refactor: modular .bashrc.d/ structure
- Rewrite .bashrc as minimal loader (34 lines → loads .bashrc.d/*.sh)
- Clean .bash_profile: single source, Apple Silicon/Intel brew path
- Add .bashrc.d/ with 7 topic modules:
00_env.sh PS1, OSTYPE, colors, pyenv
10_aliases.sh universal aliases
20_functions.sh proxy, dbash, git helpers
30_work.sh work-host detection, LDAP, AWX, Juniper tools
(+ unified-hub-login with env-var creds)
40_k8s.sh kubectl completion + aliases
50_ai_env.sh WORKSPACE/DATA_ROOT/MODEL_ROOT paths
60_dotfiles.sh dotfiles manager aliases, zet shortcuts
- Secrets (SN_PASSWORD, LDAP bind PWs, Unified Hub token) moved
to ~/.bashrc.local (gitignored, written by setup script)
- Update .dotfiles_manifest to track .bashrc.d directory
This commit is contained in:
Kenji Morishige
211
.bashrc.d/30_work.sh
Normal file
211
.bashrc.d/30_work.sh
Normal file
@@ -0,0 +1,211 @@
|
||||
#!/usr/bin/env bash
|
||||
# 30_work.sh — Work / Juniper environment config
|
||||
#
|
||||
# Loaded when MACHINE_PROFILE=work OR hostname matches work patterns.
|
||||
# Secrets (passwords, tokens, API keys) are NOT stored here.
|
||||
# They live in ~/.bashrc.local on each work machine.
|
||||
# ============================================================================
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Host detection helper — true on work Mac and all work servers
|
||||
# -----------------------------------------------------------------------
|
||||
_is_work_host() {
|
||||
# Check MACHINE_PROFILE first (set in .bashrc.local on managed machines)
|
||||
[[ "${MACHINE_PROFILE:-}" == "work" ]] && return 0
|
||||
# Fallback hostname pattern for work servers where .bashrc.local may not exist
|
||||
case "$(hostname -s)" in
|
||||
kenjim-mbp*|etqc-*|etbg-*|engtech-dev-*|zet*) return 0 ;;
|
||||
*) return 1 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
_is_work_host || return 0 # exit this file silently on personal machines
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# PATH additions (work only)
|
||||
# -----------------------------------------------------------------------
|
||||
PATH="${HOME}/bin:${HOME}/.local/bin:${PATH}"
|
||||
export PATH
|
||||
|
||||
# Juniper lab tools (Linux work servers)
|
||||
if [[ -d /volume/labtools/bin ]]; then
|
||||
export PATH="${PATH}:/volume/labtools/bin"
|
||||
fi
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Domain: Juniper
|
||||
# -----------------------------------------------------------------------
|
||||
case "${HOSTDOMAIN:-}" in
|
||||
juniper.net|jnpr.net)
|
||||
export PGUSER=ddladmin
|
||||
export PGHOST=localhost
|
||||
;;
|
||||
esac
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Work Mac (kenjim-mbp) specific
|
||||
# -----------------------------------------------------------------------
|
||||
case "$(hostname -s)" in
|
||||
kenjim-mbp*)
|
||||
export CLICOLOR=1
|
||||
export RAILS_ENV=development
|
||||
export AWS_SDK_LOAD_CONFIG=1
|
||||
|
||||
# AWS profiles — work Mac uses named profile via ~/.aws/config
|
||||
# Override AWS_PROFILE in ~/.bashrc.local if needed per-project
|
||||
export AWS_PROFILE="${AWS_PROFILE:-kenjim-qnc}"
|
||||
|
||||
alias aws-pgdb-qnc-du="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
|
||||
alias aws-pgdb-bng-du="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
|
||||
alias aws-pgdb-qnc-ls="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive"
|
||||
alias aws-pgdb-bng-ls="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive"
|
||||
|
||||
function k8proxy() {
|
||||
export KUBECONFIG="${HOME}/Juniper/K8_Configs/kenjim-k8-config"
|
||||
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
|
||||
export http_proxy="socks5://localhost:3133/"
|
||||
export https_proxy=$http_proxy
|
||||
export ftp_proxy=$http_proxy
|
||||
export rsync_proxy=$http_proxy
|
||||
echo "k8s proxy set via localhost:3133"
|
||||
}
|
||||
|
||||
function killcrashplan() {
|
||||
sudo launchctl unload /Library/LaunchDaemons/com.crashplan.engine.plist
|
||||
}
|
||||
;;
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Work servers (etqc-*, etbg-*, engtech-dev-*)
|
||||
# -----------------------------------------------------------------------
|
||||
etqc-*|etbg-*|engtech-dev-*)
|
||||
export AWS_SDK_LOAD_CONFIG=1
|
||||
export AWS_PROFILE=pgdb-qnc
|
||||
|
||||
alias aws-pgdb-qnc-du="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
|
||||
alias aws-pgdb-bng-du="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
|
||||
alias aws-pgdb-qnc-ls="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive"
|
||||
alias aws-pgdb-bng-ls="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive"
|
||||
|
||||
# Bash completion on Linux work servers
|
||||
[ -f /usr/share/bash-completion/bash_completion ] && \
|
||||
source /usr/share/bash-completion/bash_completion
|
||||
;;
|
||||
esac
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Ansible — Juniper infra-ansible shortcuts
|
||||
# -----------------------------------------------------------------------
|
||||
_ANSIBLE_CFG="${HOME}/Juniper/git/infra-ansible/ansible_cli.cfg"
|
||||
_ANSIBLE_INV="inventory/cmdb_rendered/engtech.yml"
|
||||
|
||||
if [[ -f "$_ANSIBLE_CFG" ]]; then
|
||||
alias apy="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
|
||||
alias aps="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=selective ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
|
||||
alias apa="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=actionable ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
|
||||
alias ai="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible-inventory -i ${_ANSIBLE_INV}"
|
||||
alias ans="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible -i ~/ansible/inventory/cmdb/now.py -i ~/ansible/inventory/engtech_prod"
|
||||
fi
|
||||
unset _ANSIBLE_CFG _ANSIBLE_INV
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# AWX / Tower
|
||||
# -----------------------------------------------------------------------
|
||||
alias awxjobs='awx jobs list -f human --filter id,name,limit,failed --all'
|
||||
|
||||
function setawx() {
|
||||
echo -n "AWX Host: "; read -r TOWER_HOST
|
||||
echo -n "AWX Username: "; read -r TOWER_USERNAME
|
||||
echo -n "AWX Password: "; read -r -s TOWER_PASSWORD; echo
|
||||
export TOWER_HOST TOWER_USERNAME TOWER_PASSWORD
|
||||
awx -k -f human login
|
||||
awx config -f human | grep base_url
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Monit helpers (remote)
|
||||
# -----------------------------------------------------------------------
|
||||
function tmls() { ssh "$1" ls /etc/monit.d; }
|
||||
function tmlog() { ssh "$1" tail -f /var/log/monit.log; }
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Postgres shortcuts (Juniper TIM environments)
|
||||
# -----------------------------------------------------------------------
|
||||
alias pgtimdev='psql -U tim_api tim_api_dev'
|
||||
alias pgtimtest='psql -U tim_api tim_api_test'
|
||||
alias pgtimqdev='psql -U tim_api -h ttqc-tim-mmonit-02 kenjim_devel'
|
||||
alias pgtimint='psql -h ttqc-tim-mm-02.juniper.net -U tim_api tim_api_int'
|
||||
alias pgtimint2='psql -h ttsv-db-03.juniper.net -U tim_api tim_api_int2'
|
||||
alias pgtimprod='psql -h ttqc-tim-mm-02.juniper.net -p 5432 -U tim_api tim'
|
||||
alias pgtimloc='psql -U tim_api kenjim_tim'
|
||||
alias pgtimweekly='psql -h ttqc-testdb-01 -U tim_api weekly_systest_live'
|
||||
alias pgtimqmm='psql -h ttqc-tim-mmonit-02 -U mmonit mmonit'
|
||||
alias pgtimbmm='psql -h ttbg-tim-mmonit-01 -U mmonit mmonit'
|
||||
alias pgbdrqc='psql -h ttqc-bdr-db01.juniper.net -U tim_api systest_live'
|
||||
alias pgbdrbg='psql -h ttbg-bdr-db01.juniper.net -U tim_api systest_live'
|
||||
alias pgdlm='psql -h ttqc-dlm-db-ms.ttglb.juniper.net -U ddladmin systest_live'
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Juniper proxy shortcut
|
||||
# -----------------------------------------------------------------------
|
||||
alias j_proxy_on='proxy_on qcwebproxylb.juniper.net:3128'
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# k8configs env (if checked out)
|
||||
# -----------------------------------------------------------------------
|
||||
[[ -f "${HOME}/k8configs/engtech_k8_env.sh" ]] && \
|
||||
source "${HOME}/k8configs/engtech_k8_env.sh"
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# RVM (Ruby — if installed)
|
||||
# -----------------------------------------------------------------------
|
||||
alias rvmi='source "$HOME/.rvm/scripts/rvm"; echo "rvm initialized..."'
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# LDAP helpers — credentials injected from ~/.bashrc.local
|
||||
# Set JNPR_LDAP_BIND_DN and JNPR_LDAP_BIND_PW in ~/.bashrc.local
|
||||
# -----------------------------------------------------------------------
|
||||
function ldaps() {
|
||||
local dn="${JNPR_LDAP_BIND_DN:-CN=_eng_jira_bind_new,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}"
|
||||
local pw="${JNPR_LDAP_BIND_PW:?Set JNPR_LDAP_BIND_PW in ~/.bashrc.local}"
|
||||
ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \
|
||||
-h ldap-eqx-lb.jnpr.net \
|
||||
-D "$dn" -w "$pw" \
|
||||
sAMAccountName="$1" | perl -p00e 's/\r?\n //g'
|
||||
}
|
||||
|
||||
function ldaps2() {
|
||||
local dn="${JNPR_LDAP_BIND_DN2:-CN=_eng_labrsrcmgr_bind,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}"
|
||||
local pw="${JNPR_LDAP_BIND_PW2:?Set JNPR_LDAP_BIND_PW2 in ~/.bashrc.local}"
|
||||
ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \
|
||||
-h ldap-qnc-lb.jnpr.net \
|
||||
-D "$dn" -w "$pw" \
|
||||
sAMAccountName="$1" | perl -p00e 's/\r?\n //g'
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Network / misc Juniper tools
|
||||
# -----------------------------------------------------------------------
|
||||
function netseg() {
|
||||
curl -k "https://netseg.juniper.net/api/find_ip?hostname=$1" | jq '.'
|
||||
}
|
||||
|
||||
# Jira CLI shortcut
|
||||
alias jira='jira-cli --v2 view --oneline --search-jql "assignee=kenjim and status!=closed and status!=resolved order by priority desc, created asc"'
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# Unified Hub (Artifactory / unified-hub.juniper.net)
|
||||
# Credentials pulled from ~/.bashrc.local:
|
||||
# UNIFIED_HUB_USERNAME e.g. kenjim@juniper.net
|
||||
# UNIFIED_HUB_TOKEN base64 API token from Artifactory
|
||||
# -----------------------------------------------------------------------
|
||||
function unified-hub-login() {
|
||||
local url="unified-hub.juniper.net"
|
||||
local user="${UNIFIED_HUB_USERNAME:-}"
|
||||
local token="${UNIFIED_HUB_TOKEN:-}"
|
||||
if [[ -z "$user" || -z "$token" ]]; then
|
||||
echo "ERROR: UNIFIED_HUB_USERNAME and UNIFIED_HUB_TOKEN must be set (add to ~/.bashrc.local)" >&2
|
||||
return 1
|
||||
fi
|
||||
echo "$token" | docker login -u "$user" --password-stdin "$url"
|
||||
}
|
||||
Reference in New Issue
Block a user