tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 buildGoModule,
4 fetchFromGitHub,
5 installShellFiles,
6 versionCheckHook,
7 nix-update-script,
8 makeWrapper,
9 runCommand,
10 age,
11}:
12
13buildGoModule (final: {
14 pname = "sops";
15 version = "3.11.0";
16
17 src = fetchFromGitHub {
18 owner = "getsops";
19 repo = final.pname;
20 tag = "v${final.version}";
21 hash = "sha256-AAnrZvNkBgliHdk1lAoFrJdISNWteFdBUorRycKsptU=";
22 };
23
24 vendorHash = "sha256-9bB3MbE03KEaxUp0VvCnNVKUY4zSUoam8h2cDlAz7RY=";
25
26 subPackages = [ "cmd/sops" ];
27
28 ldflags = [
29 "-s"
30 "-w"
31 "-X github.com/getsops/sops/v3/version.Version=${final.version}"
32 ];
33
34 nativeBuildInputs = [
35 installShellFiles
36 makeWrapper
37 ];
38
39 postInstall = ''
40 installShellCompletion --cmd sops --bash ${./bash_autocomplete}
41 installShellCompletion --cmd sops --zsh ${./zsh_autocomplete}
42 '';
43
44 nativeInstallCheckInputs = [ versionCheckHook ];
45 doInstallCheck = true;
46
47 passthru.updateScript = nix-update-script { };
48
49 # wrap sops with age plugins
50 passthru.withAgePlugins =
51 filter:
52 runCommand "sops-${final.version}-with-age-plugins"
53 {
54 nativeBuildInputs = [ makeWrapper ];
55 }
56 ''
57 makeWrapper ${lib.getBin final.finalPackage}/bin/sops $out/bin/sops \
58 --prefix PATH : "${lib.makeBinPath (filter age.passthru.plugins)}"
59 '';
60
61 meta = {
62 homepage = "https://getsops.io/";
63 description = "Simple and flexible tool for managing secrets";
64 changelog = "https://github.com/getsops/sops/blob/v${final.version}/CHANGELOG.rst";
65 mainProgram = "sops";
66 maintainers = with lib.maintainers; [
67 Scrumplex
68 mic92
69 ];
70 license = lib.licenses.mpl20;
71 };
72})