GS Setup

config.fish

function unlock
    set -gx BW_SESSION (bw unlock --raw)
    set -gx OPSCTL_OPSGENIE_TOKEN (bw get item 48c3c891-b9cb-46a0-bac3-944b64c794d1 | jq -r .notes)
    set -gx OPSCTL_GITHUB_TOKEN (bw get item 67448f11-ad1e-4099-8eaf-6ddbcce15c82 | jq -r .notes)
    set -gx OPSCTL_GPG_PASSWORD (bw get item e16fbbaf-1913-49b3-b16d-a9352a81a979 | jq -r .notes)
end

function vpn_gridscale
    sudo openvpn ~/gridscale.ovpn
end

function vpn_vultr
    sudo openvpn ~/vultr.ovpn
end

function nix_clean
    nix-env -p /nix/var/nix/profiles/system --delete-generations old
    nix-collect-garbage -d
    nix-env -p /nix/var/nix/profiles/system --list-generations
end

function kill_k9s
    kill (ps aux | grep 'k9s' | grep -v grep | awk '{print $1}')
end

function upgrade_specific_release --description "upgrade_specific_release <installation> <cluster_id> <version>"
    gsctl select endpoint $argv[1]
    set VERSION $argv[3]
    set CLUSTER $argv[2]
    echo "Upgrading cluster $CLUSTER to $VERSION"
    read -l -P 'Do you want to continue? [y/N] ' confirm
    switch $confirm
    case Y y
        set TOKEN (gsctl info -v | grep Auth | awk '{print $3}')
        set API (gsctl info -v | grep 'API endpoint:' | awk '{print $3}')
        curl "$API/v5/clusters/$CLUSTER/" -H "Authorization: Bearer $TOKEN" -X PATCH -d "{ \"release_version\": \"$VERSION\" }" | jq .
    case '' N n
        return 1
    end
end

function upgrade_specific_release_v4 --description "upgrade_specific_release <installation> <cluster_id> <version>"
    gsctl select endpoint $argv[1]
    set VERSION $argv[3]
    set CLUSTER $argv[2]
    echo "Upgrading cluster $CLUSTER to $VERSION"
    read -l -P 'Do you want to continue? [y/N] ' confirm
    switch $confirm
    case Y y
        set TOKEN (gsctl info -v | grep Auth | awk '{print $3}')
        set API (gsctl info -v | grep 'API endpoint:' | awk '{print $3}')
        curl "$API/v4/clusters/$CLUSTER/" -H "Authorization: Bearer $TOKEN" -X PATCH -d "{ \"release_version\": \"$VERSION\" }" | jq .
    case '' N n
        return 1
    end
end

set -gx PATH $PATH:/home/pau/go/bin
set -gx EDITOR 'code --wait'

configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let
  unstableTarball =
    fetchTarball
      https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
in
{
  imports =
    [ # Include the results of the hardware scan.
	<nixos-hardware/dell/xps/13-9380>
	./hardware-configuration.nix
    ];

  nixpkgs.config = {
    packageOverrides = pkgs: {
      unstable = import unstableTarball {
        config = config.nixpkgs.config;
      };
    };
  };

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelModules = [ "kvm-intel" ];

  boot.kernelParams = [
    "pcie.aspm=force"
    "i915.enable_fbc=1"
    "i915.enable_rc6=7"
    "i915.lvds_downclock=1"
    "i915.enable_guc_loading=1"
    "i915.enable_guc_submission=1"
  ];

  powerManagement.enable = true;
  powerManagement.powertop.enable = true;
  powerManagement.cpuFreqGovernor = "ondemand";
  powerManagement.powerUpCommands = ''
    echo XHC > /proc/acpi/wakeup
  '';


  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.wlp2s0.useDHCP = true;
  networking.networkmanager.enable = true;
  networking.hostName = "gsl";

  networking.extraHosts = 
  ''
    10.243.136.83 xxxxxx
  '';

  #OpenVPN GS
  networking.resolvconf.enable = true;
  environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";


  #ZeroTier
  services.zerotierone.enable = true;
  services.zerotierone.joinNetworks = [ "" ]; # ZT NETWORK ID

  security.pki.certificates = [

  ];


  # Set your time zone.
  time.timeZone = "Europe/Madrid";

  # List packages installed in system profile. To search, run:
  # $ nix search wget

  environment.systemPackages = with pkgs; [
	acpi
	python38Full
	python38Packages.pip
	python38Packages.setuptools	
	python38Packages.virtualenv
	python38Packages.pillow

	chromium
	brave
	ark
	curl
	fzf
	ffmpeg
	htop
	spotify
	slack
	unzip
	wget
	vim
	zip
	vscode
	go
	dep
	git
	bitwarden-cli
	screen
	busybox
	bind
	flameshot
	tmux
	gnumake
	gparted
	qtkeychain
	
	docker-compose
	kubectl
	unstable.kubie
	kubetail
	kubernetes-helm
	unstable.k9s
	kind
	jq
	terraform
        xsel
        graphviz
	mupdf
        latte-dock
	ngrok

	openvpn
	unrar
 
	steam
	gimp
  ];
  

  nixpkgs.config = {
  	allowUnfree = true;
	
	chromium = {};
  };	

  programs.fish.enable = true;
  programs.ssh.startAgent = true;
  virtualisation.docker = {
     enable = true;
     enableOnBoot = false;
     autoPrune.enable = true;
  };

  # List services that you want to enable:
  services.openssh.enable = true;
  services.upower.enable = true;
  services.tlp.enable = true;
  services.dbus.enable = true;
  services.acpid.enable = true;
  services.keybase.enable = true;
  services.trezord.enable = true;

  sound.enable = true;
  hardware.pulseaudio.enable = true;
  hardware.pulseaudio.extraConfig = "load-module module-switch-on-connect";
  hardware.bluetooth.enable = true;
  hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ];
  hardware.video.hidpi.enable = true; 
  hardware.opengl.driSupport32Bit = true;
 
  # Enable the X11 windowing system.
  services.xserver = {
	enable = true;
        desktopManager.plasma5.enable = true;
  	
	layout = "us";
  	xkbOptions = "eurosign:e";
	resolutions = [ { x = 2560; y = 1440; } { x = 3840; y = 2160; } { x = 1280; y = 1024; } ];	
  };

  fonts.fontconfig.dpi = 210;
  console = {
        font = "ter-i32b";
	packages = with pkgs; [ terminus_font ]; 
	earlySetup = true;
  };
 
  # Enable touchpad support.
  services.xserver.libinput.enable = true;

  users.users.pau = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user.
    shell = pkgs.fish;
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?

}

NIXOS Setup

bw get item 4e1c92b4-0e17-4c10-9ef7-d1d927d4bc68 | jq -r .notes > ~/.ssh/id_paugs
bw get item d98743be-47b4-431f-a095-3672897dd277 | jq -r .notes > ~/.ssh/id_pau

#Download go packages though ssh
git config --global url."git@github.com:".insteadOf "https://github.com/"

scp -P 2222 -i ~/.ssh/id_paugs vpn.giantswarm.io:/home/pau/pau.ovpn ./gridscale.vpn
scp -P 2222 -i ~/.ssh/id_paugs vpn2.giantswarm.io:/home/pau/pau.ovpn ./vultr.vpn

# Modify VPN Profiles
Get Path : `nix-instantiate --eval '<nixpkgs>' -A pkgs.update-resolv-conf.outPath`
up <path>/libexec/openvpn/update-resolv-conf
down <path>/libexec/openvpn/update-resolv-conf

go get github.com/giantswarm/opsctl
go get github.com/giantswarm/gsctl
go get github.com/giantswarm/aws-operator 

ssh_config

# /home/pau/.ssh/config

host github.com
 HostName github.com
 IdentityFile ~/.ssh/id_paugs