dotfiles/.bashrc.d/30_work.sh

#!/usr/bin/env bash
# 30_work.sh — Work / Juniper environment config
#
# Loaded when MACHINE_PROFILE=work OR hostname matches work patterns.
# Secrets (passwords, tokens, API keys) are NOT stored here.
# They live in ~/.bashrc.local on each work machine.
# ============================================================================

# -----------------------------------------------------------------------
# Host detection helper — true on work Mac and all work servers
# -----------------------------------------------------------------------
_is_work_host() {
    # Check MACHINE_PROFILE first (set in .bashrc.local on managed machines)
    [[ "${MACHINE_PROFILE:-}" == "work" ]] && return 0
    # Fallback hostname pattern for work servers where .bashrc.local may not exist
    case "$(hostname -s)" in
        kenjim-mbp*|etqc-*|etbg-*|engtech-dev-*|qnc-kenjim-toby-shell*|qtaas*|bng-kenjim-toby-shell*|btaas*|kenjim-taas*) return 0 ;;
        *) return 1 ;;
    esac
}

_is_work_host || return 0   # exit this file silently on personal machines

# -----------------------------------------------------------------------
# PATH additions (work only)
# -----------------------------------------------------------------------
PATH="${HOME}/bin:${HOME}/.local/bin:${PATH}"
export PATH

# Juniper lab tools (Linux work servers)
if [[ -d /volume/labtools/bin ]]; then
    export PATH="${PATH}:/volume/labtools/bin"
fi

# -----------------------------------------------------------------------
# Domain: Juniper
# -----------------------------------------------------------------------
case "${HOSTDOMAIN:-}" in
juniper.net|jnpr.net)
    export PGUSER=ddladmin
    export PGHOST=localhost
    ;;
esac

# -----------------------------------------------------------------------
# Work Mac (kenjim-mbp) specific
# -----------------------------------------------------------------------
case "$(hostname -s)" in
kenjim-mbp*)
    export CLICOLOR=1
    export RAILS_ENV=development
    export AWS_SDK_LOAD_CONFIG=1

    # AWS profiles — work Mac uses named profile via ~/.aws/config
    # Override AWS_PROFILE in ~/.bashrc.local if needed per-project
    export AWS_PROFILE="${AWS_PROFILE:-kenjim-qnc}"

    alias aws-pgdb-qnc-du="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
    alias aws-pgdb-bng-du="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
    alias aws-pgdb-qnc-ls="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive"
    alias aws-pgdb-bng-ls="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive"

    function k8proxy() {
        export KUBECONFIG="${HOME}/Juniper/K8_Configs/kenjim-k8-config"
        export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
        export http_proxy="socks5://localhost:3133/"
        export https_proxy=$http_proxy
        export ftp_proxy=$http_proxy
        export rsync_proxy=$http_proxy
        echo "k8s proxy set via localhost:3133"
    }

    function killcrashplan() {
        sudo launchctl unload /Library/LaunchDaemons/com.crashplan.engine.plist
    }
    ;;

# -----------------------------------------------------------------------
# Work servers (etqc-*, etbg-*, engtech-dev-*)
# -----------------------------------------------------------------------
etqc-*|etbg-*|engtech-dev-*)
    export AWS_SDK_LOAD_CONFIG=1
    export AWS_PROFILE=pgdb-qnc

    alias aws-pgdb-qnc-du="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
    alias aws-pgdb-bng-du="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'"
    alias aws-pgdb-qnc-ls="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive"
    alias aws-pgdb-bng-ls="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive"

    # Bash completion on Linux work servers
    [ -f /usr/share/bash-completion/bash_completion ] && \
        source /usr/share/bash-completion/bash_completion
    ;;
esac

# -----------------------------------------------------------------------
# Ansible — Juniper infra-ansible shortcuts
# -----------------------------------------------------------------------
_ANSIBLE_CFG="${HOME}/Juniper/git/infra-ansible/ansible_cli.cfg"
_ANSIBLE_INV="inventory/cmdb_rendered/engtech.yml"

if [[ -f "$_ANSIBLE_CFG" ]]; then
    alias apy="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=yaml     ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
    alias aps="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=selective ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
    alias apa="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=actionable ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default"
    alias ai="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible-inventory -i ${_ANSIBLE_INV}"
    alias ans="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible -i ~/ansible/inventory/cmdb/now.py -i ~/ansible/inventory/engtech_prod"
fi
unset _ANSIBLE_CFG _ANSIBLE_INV

# -----------------------------------------------------------------------
# AWX / Tower
# -----------------------------------------------------------------------
alias awxjobs='awx jobs list -f human --filter id,name,limit,failed --all'

function setawx() {
    echo -n "AWX Host: ";     read -r TOWER_HOST
    echo -n "AWX Username: "; read -r TOWER_USERNAME
    echo -n "AWX Password: "; read -r -s TOWER_PASSWORD; echo
    export TOWER_HOST TOWER_USERNAME TOWER_PASSWORD
    awx -k -f human login
    awx config -f human | grep base_url
}

# -----------------------------------------------------------------------
# Monit helpers (remote)
# -----------------------------------------------------------------------
function tmls()  { ssh "$1" ls /etc/monit.d; }
function tmlog() { ssh "$1" tail -f /var/log/monit.log; }

# -----------------------------------------------------------------------
# Postgres shortcuts (Juniper TIM environments)
# -----------------------------------------------------------------------
alias pgtimdev='psql -U tim_api tim_api_dev'
alias pgtimtest='psql -U tim_api tim_api_test'
alias pgtimqdev='psql -U tim_api -h ttqc-tim-mmonit-02 kenjim_devel'
alias pgtimint='psql -h ttqc-tim-mm-02.juniper.net -U tim_api tim_api_int'
alias pgtimint2='psql -h ttsv-db-03.juniper.net -U tim_api tim_api_int2'
alias pgtimprod='psql -h ttqc-tim-mm-02.juniper.net -p 5432 -U tim_api tim'
alias pgtimloc='psql -U tim_api kenjim_tim'
alias pgtimweekly='psql -h ttqc-testdb-01 -U tim_api weekly_systest_live'
alias pgtimqmm='psql -h ttqc-tim-mmonit-02 -U mmonit mmonit'
alias pgtimbmm='psql -h ttbg-tim-mmonit-01 -U mmonit mmonit'
alias pgbdrqc='psql -h ttqc-bdr-db01.juniper.net -U tim_api systest_live'
alias pgbdrbg='psql -h ttbg-bdr-db01.juniper.net -U tim_api systest_live'
alias pgdlm='psql -h ttqc-dlm-db-ms.ttglb.juniper.net -U ddladmin systest_live'

# -----------------------------------------------------------------------
# Juniper proxy shortcut
# -----------------------------------------------------------------------
alias j_proxy_on='proxy_on qcwebproxylb.juniper.net:3128'

# -----------------------------------------------------------------------
# k8configs env (if checked out)
# -----------------------------------------------------------------------
[[ -f "${HOME}/k8configs/engtech_k8_env.sh" ]] && \
    source "${HOME}/k8configs/engtech_k8_env.sh"

# -----------------------------------------------------------------------
# RVM (Ruby — if installed)
# -----------------------------------------------------------------------
alias rvmi='source "$HOME/.rvm/scripts/rvm"; echo "rvm initialized..."'

# -----------------------------------------------------------------------
# LDAP helpers — credentials injected from ~/.bashrc.local
# Set JNPR_LDAP_BIND_DN and JNPR_LDAP_BIND_PW in ~/.bashrc.local
# -----------------------------------------------------------------------
function ldaps() {
    local dn="${JNPR_LDAP_BIND_DN:-CN=_eng_jira_bind_new,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}"
    local pw="${JNPR_LDAP_BIND_PW:?Set JNPR_LDAP_BIND_PW in ~/.bashrc.local}"
    ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \
        -h ldap-eqx-lb.jnpr.net \
        -D "$dn" -w "$pw" \
        sAMAccountName="$1" | perl -p00e 's/\r?\n //g'
}

function ldaps2() {
    local dn="${JNPR_LDAP_BIND_DN2:-CN=_eng_labrsrcmgr_bind,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}"
    local pw="${JNPR_LDAP_BIND_PW2:?Set JNPR_LDAP_BIND_PW2 in ~/.bashrc.local}"
    ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \
        -h ldap-qnc-lb.jnpr.net \
        -D "$dn" -w "$pw" \
        sAMAccountName="$1" | perl -p00e 's/\r?\n //g'
}

# -----------------------------------------------------------------------
# Network / misc Juniper tools
# -----------------------------------------------------------------------
function netseg() {
    curl -k "https://netseg.juniper.net/api/find_ip?hostname=$1" | jq '.'
}

# Jira CLI shortcut
alias jira='jira-cli --v2 view --oneline --search-jql "assignee=kenjim and status!=closed and status!=resolved order by priority desc, created asc"'

# -----------------------------------------------------------------------
# Unified Hub (Artifactory / unified-hub.juniper.net)
# Credentials pulled from ~/.bashrc.local:
#   UNIFIED_HUB_USERNAME  e.g. kenjim@juniper.net
#   UNIFIED_HUB_TOKEN     base64 API token from Artifactory
# -----------------------------------------------------------------------
function unified-hub-login() {
    local url="unified-hub.juniper.net"
    local user="${UNIFIED_HUB_USERNAME:-}"
    local token="${UNIFIED_HUB_TOKEN:-}"
    if [[ -z "$user" || -z "$token" ]]; then
        echo "ERROR: UNIFIED_HUB_USERNAME and UNIFIED_HUB_TOKEN must be set (add to ~/.bashrc.local)" >&2
        return 1
    fi
    echo "$token" | docker login -u "$user" --password-stdin "$url"
}