boundary: init at 0.1.4

pkgs/tools/networking/boundary/default.nix

@@ -0,0 +1,52 @@
+{ stdenv, lib, fetchzip }:
+
+let
+  inherit (stdenv.hostPlatform) system;
+  suffix = {
+    x86_64-linux = "linux_amd64";
+    aarch64-linux = "linux_arm64";
+    x86_64-darwin = "darwin_amd64";
+  }."${system}" or (throw "Unsupported system: ${system}");
+  fetchsrc = version: sha256: fetchzip {
+      url = "https://releases.hashicorp.com/boundary/${version}/boundary_${version}_${suffix}.zip";
+      sha256 = sha256."${system}";
+    };
+in
+stdenv.mkDerivation rec {
+  pname = "boundary";
+  version = "0.1.4";
+
+  src = fetchsrc version {
+    x86_64-linux = "sha256-+YGXSyaGhfNk+T5P7wCqsNEYwpV/Oet7kOM8OPC1A6I=";
+    aarch64-linux = "sha256-tikxRBF2Y+urv7S1EUu2d60twZWox1pI96yYX357r8o=";
+    x86_64-darwin = "sha256-N+6iiybnWZkruhUe9TRcGaq5xES/iHzlEVGcghT4EUc=";
+  };
+
+  dontConfigure = true;
+  dontBuild = true;
+
+  installPhase = ''
+    install -D boundary $out/bin/boundary
+  '';
+
+  dontPatchELF = true;
+  dontPatchShebangs = true;
+
+  meta = with lib; {
+    homepage = "https://boundaryproject.io/";
+    changelog = "https://github.com/hashicorp/boundary/blob/v${version}/CHANGELOG.md";
+    description = "Enables identity-based access management for dynamic infrastructure";
+    longDescription = ''
+      Boundary provides a secure way to access hosts and critical systems
+      without having to manage credentials or expose your network, and is
+      entirely open source.
+
+      Boundary is designed to be straightforward to understand, highly scalable,
+      and resilient. It can run in clouds, on-prem, secure enclaves and more,
+      and does not require an agent to be installed on every end host.
+    '';
+    license = licenses.mpl20;
+    maintainers = with maintainers; [ jk ];
+    platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ];
+  };
+}

pkgs/tools/networking/boundary/update.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl gnused gawk nix-prefetch
+
+set -euo pipefail
+
+ROOT="$(dirname "$(readlink -f "$0")")"
+NIX_DRV="$ROOT/default.nix"
+if [ ! -f "$NIX_DRV" ]; then
+  echo "ERROR: cannot find default.nix in $ROOT"
+  exit 1
+fi
+
+fetch_arch() {
+  VER="$1"; ARCH="$2"
+  URL="https://releases.hashicorp.com/boundary/${VER}/boundary_${VER}_${ARCH}.zip"
+  nix-prefetch "{ stdenv, fetchzip }:
+stdenv.mkDerivation rec {
+  pname = \"boundary\"; version = \"${VER}\";
+  src = fetchzip { url = \"$URL\"; };
+}
+"
+}
+
+replace_sha() {
+  sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV"
+}
+
+# https://releases.hashicorp.com/boundary/0.1.4/boundary_0.1.4_linux_amd64.zip
+BOUNDARY_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/boundary/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
+
+BOUNDARY_LINUX_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_amd64")
+BOUNDARY_DARWIN_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "darwin_amd64")
+BOUNDARY_LINUX_AARCH64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_arm64")
+
+sed -i "s/version = \".*\"/version = \"$BOUNDARY_VER\"/" "$NIX_DRV"
+
+replace_sha "x86_64-linux" "$BOUNDARY_LINUX_X64_SHA256"
+replace_sha "x86_64-darwin" "$BOUNDARY_DARWIN_X64_SHA256"
+replace_sha "aarch64-linux" "$BOUNDARY_LINUX_AARCH64_SHA256"

pkgs/top-level/all-packages.nix

@@ -1033,6 +1033,8 @@ in
 
   boxes = callPackage ../tools/text/boxes { };
 
+  boundary = callPackage ../tools/networking/boundary { };
+
   chamber = callPackage ../tools/admin/chamber {  };
 
   charm = callPackage ../applications/misc/charm { };