pomerium: init at 0.11.1

2021-01-08 01:58:22 +00:00 · 2021-01-08 01:58:22 +00:00 · 810008828f
parent 46aff9e1a0
commit 810008828f
2 changed files with 77 additions and 0 deletions
--- a/pkgs/servers/http/pomerium/default.nix
+++ b/pkgs/servers/http/pomerium/default.nix
@ -0,0 +1,75 @@
+{ buildGoModule
+, fetchFromGitHub
+, lib
+, envoy
+, zip
+}:
+
+let
+  inherit (lib) concatStringsSep mapAttrsToList;
+in
+buildGoModule rec {
+  pname = "pomerium";
+  version = "0.11.1";
+  src = fetchFromGitHub {
+    owner = "pomerium";
+    repo = "pomerium";
+    rev = "v${version}";
+    hash = "sha256-9xx4eQovgAx3YEOsp64HErN7Roo7i2QeymRh8umyOnI=";
+  };
+
+  vendorSha256 = "sha256-hDRqTGUXB+/jA+ccZ5LyKMF/zV9+xLxcqErdnPwB2U8=";
+  subPackages = [
+    "cmd/pomerium"
+    "cmd/pomerium-cli"
+  ];
+
+  buildFlagsArray = let
+    # Set a variety of useful meta variables for stamping the build with.
+    setVars = {
+      Version = "v${version}";
+      BuildMeta = "nixpkgs";
+      ProjectName = "pomerium";
+      ProjectURL = "github.com/pomerium/pomerium";
+    };
+    varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars);
+  in [
+    "-ldflags=${varFlags}"
+  ];
+
+  nativeBuildInputs = [
+    zip
+  ];
+
+  # Pomerium expects to have envoy append to it in a zip.
+  # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary.
+  postBuild = ''
+    # Append Envoy
+    pushd $NIX_BUILD_TOP
+    mkdir -p envoy
+    cd envoy
+    cp ${envoy}/bin/envoy envoy
+    zip -0 envoy.zip envoy
+    popd
+
+    mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old
+    cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium
+    zip --adjust-sfx $GOPATH/bin/pomerium
+  '';
+
+  # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end.
+  dontStrip = true;
+
+  installPhase = ''
+    install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium
+    install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli
+  '';
+
+  meta = with lib; {
+    homepage = "https://pomerium.io";
+    description = "Authenticating reverse proxy";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ lukegb ];
+    platforms = [ "x86_64-linux" ];  # Envoy derivation is x86_64-linux only.
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -18511,6 +18511,8 @@ in
  };
  pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { };

+  pomerium = callPackage ../servers/http/pomerium { };
+
  postgrey = callPackage ../servers/mail/postgrey { };

  pshs = callPackage ../servers/http/pshs { };