Complete migration of home-manager modules to roles

Migrate all remaining home-manager modules from home/modules/ to home/roles/ to establish a unified role-based configuration pattern. This completes the migration started in Phase 1. Changes: - Phase 1-3: Migrated tmux, plasma-manager, kubectl, and emacs to roles - Phase 4: Migrated aerospace with custom options under home.roles.aerospace.* - Phase 5: Migrated i3+sway with shared config and override options - Phase 6: Removed empty home/modules/ directory All home configs now import only ./roles with role-based enable options. Updated flake.nix machine-specific overrides to use new namespaces. Verified with nix flake check - all configurations build successfully.
2025-12-01 19:52:21 -08:00
parent 34351403d1
commit b9c48f9dd1
19 changed files with 538 additions and 528 deletions
--- a/home/roles/kubectl/default.nix
+++ b/home/roles/kubectl/default.nix
@@ -7,10 +7,237 @@ let
 in
 {
  options.home.roles.kubectl = {
-    enable = mkEnableOption "Enable management tools for the homelab k3s oglenet cluster";
+    enable = mkEnableOption "management tools for the homelab k3s oglenet cluster with secure Bitwarden integration";
  };

  config = mkIf cfg.enable {
-    programs.kubectl-secure.enable = true;
+    home.packages = with pkgs; [
+      kubectl
+      kubernetes-helm
+    ];
+
+    programs.k9s.enable = true;
+
+    programs.bash.initExtra = mkAfter ''
+      # Kubectl secure session management
+      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
+
+      kube-select() {
+        if [[ $# -ne 1 ]]; then
+          echo "Usage: kube-select <context-name>"
+          echo "Available contexts: $(kube-list)"
+          return 1
+        fi
+
+        local context="$1"
+
+        # Clean up any existing session first
+        kube-clear 2>/dev/null
+
+        # Create new session directory
+        mkdir -p "$KUBECTL_SESSION_DIR"
+        chmod 700 "$KUBECTL_SESSION_DIR"
+
+        # Set cleanup trap for this shell session
+        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
+
+        # Set KUBECONFIG for this session
+        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
+
+        # Load config from Bitwarden secure notes
+        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
+          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
+          echo "Make sure the entry exists with name: kubectl-$context"
+          kube-clear
+          return 1
+        fi
+
+        # Verify the kubeconfig is valid
+        if ! kubectl config view >/dev/null 2>&1; then
+          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
+          kube-clear
+          return 1
+        fi
+
+        echo "✓ Loaded kubectl context: $context (session: $$)"
+        echo "  Config location: $KUBECONFIG"
+      }
+
+      kube-list() {
+        echo "Available kubectl contexts in Bitwarden:"
+        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
+      }
+
+      kube-clear() {
+        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
+          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
+          unset KUBECTL_TIMEOUT_PID
+        fi
+
+        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
+          rm -rf "$KUBECTL_SESSION_DIR"
+          echo "Cleared kubectl session ($$)"
+        fi
+
+        unset KUBECONFIG
+      }
+
+      kube-status() {
+        if [[ -f "$KUBECONFIG" ]]; then
+          local current_context
+          current_context=$(kubectl config current-context 2>/dev/null)
+          if [[ -n "$current_context" ]]; then
+            echo "Active kubectl context: $current_context"
+            echo "Session: $$ | Config: $KUBECONFIG"
+
+            # Show cluster info
+            local cluster_server
+            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
+            if [[ -n "$cluster_server" ]]; then
+              echo "Cluster: $cluster_server"
+            fi
+          else
+            echo "No active context in current session"
+          fi
+        else
+          echo "No kubectl session active in this shell"
+          echo "Use 'kube-select <context>' to start a session"
+        fi
+      }
+
+      # Helper function to show available commands
+      kube-help() {
+        echo "Secure kubectl session management commands:"
+        echo ""
+        echo "Session management:"
+        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
+        echo "  kube-status              - Show current session status"
+        echo "  kube-clear               - Clear current session"
+        echo ""
+        echo "Configuration management:"
+        echo "  kube-list                - List available contexts in Bitwarden"
+        echo ""
+        echo "Help:"
+        echo "  kube-help                - Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  kube-select prod                     # Loads from secure note"
+        echo "  kubectl get pods"
+        echo "  kube-clear"
+        echo ""
+        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
+      }
+    '';
+
+    programs.zsh.initExtra = mkAfter ''
+      # Kubectl secure session management (zsh)
+      export KUBECTL_SESSION_DIR="/dev/shm/kubectl-$$"
+
+      kube-select() {
+        if [[ $# -ne 1 ]]; then
+          echo "Usage: kube-select <context-name>"
+          echo "Available contexts: $(kube-list)"
+          return 1
+        fi
+
+        local context="$1"
+
+        # Clean up any existing session first
+        kube-clear 2>/dev/null
+
+        # Create new session directory
+        mkdir -p "$KUBECTL_SESSION_DIR"
+        chmod 700 "$KUBECTL_SESSION_DIR"
+
+        # Set cleanup trap for this shell session
+        trap "rm -rf '$KUBECTL_SESSION_DIR' 2>/dev/null" EXIT
+
+        # Set KUBECONFIG for this session
+        export KUBECONFIG="$KUBECTL_SESSION_DIR/config"
+
+        # Load config from Bitwarden secure notes
+        if ! rbw get "kubectl-$context" > "$KUBECONFIG" 2>/dev/null; then
+          echo "Error: Could not retrieve kubectl-$context from Bitwarden"
+          echo "Make sure the entry exists with name: kubectl-$context"
+          kube-clear
+          return 1
+        fi
+
+        # Verify the kubeconfig is valid
+        if ! kubectl config view >/dev/null 2>&1; then
+          echo "Error: Invalid kubeconfig retrieved from Bitwarden"
+          kube-clear
+          return 1
+        fi
+
+        echo "✓ Loaded kubectl context: $context (session: $$)"
+        echo "  Config location: $KUBECONFIG"
+      }
+
+      kube-list() {
+        echo "Available kubectl contexts in Bitwarden:"
+        rbw search kubectl- 2>/dev/null | grep "^kubectl-" | sed 's/^kubectl-/  - /' || echo "  (none found or rbw not accessible)"
+      }
+
+      kube-clear() {
+        if [[ -n "$KUBECTL_TIMEOUT_PID" ]]; then
+          kill "$KUBECTL_TIMEOUT_PID" 2>/dev/null
+          unset KUBECTL_TIMEOUT_PID
+        fi
+
+        if [[ -d "$KUBECTL_SESSION_DIR" ]]; then
+          rm -rf "$KUBECTL_SESSION_DIR"
+          echo "Cleared kubectl session ($$)"
+        fi
+
+        unset KUBECONFIG
+      }
+
+      kube-status() {
+        if [[ -f "$KUBECONFIG" ]]; then
+          local current_context
+          current_context=$(kubectl config current-context 2>/dev/null)
+          if [[ -n "$current_context" ]]; then
+            echo "Active kubectl context: $current_context"
+            echo "Session: $$ | Config: $KUBECONFIG"
+
+            # Show cluster info
+            local cluster_server
+            cluster_server=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}' 2>/dev/null)
+            if [[ -n "$cluster_server" ]]; then
+              echo "Cluster: $cluster_server"
+            fi
+          else
+            echo "No active context in current session"
+          fi
+        else
+          echo "No kubectl session active in this shell"
+          echo "Use 'kube-select <context>' to start a session"
+        fi
+      }
+
+      # Helper function to show available commands
+      kube-help() {
+        echo "Secure kubectl session management commands:"
+        echo ""
+        echo "Session management:"
+        echo "  kube-select <context>     - Load kubeconfig from Bitwarden"
+        echo "  kube-status              - Show current session status"
+        echo "  kube-clear               - Clear current session"
+        echo ""
+        echo "Configuration management:"
+        echo "  kube-list                - List available contexts in Bitwarden"
+        echo ""
+        echo "Help:"
+        echo "  kube-help                - Show this help"
+        echo ""
+        echo "Examples:"
+        echo "  kube-select prod                     # Loads from secure note"
+        echo "  kubectl get pods"
+        echo "  kube-clear"
+        echo ""
+        echo "Note: Kubeconfigs are stored as secure notes in Bitwarden"
+      }
+    '';
  };
 }