default = "~/juspay";
+      description = ''
+        Base directory containing Juspay code repositories (git commits in subdirectories will use the configured email)
+      '';
+    };
+
+    email = lib.mkOption {
+      type = lib.types.str;
+      default = "sridhar.ratnakumar@juspay.in";
+      description = ''
+        Email address to use for git commits within the baseCodeDir
+      '';
+    };
+
+    socks5Proxy = {
+      enable = lib.mkEnableOption "SOCKS5 proxy via SSH tunnel" // {
+        default = true;
       };
-      "${vanjaram}" = {
-        forwardAgent = true;
+
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 1080;
+        description = ''
+          Local port to bind the SOCKS5 proxy server (tunneled through jumpHost)
+        '';
       };
     };
   };
 
-  programs.git = {
-    # Bitbucket git access and policies
-    includes = [{
-      condition = "gitdir:~/juspay/**";
-      contents = {
-        user.email = "sridhar.ratnakumar@juspay.in";
-      };
-    }];
-  };
+  config = lib.mkIf cfg.enable {
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        # For git cloning via another jump host
+        "ssh.bitbucket.juspay.net" = {
+          user = "git";
 
-  # SOCKS5 proxy via SSH tunnel to vanjaram
-  launchd.agents.juspay-socks5-proxy = {
-    enable = true;
-    config = {
-      ProgramArguments = [
-        "${pkgs.openssh}/bin/ssh"
-        "-D" # Dynamic port forwarding (SOCKS proxy)
-        "1080"
-        "-N" # Don't execute remote command
-        # "-q" # Quiet mode (suppress warnings)
-        "-C" # Enable compression
-        vanjaram
+          # This is the magic line that routes traffic 
+          # through the other machine
+          proxyJump = cfg.jumpHost;
+
+          # Download this from 1Password
+          identityFile = cfg.identityFile;
+        };
+        "${cfg.jumpHost}" = {
+          forwardAgent = true;
+        };
+      };
+    };
+
+    programs.git = {
+      # Bitbucket git access and policies
+      includes = [
+        {
+          condition = "gitdir:${cfg.baseCodeDir}/**";
+          contents = {
+            user.email = cfg.email;
+          };
+        }
       ];
-      KeepAlive = true;
-      RunAtLoad = true;
-      StandardOutPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.log";
-      StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.err";
+    };
+
+    # SOCKS5 proxy via SSH tunnel to jump host
+    launchd.agents.juspay-socks5-proxy = lib.mkIf cfg.socks5Proxy.enable {
+      enable = true;
+      config = {
+        ProgramArguments = [
+          "${pkgs.openssh}/bin/ssh"
+          "-D" # Dynamic port forwarding (SOCKS proxy)
+          (toString cfg.socks5Proxy.port)
+          "-N" # Don't execute remote command
+          # "-q" # Quiet mode (suppress warnings)
+          "-C" # Enable compression
+          cfg.jumpHost
+        ];
+        KeepAlive = true;
+        RunAtLoad = true;
+        StandardOutPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.log";
+        StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/socks5-proxy.err";
+      };
     };
   };
 }