I have to use LastPass at work, and I store some API keys in there. Rather than copy/paste and have the actual api key on my terminal, I like to use read -rs ENV_VAR_NAME to set environment variables, so they are hidden from scrollback.
Recently my coworker set something up that we need an environment variable set up for running some Terraform commands. I don't feel like pasting it in every time from LastPass, so I figured out how to set this up and automate it. I'm sure I've already talked a lot about how I love direnv and I maintain a lot of different .envrc files for work things. For my last team I had one per repo! Well direnv comes to the rescue again.
- The first step is installing the lastpass-cli.
- Then you need to set it up so you log in, how you do that is up to you. I have lpass checking status, and if it exits nonzero, then running lpass login again in my direnv.
- After that you can use lpass show and capture that in a variable to export your API key as an environment variable.
lpass status
if [ $? -ne 0 ]; then
lpass login email@address.com
fi
export API_KEY=$(lpass show "Secret-Name-Here" --password)
Example .envrc file.
I love automating things, and when a coworker says "oh no we have to do this"... I run to automate it!
As I mentioned in my December post I'm doing a 6502 course on Pikuma.
I'm about 75% of the way done, and I think I need to circle back to some earlier stuff about how the PPU works, but it's super fun.
Over the holidays I was able to stop at my father's and pick up my old NES.
I swapped out the ZIF connector for a new one, and cleaned up some contacts on the RCA ports, and it works great!
Once I found out that it was working - I played Sesame Street ABC 123, as that's the only one I had up in my office - I ordered an EverDrive N8.
That came last week.
The pictures are tall due to how I took them, so sorry I'll attach them at the end of the post.
Once I got the EverDrive N8 I made sure it worked by playing a Battletoads ROM.
Battletoad tested - I then copied Atlantico.NES to my Everdrive.
Atlantico is the game that Gustavo is walking us through making in the current part of the course - not a real published game.
I loaded it up and HOLY COW - something I actually wrote in Assembly is running on real hardware.
If you want to watch the video, it's very simplistic at the 75% mark, this was before the Collisions chapter, and no sound yet.
The feeling of getting something running, locally, and seeing it working on screen, despite being a programmer for ~~20 years, is AMAZING.
Writing code that executes on the system you grew up playing the early 90's, wow.
I do wish the CRT TV my wife had was square, things get cut off on it.
I even got a remote, so I could try to fix that in the menu, alas, only picture option is brightness.
(Not that I realistically thought I could scale it, CRT Pixels are only Pixels.
Picture Gallery
Trying out putting all the pictures at the end of my posts, if they are not directly related to paragraph content.
New Year's eve eve, my main portable computer crashed. Rebooting to Safe mode, I could mount this MacBook's hard drive long enough to SCP the files over the network to my server, but I had to start that over twice because it fell asleep. I don't have access to rsync in the "Network Recovery Mode" it seems - maybe I should look to see if next time I can install things, it's moot now.
I spent all January 1st evening working on learning how Nix works. Of course, I started with Nix on macOS (intel at least) so I had to also learn how nix-darwin works. I have my dotfiles set up to use Nix now, rather than an INSTALL.sh file that just sets a bunch of symlinks.
I played around for a litle bit with different structures, but what I ended up with by the end of the weekend was two bash scripts (still working on makefile, env vars are being funky) one for each operating system rebuild-macos.sh and rebuild-ubuntu.sh. For now I'm only Nixifying one macOS system and two Ubuntu boxes. Avoiding it on my work m1 Mac laptop, as I don't want to have to deal with managing synthetic.conf and mount points on a work managed computer. No idea how JAMF and Nix will fight.
My filetree currently looks like (trimmed out a host and a bunch of files in home/)
.
├── home
│ ├── bin/
│ ├── config/
│ ├── gitconfig
│ ├── gitignore
│ ├── gpg/
│ ├── hushlogin
│ └── ssh/
├── hosts/
│ ├── _common/
│ │ ├── fonts.nix
│ │ ├── home.nix
│ │ ├── programs.nix
│ │ └── xdg.nix
│ ├── ts-tl-mbp/
│ │ ├── brew.nix
│ │ ├── default.nix
│ │ ├── flake.lock
│ │ ├── flake.nix
│ │ ├── home-manager.nix
│ │ └── home.nix
│ └── x1carbon-ubuntu/
│ ├── default.nix
│ ├── flake.lock
│ ├── flake.nix
│ ├── home-manager.nix
│ └── home.nix
├── rebuild-macos.sh
└── rebuild-ubuntu.sh
Under hosts/ as you can see, I have a brew.nix file in my macbook pro's folder. This is how I install anything in homebrew. In my flake.nix for my macos folder I am using home-manager, nix-darwin, and nixpkgs. I provide this brew.nix to my darwinConfigurations and it will install anything I put in my brew nixfile.
I also have a _common directory in my hosts, this is things that are to be installed on EVERY machine. Things such as bat, wget, fzf, fish, etc. along with common symlinks and xdg-config links. My nvim and fish configs are installed and managed this way. Rather than need to maintain a neovim config for every different system, in the nix way, I can just manage it all in _common/programs.nix.
This is not "The Standard Way" to organize things, if you want more inspiration, I took a lot from my friend Andrey's Nixfiles. I was also chatting with him a bunch during this, so I was able to get three systems up and configured in a few days. After the first ubuntu box was configured, it was super easy to manage my others.
My home/ directory is where I store my config files. My ssh public keys, my gpg public keys, my ~/.<dotfiles> and my ~/.config/<files>. This doesn't really need any explaination, but as an added benefit is I also decided to LUA-ify my nvim configs the same weekend. But that's a story for another time.
I am at this time choosing not to do NixOS - and relying on Ubuntu for managing my OS. I peeked into Andrey's files, and I really don't want to have to manage a full system configuration, drivers, etc. with Nix. Maybe for the future - when my Lenovo X1 Carbon dies and I need to reinstall that though.
NOTES
This post is ported over from my wiki, so the format isn't as storytelling as a blog post could be, but I wanted it here.
Home Assistant Parts
Third Party Plugin Requirements
Pi Zero
I have a tiny project Enclosure box that I dremeled a hole for the GPIO pins in the cover and I then sandwich the Blinkt onto the Pi Zero with another dremeled hole running to the micro usb power, and that's it for hardware.
For software, I installed the python packages for Pimoroni and Blinkt, which came with a lovely set of sample projects. I deleted everything except the mqtt.py file, which I then put my Mosquitto server settings.
I then added a new service in systemd to control the mqtt server
[Unit]
Description=Meeting Indicator
[Service]
Type=simple
ExecStart=/usr/bin/python2 /home/pi/mqtt.py
WorkingDirectory=/home/pi/Pimoroni/blinkt/examples
Restart=always
RestartSec=2
[Install]
WantedBy=sysinit.target
Pleased with the results, and testing by sending some messages over mqtt that changed the color, I then dove into Node-RED
Node-Red
This is my first project using Node-RED, so I'm sure I could optimize better, but I have two entry points, one is from running HomeAssistant app on my mac, which gets me sensor data for my webcam, and the other is the aforementioned Zoom Presence plugin I created. These are Events:State nodes.
When either of these are True, they call first my ceiling light to turn on, which next will then add a msg.payload of
rgb,0,255,0,0
rgb,1,255,0,0
rgb,2,255,0,0
rgb,3,255,0,0
rgb,4,255,0,0
rgb,5,255,0,0
rgb,6,255,0,0
rgb,7,255,0,0
as one string. This leads to a Split, which will in turn, emit a new MQTT message for each line (I split on \n) and turn on all 8 LEDs as red. This is inefficient because I am still using the sample code for the blinkt which requires you to address each LED individually, my next phase I will remove the pin requirement and just have it send a color for all of them at once, one line.
When either of the sensors states are False, I then flow into a Time Range node, in which I check if it's between 9-5 or not. If it is, then I turn all the LEDs Green, and if it's outside 9-5 I just turn the LEDs off. I do not turn OFF the overhead light, in case it was already on. I don't care about the state enough.
I also intentionally trigger at the Office Hours node, which will inherently turn the Green on at 9:01am, and off at 5:01pm. As well as turn on Red for any long standing meeting times I have.