nix-configuration/home-manager/programs/zsh.nix

{
  lib,
  pkgs,
  ...
}:
let
  isDarwin = pkgs.stdenv.hostPlatform.isDarwin;
  isLinux = pkgs.stdenv.hostPlatform.isLinux;
in
{
  programs.zsh = {
    enable = true;

    autocd = lib.mkDefault true;

    history = {
      expireDuplicatesFirst = true;
      ignoreDups = true;
      save = 10000;
      share = false;
      size = 10000;
    };

    shellAliases =
      {
        # use eval $(aws-export-credentials) to expose them to environment
        aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";

        aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
          [[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
          ${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
        ''}";

        # https://docs.aws.amazon.com/singlesignon/latest/userguide/createshortcutlink.html
        aws-sharable-url = lib.mkDefault "${pkgs.writeShellScript "aws-sharable-url" ''
          set -e

          URL=$1
          [[ -z "$URL" ]] && read -p "Enter URL: " URL

          # Strip schema
          URL="''${URL#https://}"

          # Parse Account ID from multi-session URL
          ACCOUNT_ID="''${URL%%-*}"

          # Strip account ID and hash up to the region part
          URL="''${URL#*\.}"

          PROFILE=$(${pkgs.gnugrep}/bin/grep "sso_account_id = $ACCOUNT_ID" ~/.aws/config -B 5 | ${pkgs.gnugrep}/bin/grep "\[profile" | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.coreutils}/bin/tr -d '[]')
          PROFILE="''${PROFILE#profile }"

          ROLE_NAME=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_role_name)
          SSO_SESSION=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_session)

          SSO_URL=$(${pkgs.gnugrep}/bin/grep "\[sso-session $SSO_SESSION" ~/.aws/config -A5 | ${pkgs.gnugrep}/bin/grep sso_start_url | ${pkgs.coreutils}/bin/head -n 1)
          SSO_URL="''${SSO_URL#sso_start_url = }"
          # Strip trailing slash from SSO_URL if present
          SSO_URL="''${SSO_URL%/}"

          SHARABLE_URL="$SSO_URL/#/console?account_id=$ACCOUNT_ID&role_name=$ROLE_NAME&destination=$(${pkgs.urlencode}/bin/urlencode "https://$URL")"

          ${
            if isDarwin then
              ''
                echo -n "$SHARABLE_URL" | pbcopy
              ''
            else
              ''
                echo -n "$SHARABLE_URL" | ${pkgs.xclip}/bin/xclip -selection clipboard
              ''
          }
          echo "URL copied to clipboard"
        ''}";

        aws-s3-cp-public = lib.mkDefault ''
          ${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
        '';

        bcrypt = lib.mkDefault "${pkgs.writeShellScript "bcrypt" ''
          if [[ -z "$1" ]]; then
            echo "Usage: bcrypt <password> [cost]"
            exit 1
          fi

          echo -n "$1" | ${pkgs.apacheHttpd}/bin/htpasswd -i -nB -C ''${2:-12} "" | tr -d ':'
        ''}";

        cat = lib.mkDefault "${pkgs.bat}/bin/bat --paging=never";

        # use curl-aws --aws-sigv4 "aws:amz:region:service"
        curl-aws = lib.mkDefault "${pkgs.curl}/bin/curl -H \"X-Amz-Security-Token: $AWS_SESSION_TOKEN\" --user \"$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY\"";

        curl-timing = lib.mkDefault "${pkgs.curl}/bin/curl -w \"     time_namelookup:  %{time_namelookup}s\n        time_connect:  %{time_connect}s\n     time_appconnect:  %{time_appconnect}s\n    time_pretransfer:  %{time_pretransfer}s\n       time_redirect:  %{time_redirect}s\n  time_starttransfer:  %{time_starttransfer}s\n                     ----------\n          time_total:  %{time_total}s\n\" -o /dev/null";

        dbase64 = lib.mkDefault "${pkgs.writeShellScript "dbase64" "echo -n \"$1\" | base64 -d"}";

        git-sync-remote = lib.mkDefault "git remote update origin --prune";

        cleanup-kube-config = "${
          pkgs.writeShellApplication {
            name = "app";
            text = ./zsh/aliases/cleanup-kube-config.sh;
            runtimeInputs = [
              pkgs.gnugrep
              pkgs.coreutils
            ];
          }
        }/bin/app";

        klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" ''
          ctx="$1"
          shift
          namespace="$1"
          shift
          label="$1"
          shift

          if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
                  echo "Usage: klogs context namespace label"
                  echo "${"\n"}Contexts:"
                  kubectl config get-contexts -o name | sed 's/^/\t/g'

                  echo "Label examples:"
                  echo "${"\t"}app.kubernetes.io/name=..."
                  echo "${"\t"}eks.amazonaws.com/component=..."
                  exit 1
          fi

          kubectl --context "$ctx" logs -f -n "$namespace" -l "$label" $@
        ''}";

        nixfix = lib.mkDefault "nix fmt ./**/*.nix";

        # Git
        a = "git add";
        c = "git commit -m";
        d = "git diff";
        d-s = "git diff --staged";
        gtag = "${pkgs.writeShellScript "gtag" "git tag -a $1 -m '$2'"}";
        gtag-replace = "${pkgs.writeShellScript "gtag" ''
          msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
          git tag -d $1 && \
          git push origin :refs/tags/$1 && \
          git tag -a $1 -m "$msg" && \
          git push origin $1
        ''}";
        gtagl = "git fetch --tags && git tag -l -n9 --sort=-v:refname";
        s = "git status";
      }
      // (
        if isDarwin then
          {
            hm-switch = lib.mkDefault "sudo darwin-rebuild switch --flake ~/.config/nix";
          }
        else if isLinux then
          {
            hm-switch = lib.mkDefault "home-manager switch --impure --flake ~/.config/nix";
          }
        else
          { }
      );

    initContent = lib.mkBefore ''
      for file in ${./zsh}/*.zsh; do
          source "$file"
      done

      # [Ctrl-RightArrow] - move forward one word
      bindkey '^[[1;3C' forward-word
      # [Ctrl-LeftArrow] - move backward one word
      bindkey '^[[1;3D' backward-word
    '';
  };
}