From a991f3dca958fd9a2ae05710ca421bb7226339df Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 27 Dec 2020 19:24:22 +0000 Subject: [PATCH] nix/pkgs: init pomerium --- nix/pkgs/default.nix | 1 + nix/pkgs/pomerium.nix | 67 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 nix/pkgs/pomerium.nix diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 86ca287c4e..e05e20adf6 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -14,5 +14,6 @@ python-emv = import ./python-emv.nix args; sheepshaver = import ./sheepshaver.nix args; intermec-cups-driver = pkgs.callPackage ./intermec-cups-driver.nix {}; + pomerium = import ./pomerium.nix args; envoy = import ./envoy args; } // (import ./heptapod-runner.nix args) diff --git a/nix/pkgs/pomerium.nix b/nix/pkgs/pomerium.nix new file mode 100644 index 0000000000..fd78c3409e --- /dev/null +++ b/nix/pkgs/pomerium.nix @@ -0,0 +1,67 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ pkgs, depot, ... }: +with pkgs; +let + version = "0.11.1"; + src = fetchFromGitHub { + owner = "pomerium"; + repo = "pomerium"; + rev = "v${version}"; + hash = "sha256:0wisnblz4qb4r8g692rvi937pcqj0ypagb23c1vhr01g19wph77p"; + }; + gitHash = "40b878e164c6278d56d61cb06a77342f3b4e5946"; +in +buildGoModule rec { + pname = "pomerium"; + inherit version src; + + vendorSha256 = "sha256:0kyr07y9rpaam1fbri3ybz6pzh98ya96f7770giyy1qpcm66ld44"; + subPackages = [ + "cmd/pomerium" + "cmd/pomerium-cli" + ]; + + buildFlagsArray = let + setVars = { + GitCommit = gitHash; + Version = "v${version}"; + BuildMeta = "nix"; + ProjectName = "pomerium"; + ProjectURL = "github.com/pomerium/pomerium"; + }; + varFlags = lib.concatStringsSep " " (lib.mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars); + in [ + "-ldflags=${varFlags}" + ]; + + nativeBuildInputs = [ + zip + ]; + + postBuild = '' + # Append Envoy + pushd $NIX_BUILD_TOP + mkdir -p envoy + cd envoy + cp ${depot.pkgs.envoy}/bin/envoy envoy + zip -0 envoy.zip envoy + popd + ''; + + installPhase = '' + mkdir -p $out/bin + cat $GOPATH/bin/pomerium $NIX_BUILD_TOP/envoy/envoy.zip >$out/bin/pomerium + chmod +x $out/bin/pomerium + zip --adjust-sfx $out/bin/pomerium + ''; + + meta = with stdenv.lib; { + homepage = "https://pomerium.io"; + description = "Authenticating reverse proxy"; + license = licenses.asl20; + maintainers = with maintainers; [ lukegb ]; + }; +}