chore: update deps; pin hashicorp

stackrox · Mar 4, 2024 · 65ecf95 · 65ecf95
1 parent 639c149
commit 65ecf95
Show file tree

Hide file tree

Showing 4 changed files with 183 additions and 10 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -6,25 +6,30 @@
       "https://stackrox.cachix.org"
       "https://cache.nixos.org"
       "https://nix-community.cachix.org"
+      "https://nixpkgs-terraform.cachix.org"
     ];
     trusted-public-keys = [
       "stackrox.cachix.org-1:Wnn8TKAitOTWKfTvvHiHzJjXy0YfiwoK6rrVzXt/trA="
       "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
     ];
   };
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     nixpkgs-rocksdb-6_15_5.url = "github:nixos/nixpkgs/a765beccb52f30a30fee313fbae483693ffe200d";
+    nixpkgs-terraform.url = "github:stackbuilders/nixpkgs-terraform";
     flake-utils.url = "github:numtide/flake-utils";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-rocksdb-6_15_5, flake-utils }:
+  outputs = { self, nixpkgs, nixpkgs-rocksdb-6_15_5, nixpkgs-terraform, flake-utils }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = import nixpkgs { inherit system; };
+        custom = import ./pkgs { inherit pkgs; };
         pkgs-rocksdb = import nixpkgs-rocksdb-6_15_5 { inherit system; };
+        terraform = nixpkgs-terraform.packages.${system}."1.5.7";
         darwin-pkgs =
           if pkgs.stdenv.isDarwin then [
             pkgs.colima
@@ -61,7 +66,7 @@
             pkgs.pre-commit
 
             # stackrox/acs-fleet-manager-aws-config
-            pkgs.terraform
+            terraform
             pkgs.terragrunt
             pkgs.detect-secrets
 
@@ -84,7 +89,7 @@
             pkgs.kubectx
             pkgs.kubernetes-helm
             pkgs.prometheus
-            pkgs.vault
+            custom.vault
             pkgs.wget
             pkgs.yq-go
             stackrox-python

diff --git a/pkgs/default.nix b/pkgs/default.nix
@@ -0,0 +1,3 @@
+{ pkgs }: {
+  vault = pkgs.callPackage ./vault { };
+}
diff --git a/pkgs/vault/default.nix b/pkgs/vault/default.nix
@@ -0,0 +1,60 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, buildGoModule
+, installShellFiles
+, nixosTests
+, makeWrapper
+, gawk
+, glibc
+}:
+buildGoModule rec {
+  pname = "vault";
+  version = "1.14.8";
+
+  src = fetchFromGitHub {
+    owner = "hashicorp";
+    repo = "vault";
+    rev = "v${version}";
+    sha256 = "sha256-sGCODCBgsxyr96zu9ntPmMM/gHVBBO+oo5+XsdbCK4E=";
+  };
+
+  vendorHash = "sha256-zpHjZjgCgf4b2FAJQ22eVgq0YGoVvxGYJ3h/3ZRiyrQ=";
+
+  proxyVendor = true;
+
+  subPackages = [ "." ];
+
+  nativeBuildInputs = [ installShellFiles makeWrapper ];
+
+  tags = [ "vault" ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/hashicorp/vault/sdk/version.GitCommit=${src.rev}"
+    "-X github.com/hashicorp/vault/sdk/version.Version=${version}"
+    "-X github.com/hashicorp/vault/sdk/version.VersionPrerelease="
+  ];
+
+  postInstall =
+    ''
+      echo "complete -C $out/bin/vault vault" > vault.bash
+      installShellCompletion vault.bash
+    ''
+    + lib.optionalString stdenv.isLinux ''
+      wrapProgram $out/bin/vault \
+        --prefix PATH ${lib.makeBinPath [gawk glibc]}
+    '';
+
+  passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev vault-agent; };
+
+  meta = with lib; {
+    homepage = "https://www.vaultproject.io/";
+    description = "A tool for managing secrets";
+    changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md";
+    license = licenses.mpl20;
+    mainProgram = "vault";
+    maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri Chili-Man techknowlogick ];
+  };
+}