vault-acme: init

This is a Vault secrets plugin for provisioning SSL certificates using ACME.

nix/docker/vault/default.nix

@@ -10,6 +10,7 @@ let
   imageVersion = vault.version;
 
   plugins = [
+    depot.nix.pkgs.vault-acme
   ];
 
   pluginDrv = pkgs.runCommand "vault-plugins" {

nix/pkgs/default.nix

@@ -67,5 +67,6 @@
   lutris = pkgs.lutris.override {
     extraPkgs = pkgs: with pkgs; [ openssl gnome.zenity ];
   };
+  vault-acme = pkgs.callPackage ./vault-acme { };
 } // (import ./heptapod-runner args)
   // (import ./lightspeed args)

nix/pkgs/vault-acme/default.nix

@@ -0,0 +1,42 @@
+
+# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "vault-acme";
+  version = "0.0.8";
+
+  src = fetchFromGitHub {
+    owner = "remilapeyre";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256:0vbi5i0m5rifh4ayd4y949kh94zgirviv6xiy2a11a4frrn24fyf";
+  };
+
+  vendorSha256 = "sha256:07bqapnrf1fdyaxkna14s5calgj71sk2qysigd32hxl673zd06ic";
+
+  subPackages = [
+    "cmd/acme"
+    "cmd/sidecar"
+  ];
+
+  postInstall = ''
+    mkdir -p $out/libexec/vault
+    mv $out/bin/acme $out/libexec/vault/acme
+    mv $out/bin/sidecar $out/bin/vault-acme-sidecar
+  '';
+
+  meta = with lib; {
+    description = "Vault secret engine to retrieve TLS certificates from an ACME provider";
+    homepage = "https://github.com/remilapeyre/vault-acme";
+    license = licenses.mpl20;
+    maintainers = with maintainers; [ lukegb ];
+    platforms = platforms.linux ++ platforms.darwin;
+  };
+}