From 932b47e9e9bd102c1f17e01d062d586cb84a87d2 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Sun, 6 Mar 2022 16:52:47 +0000
Subject: [PATCH] vault-acme: init

This is a Vault secrets plugin for provisioning SSL certificates using ACME.
---
 nix/docker/vault/default.nix    |  1 +
 nix/pkgs/default.nix            |  1 +
 nix/pkgs/vault-acme/default.nix | 42 +++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 nix/pkgs/vault-acme/default.nix

diff --git a/nix/docker/vault/default.nix b/nix/docker/vault/default.nix
index 1ebc984523..e1a5fdce2a 100644
--- a/nix/docker/vault/default.nix
+++ b/nix/docker/vault/default.nix
@@ -10,6 +10,7 @@ let
   imageVersion = vault.version;
 
   plugins = [
+    depot.nix.pkgs.vault-acme
   ];
 
   pluginDrv = pkgs.runCommand "vault-plugins" {
diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix
index 665295d45e..e1845dbbe0 100644
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@@ -67,5 +67,6 @@
   lutris = pkgs.lutris.override {
     extraPkgs = pkgs: with pkgs; [ openssl gnome.zenity ];
   };
+  vault-acme = pkgs.callPackage ./vault-acme { };
 } // (import ./heptapod-runner args)
   // (import ./lightspeed args)
diff --git a/nix/pkgs/vault-acme/default.nix b/nix/pkgs/vault-acme/default.nix
new file mode 100644
index 0000000000..a72006ac66
--- /dev/null
+++ b/nix/pkgs/vault-acme/default.nix
@@ -0,0 +1,42 @@
+
+# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "vault-acme";
+  version = "0.0.8";
+
+  src = fetchFromGitHub {
+    owner = "remilapeyre";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256:0vbi5i0m5rifh4ayd4y949kh94zgirviv6xiy2a11a4frrn24fyf";
+  };
+
+  vendorSha256 = "sha256:07bqapnrf1fdyaxkna14s5calgj71sk2qysigd32hxl673zd06ic";
+
+  subPackages = [
+    "cmd/acme"
+    "cmd/sidecar"
+  ];
+
+  postInstall = ''
+    mkdir -p $out/libexec/vault
+    mv $out/bin/acme $out/libexec/vault/acme
+    mv $out/bin/sidecar $out/bin/vault-acme-sidecar
+  '';
+
+  meta = with lib; {
+    description = "Vault secret engine to retrieve TLS certificates from an ACME provider";
+    homepage = "https://github.com/remilapeyre/vault-acme";
+    license = licenses.mpl20;
+    maintainers = with maintainers; [ lukegb ];
+    platforms = platforms.linux ++ platforms.darwin;
+  };
+}