diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/networking/boundary')
| -rw-r--r-- | nixpkgs/pkgs/tools/networking/boundary/default.nix | 54 | ||||
| -rwxr-xr-x | nixpkgs/pkgs/tools/networking/boundary/update.sh | 39 |
2 files changed, 93 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/networking/boundary/default.nix b/nixpkgs/pkgs/tools/networking/boundary/default.nix new file mode 100644 index 000000000000..6c653125c33a --- /dev/null +++ b/nixpkgs/pkgs/tools/networking/boundary/default.nix @@ -0,0 +1,54 @@ +{ stdenv, lib, fetchzip }: + +let + inherit (stdenv.hostPlatform) system; + suffix = { + x86_64-linux = "linux_amd64"; + aarch64-linux = "linux_arm64"; + x86_64-darwin = "darwin_amd64"; + }."${system}" or (throw "Unsupported system: ${system}"); + fetchsrc = version: sha256: fetchzip { + url = "https://releases.hashicorp.com/boundary/${version}/boundary_${version}_${suffix}.zip"; + sha256 = sha256."${system}"; + }; +in +stdenv.mkDerivation rec { + pname = "boundary"; + version = "0.1.5"; + + src = fetchsrc version { + x86_64-linux = "sha256-A8dfmFjvOHDwotCyRq9QQ9uHJIkq1JkIwtHsqDqTSNo="; + aarch64-linux = "sha256-i2qc4bmoSzUwNCQmnXLFQ+W4VZjVwXzEBSF3NeTju3M="; + x86_64-darwin = "sha256-lKGTpS2TmgxFdjUsBXKg8Mu6oJA0VidHc/noWWEuUVo="; + }; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + install -D boundary $out/bin/boundary + ''; + + dontPatchELF = true; + dontPatchShebangs = true; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + homepage = "https://boundaryproject.io/"; + changelog = "https://github.com/hashicorp/boundary/blob/v${version}/CHANGELOG.md"; + description = "Enables identity-based access management for dynamic infrastructure"; + longDescription = '' + Boundary provides a secure way to access hosts and critical systems + without having to manage credentials or expose your network, and is + entirely open source. + + Boundary is designed to be straightforward to understand, highly scalable, + and resilient. It can run in clouds, on-prem, secure enclaves and more, + and does not require an agent to be installed on every end host. + ''; + license = licenses.mpl20; + maintainers = with maintainers; [ jk ]; + platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/networking/boundary/update.sh b/nixpkgs/pkgs/tools/networking/boundary/update.sh new file mode 100755 index 000000000000..437339307104 --- /dev/null +++ b/nixpkgs/pkgs/tools/networking/boundary/update.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused gawk nix-prefetch + +set -euo pipefail + +ROOT="$(dirname "$(readlink -f "$0")")" +NIX_DRV="$ROOT/default.nix" +if [ ! -f "$NIX_DRV" ]; then + echo "ERROR: cannot find default.nix in $ROOT" + exit 1 +fi + +fetch_arch() { + VER="$1"; ARCH="$2" + URL="https://releases.hashicorp.com/boundary/${VER}/boundary_${VER}_${ARCH}.zip" + nix-prefetch "{ stdenv, fetchzip }: +stdenv.mkDerivation rec { + pname = \"boundary\"; version = \"${VER}\"; + src = fetchzip { url = \"$URL\"; }; +} +" +} + +replace_sha() { + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" +} + +# https://releases.hashicorp.com/boundary/0.1.4/boundary_0.1.4_linux_amd64.zip +BOUNDARY_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/boundary/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//') + +BOUNDARY_LINUX_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_amd64") +BOUNDARY_DARWIN_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "darwin_amd64") +BOUNDARY_LINUX_AARCH64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_arm64") + +sed -i "s/version = \".*\"/version = \"$BOUNDARY_VER\"/" "$NIX_DRV" + +replace_sha "x86_64-linux" "$BOUNDARY_LINUX_X64_SHA256" +replace_sha "x86_64-darwin" "$BOUNDARY_DARWIN_X64_SHA256" +replace_sha "aarch64-linux" "$BOUNDARY_LINUX_AARCH64_SHA256" |