depot/nix/pkgs/secretsync/default.nix

# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ pkgs, lib, depot, ... }:
let
  secretsync = pkgs.buildGoModule rec {
    pname = "secretsync";
    version = "0.0.1";

    src = ./.;
    vendorHash = "sha256:0n8dvdgn6izb4qcjdcsqjzximkkpf5i2xb4ap5aa2n8c36w2dn5h";

    subPackages = [ "." ];

    meta = with lib; {
      description = "Simple package for dumping secret files from disk to GitLab variables";
    };
  };
in secretsync // {
  configure = baseConfig:
    let
      config = {
        name = "secretsync";
        pkg = secretsync;
        gitlabAccessToken = "";
        gitlabEndpoint = "https://hg.lukegb.com";
        gitlabProject = "lukegb/depot";
        variablesToFile = {};
        manifestVariable = "";
        workingDir = "";
        logToStderr = true;
      } // baseConfig;
      args = {
        gitlab_access_token = config.gitlabAccessToken;
        gitlab_endpoint = config.gitlabEndpoint;
        gitlab_project = config.gitlabProject;
        variable_to_file = lib.mapAttrsToList (name: value: "${name}=${value}") config.variablesToFile;
        logtostderr = config.logToStderr;
      } // (if config.manifestVariable == "" then {} else { manifest_variable = config.manifestVariable; });
    in
    pkgs.writeShellScriptBin config.name ''
      cd "${config.workingDir}"
      exec "${config.pkg}/bin/secretsync" ${lib.cli.toGNUCommandLineShell {} args}
    '';
}
licensing: Apache-2.0, make almost reuse-lint clean 2020-06-07 14:03:12 +00:00			`# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>`
			`#`
			`# SPDX-License-Identifier: Apache-2.0`

secretsync: add This is a helper utility for syncing filesystem files into GitLab variables, for deploy-time secrets. 2020-05-09 11:45:13 +00:00			`{ pkgs, lib, depot, ... }:`
			`let`
			`secretsync = pkgs.buildGoModule rec {`
			`pname = "secretsync";`
			`version = "0.0.1";`

			`src = ./.;`
nix: migrate from vendorSha256 to vendorHash 2023-12-14 11:17:47 +00:00			`vendorHash = "sha256:0n8dvdgn6izb4qcjdcsqjzximkkpf5i2xb4ap5aa2n8c36w2dn5h";`
secretsync: add This is a helper utility for syncing filesystem files into GitLab variables, for deploy-time secrets. 2020-05-09 11:45:13 +00:00
			`subPackages = [ "." ];`

			`meta = with lib; {`
			`description = "Simple package for dumping secret files from disk to GitLab variables";`
			`};`
			`};`
			`in secretsync // {`
			`configure = baseConfig:`
			`let`
			`config = {`
			`name = "secretsync";`
			`pkg = secretsync;`
			`gitlabAccessToken = "";`
			`gitlabEndpoint = "https://hg.lukegb.com";`
			`gitlabProject = "lukegb/depot";`
			`variablesToFile = {};`
secretsync: add concept of manifest variable This is a file-type variable which contains the original mapping of VARIABLE_NAME to VARIABLE_DATA. This can be used to automatically repopulate a repository with secrets that were originally taken from it and transmitted via GitLab variables (i.e. out-of-band). 2020-05-09 13:26:54 +00:00			`manifestVariable = "";`
			`workingDir = "";`
secretsync: add This is a helper utility for syncing filesystem files into GitLab variables, for deploy-time secrets. 2020-05-09 11:45:13 +00:00			`logToStderr = true;`
			`} // baseConfig;`
			`args = {`
			`gitlab_access_token = config.gitlabAccessToken;`
			`gitlab_endpoint = config.gitlabEndpoint;`
			`gitlab_project = config.gitlabProject;`
			`variable_to_file = lib.mapAttrsToList (name: value: "${name}=${value}") config.variablesToFile;`
			`logtostderr = config.logToStderr;`
secretsync: add concept of manifest variable This is a file-type variable which contains the original mapping of VARIABLE_NAME to VARIABLE_DATA. This can be used to automatically repopulate a repository with secrets that were originally taken from it and transmitted via GitLab variables (i.e. out-of-band). 2020-05-09 13:26:54 +00:00			`} // (if config.manifestVariable == "" then {} else { manifest_variable = config.manifestVariable; });`
secretsync: add This is a helper utility for syncing filesystem files into GitLab variables, for deploy-time secrets. 2020-05-09 11:45:13 +00:00			`in`
			`pkgs.writeShellScriptBin config.name ''`
secretsync: add concept of manifest variable This is a file-type variable which contains the original mapping of VARIABLE_NAME to VARIABLE_DATA. This can be used to automatically repopulate a repository with secrets that were originally taken from it and transmitted via GitLab variables (i.e. out-of-band). 2020-05-09 13:26:54 +00:00			`cd "${config.workingDir}"`
secretsync: add This is a helper utility for syncing filesystem files into GitLab variables, for deploy-time secrets. 2020-05-09 11:45:13 +00:00			`exec "${config.pkg}/bin/secretsync" ${lib.cli.toGNUCommandLineShell {} args}`
			`'';`
			`}`