[Devbox] Use aws cli with yubi mfa.

Signed-off-by: jmug <u.g.a.mariano@gmail.com>
2025-07-14 18:57:22 -07:00 · 2025-07-14 18:57:22 -07:00 · acb33ea9ab
commit acb33ea9ab
parent cad2386593
4 changed files with 36 additions and 11 deletions
--- a/hosts/asahi/home.nix
+++ b/hosts/asahi/home.nix
@ -80,6 +80,15 @@ in
    stateVersion = "25.05"; # Do not change!!!
  };

+  home.activation.aws-cli-mfa-config = lib.hm.dag.entryAfter ["writeBoundary"] ''
+    mkdir -p ~/.config/aws-cli-mfa
+    cat > ~/.config/aws-cli-mfa/config.yaml << EOF
+mfa_serial: $(cat ${config.sops.secrets."aws/jmug_ace_mfa_serial".path})
+role_arn: $(cat ${config.sops.secrets."aws/role_arn".path})
+session_duration: 43200
+EOF
+  '';
+
  gtk = {
    enable = true;
    gtk3 = {
@ -155,6 +164,13 @@ in


  programs.zsh.shellAliases = {
+    # TODO BEGIN Interpolate the name of the host here.
+    # flakeconf = "sudo nvim /etc/nixos/flake.nix";
+    # nosconf = "sudo nvim /etc/nixos/hosts/devbox/configuration.nix";
+    # homeconf = "sudo nvim /etc/nixos/hosts/devbox/home.nix";
+    # nvconf = "sudo nvim /etc/nixos/home-modules/explicit-configs/nvim/init.lua";
+    # TODO END Interpolate the name of the host here.
+    rshellconf = "source ~/.zshrc";
    fly = "flyctl";
    # TODO: Interpolate the name of the host here.
    nrsw = "sudo nixos-rebuild switch --flake /home/jmug/nixos#asahi"; # parametrize this as home dir.
@ -164,13 +180,4 @@ in

  # Let Home Manager install and manage itself.
  programs.home-manager.enable = true;
-
-  home.activation.aws-cli-mfa-config = lib.hm.dag.entryAfter ["writeBoundary"] ''
-    mkdir -p ~/.config/aws-cli-mfa
-    cat > ~/.config/aws-cli-mfa/config.yaml << EOF
-mfa_serial: $(cat ${config.sops.secrets."aws/jmug_ace_mfa_serial".path})
-role_arn: $(cat ${config.sops.secrets."aws/role_arn".path})
-session_duration: 43200
-EOF
-  '';
 }
--- a/hosts/devbox/home.nix
+++ b/hosts/devbox/home.nix
@ -51,6 +51,10 @@ in {
      whatsie
      obs-studio

+      # AWS tools
+      awscli2
+      (callPackage ../../nixos-modules/shell-apps/aws-cli-mfa.nix {})
+
      # Misc
      zig
      neofetch
@ -75,6 +79,15 @@ in {
    stateVersion = "25.05";
  };

+  home.activation.aws-cli-mfa-config = lib.hm.dag.entryAfter ["writeBoundary"] ''
+    mkdir -p ~/.config/aws-cli-mfa
+    cat > ~/.config/aws-cli-mfa/config.yaml << EOF
+mfa_serial: $(cat ${config.sops.secrets."aws/jmug_matcha_mfa_serial".path})
+role_arn: $(cat ${config.sops.secrets."aws/role_arn".path})
+session_duration: 43200
+EOF
+  '';
+
  programs.zsh = {
    shellAliases = {
      # TODO BEGIN Interpolate the name of the host here.
@ -86,6 +99,9 @@ in {
      rshellconf = "source ~/.zshrc";
      # TODO: Interpolate the name of the host here.
      nrsw = "sudo nixos-rebuild switch --flake /home/jmug/nixos#devbox";
+      fly = "flyctl";
+      awsmfa = "eval $(aws-cli-mfa)";
+      uawsmfa = "eval $(aws-cli-mfa --unset)";
    };
    loginExtra = ''
    if [ ! -e "/tmp/ssh-agent.''${USER}" ]; then