diff options
| author | Luke Granger-Brown <git@lukegb.com> | 2021-01-08 01:58:22 +0000 |
|---|---|---|
| committer | Luke Granger-Brown <git@lukegb.com> | 2021-03-29 10:41:40 +0000 |
| commit | 810008828fbcd7fba3d71c81b4aa2f01f8da9810 (patch) | |
| tree | 7b472c59cb203cdcb710f4f1aa13e0ba627a7f52 | |
| parent | 46aff9e1a018e7c46d029b4f3d684ad8f85f5d84 (diff) | |
| download | nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.tar nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.tar.gz nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.tar.bz2 nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.tar.lz nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.tar.xz nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.tar.zst nixpkgs-810008828fbcd7fba3d71c81b4aa2f01f8da9810.zip | |
pomerium: init at 0.11.1
| -rw-r--r-- | pkgs/servers/http/pomerium/default.nix | 75 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
2 files changed, 77 insertions, 0 deletions
diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix new file mode 100644 index 00000000000..5d2f96da022 --- /dev/null +++ b/pkgs/servers/http/pomerium/default.nix @@ -0,0 +1,75 @@ +{ buildGoModule +, fetchFromGitHub +, lib +, envoy +, zip +}: + +let + inherit (lib) concatStringsSep mapAttrsToList; +in +buildGoModule rec { + pname = "pomerium"; + version = "0.11.1"; + src = fetchFromGitHub { + owner = "pomerium"; + repo = "pomerium"; + rev = "v${version}"; + hash = "sha256-9xx4eQovgAx3YEOsp64HErN7Roo7i2QeymRh8umyOnI="; + }; + + vendorSha256 = "sha256-hDRqTGUXB+/jA+ccZ5LyKMF/zV9+xLxcqErdnPwB2U8="; + subPackages = [ + "cmd/pomerium" + "cmd/pomerium-cli" + ]; + + buildFlagsArray = let + # Set a variety of useful meta variables for stamping the build with. + setVars = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium"; + ProjectURL = "github.com/pomerium/pomerium"; + }; + varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars); + in [ + "-ldflags=${varFlags}" + ]; + + nativeBuildInputs = [ + zip + ]; + + # Pomerium expects to have envoy append to it in a zip. + # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary. + postBuild = '' + # Append Envoy + pushd $NIX_BUILD_TOP + mkdir -p envoy + cd envoy + cp ${envoy}/bin/envoy envoy + zip -0 envoy.zip envoy + popd + + mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old + cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium + zip --adjust-sfx $GOPATH/bin/pomerium + ''; + + # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end. + dontStrip = true; + + installPhase = '' + install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium + install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli + ''; + + meta = with lib; { + homepage = "https://pomerium.io"; + description = "Authenticating reverse proxy"; + license = licenses.asl20; + maintainers = with maintainers; [ lukegb ]; + platforms = [ "x86_64-linux" ]; # Envoy derivation is x86_64-linux only. + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6fa4ac304b6..22cddc587bc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18511,6 +18511,8 @@ in }; pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { }; + pomerium = callPackage ../servers/http/pomerium { }; + postgrey = callPackage ../servers/mail/postgrey { }; pshs = callPackage ../servers/http/pshs { }; |