tjh.dev
1{ lib
2, stdenv
3, buildGoModule
4, fetchFromGitHub
5, fuse
6, makeWrapper
7, openssl
8, pandoc
9, pkg-config
10, libfido2
11}:
12
13buildGoModule rec {
14 pname = "gocryptfs";
15 version = "2.3.2";
16
17 src = fetchFromGitHub {
18 owner = "rfjakob";
19 repo = pname;
20 rev = "v${version}";
21 sha256 = "sha256-1+g8n6n2i7UKr4C5ZLNF5ceqdu3EYx4R6rQALVoGwTs=";
22 };
23
24 vendorHash = "sha256-7eAyuyqAvFQjkvsrkJEvop0veX7sGGX6xXAdUNuOXWU=";
25
26 nativeBuildInputs = [
27 makeWrapper
28 pkg-config
29 pandoc
30 ];
31
32 buildInputs = [ openssl ];
33
34 propagatedBuildInputs = [ libfido2 ];
35
36 ldflags = [
37 "-X main.GitVersion=${version}"
38 "-X main.GitVersionFuse=[vendored]"
39 "-X main.BuildDate=unknown"
40 ];
41
42 subPackages = [ "." "gocryptfs-xray" "contrib/statfs" ];
43
44 postBuild = ''
45 pushd Documentation/
46 mkdir -p $out/share/man/man1
47 # taken from Documentation/MANPAGE-render.bash
48 pandoc MANPAGE.md -s -t man -o $out/share/man/man1/gocryptfs.1
49 pandoc MANPAGE-XRAY.md -s -t man -o $out/share/man/man1/gocryptfs-xray.1
50 pandoc MANPAGE-STATFS.md -s -t man -o $out/share/man/man1/statfs.1
51 popd
52 '';
53
54 # use --suffix here to ensure we don't shadow /run/wrappers/bin/fusermount,
55 # as the setuid wrapper is required to use gocryptfs as non-root on NixOS
56 postInstall = ''
57 wrapProgram $out/bin/gocryptfs \
58 --suffix PATH : ${lib.makeBinPath [ fuse ]}
59 ln -s $out/bin/gocryptfs $out/bin/mount.fuse.gocryptfs
60 '';
61
62 meta = with lib; {
63 description = "Encrypted overlay filesystem written in Go";
64 license = licenses.mit;
65 homepage = "https://nuetzlich.net/gocryptfs/";
66 maintainers = with maintainers; [ flokli offline prusnak ];
67 platforms = platforms.unix;
68 };
69}