# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ pkgs, depot, ... }:
with pkgs;
let
  version = "0.11.1";
  src = fetchFromGitHub {
    owner = "pomerium";
    repo = "pomerium";
    rev = "v${version}";
    hash = "sha256:0wisnblz4qb4r8g692rvi937pcqj0ypagb23c1vhr01g19wph77p";
  };
  gitHash = "40b878e164c6278d56d61cb06a77342f3b4e5946";
in
buildGoModule rec {
  pname = "pomerium";
  inherit version src;

  vendorSha256 = "sha256:0kyr07y9rpaam1fbri3ybz6pzh98ya96f7770giyy1qpcm66ld44";
  subPackages = [
    "cmd/pomerium"
    "cmd/pomerium-cli"
  ];

  buildFlagsArray = let
    setVars = {
      GitCommit = gitHash;
      Version = "v${version}";
      BuildMeta = "nix";
      ProjectName = "pomerium";
      ProjectURL = "github.com/pomerium/pomerium";
    };
    varFlags = lib.concatStringsSep " " (lib.mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars);
  in [
    "-ldflags=${varFlags}"
  ];

  nativeBuildInputs = [
    zip
  ];

  postBuild = ''
    # Append Envoy
    pushd $NIX_BUILD_TOP
    mkdir -p envoy
    cd envoy
    cp ${depot.pkgs.envoy}/bin/envoy envoy
    zip -0 envoy.zip envoy
    popd
  '';

  installPhase = ''
    install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium
  '';
  postFixup = ''
    cat $out/bin/pomerium $NIX_BUILD_TOP/envoy/envoy.zip >$out/bin/pomerium.new
    mv $out/bin/pomerium.new $out/bin/pomerium
    chmod +x $out/bin/pomerium
    zip --adjust-sfx $out/bin/pomerium
  '';

  meta = with lib; {
    homepage = "https://pomerium.io";
    description = "Authenticating reverse proxy";
    license = licenses.asl20;
    maintainers = with maintainers; [ lukegb ];
  };
}