tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1{
2 stdenv,
3 buildGoModule,
4 fetchFromGitHub,
5 lib,
6 nixosTests,
7 ghostunnel,
8 apple-sdk_12,
9 darwinMinVersionHook,
10}:
11
12buildGoModule rec {
13 pname = "ghostunnel";
14 version = "1.8.4";
15
16 src = fetchFromGitHub {
17 owner = "ghostunnel";
18 repo = "ghostunnel";
19 rev = "v${version}";
20 hash = "sha256-NnRm1HEdfK6WI5ntilLSwdR2B5czG5CIcMFzl2TzEds=";
21 };
22
23 vendorHash = "sha256-vP8OtjpYNMm1KkNfD3pmNrHh3HRy1GkzUbfLKWKhHbo=";
24
25 deleteVendor = true;
26
27 buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
28 apple-sdk_12
29 (darwinMinVersionHook "12.0")
30 ];
31
32 # These tests don't exist for Linux, and on Darwin they attempt to use the macOS Keychain
33 # which doesn't work from a nix build. Presumably other platform implementations of the
34 # certstore would have similar issues, so it probably makes sense to skip them in
35 # general wherever they are available.
36 checkFlags = [ "-skip=^Test(ImportDelete|Signer|Certificate)(RSA|ECDSA|EC)$" ];
37
38 passthru.tests = {
39 nixos = nixosTests.ghostunnel;
40 podman = nixosTests.podman-tls-ghostunnel;
41 };
42
43 passthru.services.default = {
44 imports = [ ./service.nix ];
45 ghostunnel.package = ghostunnel; # FIXME: finalAttrs.finalPackage
46 };
47
48 meta = {
49 description = "TLS proxy with mutual authentication support for securing non-TLS backend applications";
50 homepage = "https://github.com/ghostunnel/ghostunnel#readme";
51 changelog = "https://github.com/ghostunnel/ghostunnel/releases/tag/v${version}";
52 license = lib.licenses.asl20;
53 maintainers = with lib.maintainers; [
54 roberth
55 mjm
56 ];
57 mainProgram = "ghostunnel";
58 };
59}