nixpkgs/pkgs/servers/http/pomerium/default.nix
Luke Granger-Brown 74560e35e5 pomerium: use on-disk envoy
We can set an override path for Envoy's binary location now, so
do that instead of the previous thing of embedding the binary.

Note that we still need to include the SHA256/version of the binary
we're referring to, but Through The Power Of Nix™ we can do that
with relative ease.
2021-12-07 15:04:09 +00:00

92 lines
2.4 KiB
Nix

{ buildGoModule
, fetchFromGitHub
, lib
, envoy
, zip
, nixosTests
}:
let
inherit (lib) concatStringsSep concatMap id mapAttrsToList;
in
buildGoModule rec {
pname = "pomerium";
version = "0.15.7";
src = fetchFromGitHub {
owner = "pomerium";
repo = "pomerium";
rev = "v${version}";
hash = "sha256:0adlk4ylny1z43x1dw3ny0s1932vhb61hpf5wdz4r65y8k9qyfgr";
};
vendorSha256 = "sha256:1fszfbra84pcs8v1h2kf7iy603vf9v2ysg6il76aqmqrxmb1p7nv";
subPackages = [
"cmd/pomerium"
"cmd/pomerium-cli"
];
ldflags = let
# Set a variety of useful meta variables for stamping the build with.
setVars = {
"github.com/pomerium/pomerium/internal/version" = {
Version = "v${version}";
BuildMeta = "nixpkgs";
ProjectName = "pomerium";
ProjectURL = "github.com/pomerium/pomerium";
};
"github.com/pomerium/pomerium/internal/envoy" = {
OverrideEnvoyPath = "${envoy}/bin/envoy";
};
};
concatStringsSpace = list: concatStringsSep " " list;
mapAttrsToFlatList = fn: list: concatMap id (mapAttrsToList fn list);
varFlags = concatStringsSpace (
mapAttrsToFlatList (package: packageVars:
mapAttrsToList (variable: value:
"-X ${package}.${variable}=${value}"
) packageVars
) setVars);
in [
"${varFlags}"
];
preBuild = ''
# Replace embedded envoy with nothing.
# We set OverrideEnvoyPath above, so rawBinary should never get looked at
# but we still need to set a checksum/version.
rm internal/envoy/files/files_{darwin,linux}*.go
cat <<EOF >internal/envoy/files/files_generic.go
package files
import _ "embed" // embed
var rawBinary []byte
//go:embed envoy.sha256
var rawChecksum string
//go:embed envoy.version
var rawVersion string
EOF
sha256sum '${envoy}/bin/envoy' > internal/envoy/files/envoy.sha256
echo '${envoy.version}' > internal/envoy/files/envoy.version
'';
installPhase = ''
install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium
install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli
'';
passthru.tests = {
inherit (nixosTests) pomerium;
};
meta = with lib; {
homepage = "https://pomerium.io";
description = "Authenticating reverse proxy";
license = licenses.asl20;
maintainers = with maintainers; [ lukegb ];
platforms = [ "x86_64-linux" ]; # Envoy derivation is x86_64-linux only.
};
}