#!/bin/bash # ───────────────────────────────────────────────────────────── # Dual-network development setup # ───────────────────────────────────────────────────────────── # # Controls: one env var — NETWORK=corp or NETWORK=home # # Usage (add to ~/.zshrc): # export NETWORK=corp # at work / on VPN # export NETWORK=home # at home (or just unset it) # # Then source this file from ~/.zshrc: # source "$HOME/code/mygh/learning_ai_common_plat/scripts/switch-network.sh" # # What it sets when NETWORK=corp: # - http_proxy / https_proxy → cso.proxy.att.com:8080 # - NPM_CONFIG_REGISTRY → AT&T JFrog npm proxy # - NPM_CONFIG_PROXY → corporate proxy # - NPM_CONFIG_STRICT_SSL → false (proxy TLS interception) # - NO_PROXY / no_proxy → localhost,127.0.0.1 (Gitea, Cosmos, Azurite) # - NPM_CONFIG_NOPROXY → localhost,127.0.0.1 # - NODE_TLS_REJECT_UNAUTHORIZED → 0 (Node.js trusts proxy certs) # - PIP_TRUSTED_HOST → pypi.org, files.pythonhosted.org # - GRADLE_OPTS → JVM truststore with corporate CA cert # (truststore at ~/.gradle/ssl/gradle-cacerts.jks) # # What it sets when NETWORK=home: # - All proxy vars unset, default registries, direct internet # # Gradle SSL setup (one-time): # The corporate proxy (cso.proxy.att.com) does TLS interception. # Gradle's JVM needs a custom truststore with the proxy CA cert. # To create/recreate: # mkdir -p ~/.gradle/ssl # JAVA_HOME=$(/usr/libexec/java_home) # cp "$JAVA_HOME/lib/security/cacerts" ~/.gradle/ssl/gradle-cacerts.jks # echo | openssl s_client -connect services.gradle.org:443 \ # -proxy cso.proxy.att.com:8080 -showcerts 2>/dev/null \ # | awk 'BEGIN{c=0} /BEGIN CERT/{c++} c==2{print} /END CERT/&&c==2{exit}' \ # > /tmp/corp-ca.pem # keytool -importcert -noprompt -trustcacerts -alias att-cso-proxy \ # -file /tmp/corp-ca.pem \ # -keystore ~/.gradle/ssl/gradle-cacerts.jks -storepass changeit # # ───────────────────────────────────────────────────────────── _CORP_PROXY="http://cso.proxy.att.com:8080/" _CORP_NPM_REGISTRY="https://jfrog-pkg-proxy.it.att.com/artifactory/api/npm/att-npm-proxy-group/" _GRADLE_TRUSTSTORE="$HOME/.gradle/ssl/gradle-cacerts.jks" if [ "${NETWORK:-home}" = "corp" ]; then # ── Corporate proxy ── export http_proxy="$_CORP_PROXY" export https_proxy="$_CORP_PROXY" export HTTP_PROXY="$_CORP_PROXY" export HTTPS_PROXY="$_CORP_PROXY" export NPM_CONFIG_REGISTRY="$_CORP_NPM_REGISTRY" export NPM_CONFIG_PROXY="$_CORP_PROXY" export NPM_CONFIG_HTTPS_PROXY="$_CORP_PROXY" export NPM_CONFIG_STRICT_SSL="false" export PIP_TRUSTED_HOST="pypi.org files.pythonhosted.org" export NODE_TLS_REJECT_UNAUTHORIZED="0" # Bypass proxy for local services (Gitea npm registry, Cosmos emulator, Azurite, etc.) export NO_PROXY="localhost,127.0.0.1" export no_proxy="localhost,127.0.0.1" export NPM_CONFIG_NOPROXY="localhost,127.0.0.1" # Gradle: trust corporate proxy CA cert (TLS interception by cso.proxy.att.com) if [ -f "$_GRADLE_TRUSTSTORE" ]; then export GRADLE_OPTS="-Djavax.net.ssl.trustStore=$_GRADLE_TRUSTSTORE -Djavax.net.ssl.trustStorePassword=changeit -Djdk.http.auth.tunneling.disabledSchemes= -Djdk.http.auth.proxying.disabledSchemes= -Djava.net.useSystemProxies=true" fi else # ── Home / direct internet ── unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY 2>/dev/null unset NPM_CONFIG_REGISTRY NPM_CONFIG_PROXY NPM_CONFIG_HTTPS_PROXY 2>/dev/null unset NPM_CONFIG_STRICT_SSL NODE_TLS_REJECT_UNAUTHORIZED 2>/dev/null unset NO_PROXY no_proxy NPM_CONFIG_NOPROXY 2>/dev/null unset PIP_TRUSTED_HOST GRADLE_OPTS 2>/dev/null fi unset _GRADLE_TRUSTSTORE # Quick status on new shell (only if interactive) if [[ $- == *i* ]]; then if [ "${NETWORK:-home}" = "corp" ]; then echo "🏢 NETWORK=corp — proxy active" else echo "🏠 NETWORK=home — direct internet" fi fi unset _CORP_PROXY _CORP_NPM_REGISTRY # ── Gitea NPM registry (NETWORK-aware) ──────────────────────────── # Repos use .npmrc with: @bytelyst:registry=http://${GITEA_NPM_HOST}:3300/... # # NETWORK=corp → Gitea runs locally on this machine (localhost) # NETWORK=home → Gitea runs on the Azure VM (read host from ~/.gitea_vm_host) # # To configure the VM host (one-time): # echo "bytelyst-vm.eastus.cloudapp.azure.com" > ~/.gitea_vm_host # # Token for publish access (reads are public, writes need auth): # Store in ~/.gitea_npm_token (one line, no newline) # Create: curl -s -u admin:PASSWORD http://:3300/api/v1/users/admin/tokens \ # -H 'Content-Type: application/json' -d '{"name":"npm"}' | jq -r '.sha1 // .token' # Gitea npm package owner — single env var drives every .npmrc + Dockerfile. # Override per-shell if you have multiple Gitea orgs; default is the canonical # ByteLyst owner. Renaming the owner is now a one-line env change. export GITEA_NPM_OWNER="${GITEA_NPM_OWNER:-learning_ai_user}" _GITEA_VM_HOST_FILE="$HOME/.gitea_vm_host" if [ "${NETWORK:-home}" = "corp" ]; then export GITEA_NPM_HOST="localhost" else if [ -f "$_GITEA_VM_HOST_FILE" ]; then export GITEA_NPM_HOST GITEA_NPM_HOST="$(cat "$_GITEA_VM_HOST_FILE")" else # Fallback: assume Gitea on localhost (e.g., local Docker or SSH tunnel) export GITEA_NPM_HOST="localhost" fi fi unset _GITEA_VM_HOST_FILE # Token: per-network file preferred, fallback to shared file # Layout: # ~/.gitea_npm_token_corp → corp (local Gitea via SSH tunnel) # ~/.gitea_npm_token_home → home / prod (cloud VM Gitea) # ~/.gitea_npm_token → fallback (used if per-network file missing) unset GITEA_NPM_TOKEN _NET="${NETWORK:-home}" for _f in "$HOME/.gitea_npm_token_${_NET}" "$HOME/.gitea_npm_token"; do if [ -f "$_f" ]; then GITEA_NPM_TOKEN="$(tr -d '\n\r ' < "$_f")" export GITEA_NPM_TOKEN break fi done unset _NET _f