{ description = "vault auth plugin for remote attestation of TEEs"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nix-filter.url = "github:numtide/nix-filter"; nixsgx-flake = { url = "github:matter-labs/nixsgx"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, nixsgx-flake, nix-filter, ... }: let system = "x86_64-linux"; filter = nix-filter.lib; pkgs = import nixpkgs { inherit system; overlays = [ nixsgx-flake.overlays.default ]; }; bin = pkgs.buildGoModule { buildInputs = with pkgs; [ nixsgx.sgx-sdk nixsgx.sgx-dcap nixsgx.sgx-dcap.quote_verify ]; name = "vault-auth-tee"; src = filter { root = ./.; include = [ ./go.mod ./go.sum "cmd" "test-fixtures" (filter.matchExt "go") ]; }; vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY="; }; dockerImage = pkgs.dockerTools.buildLayeredImage { name = "vault-auth-tee"; tag = "test"; config.Entrypoint = [ "/bin/sh" ]; contents = pkgs.buildEnv { name = "image-root"; paths = with pkgs.dockerTools; [ bin pkgs.vault usrBinEnv binSh caCertificates fakeNss ]; pathsToLink = [ "/bin" "/etc" ]; }; }; in with pkgs; { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; packages.x86_64-linux = { inherit bin dockerImage; default = bin; }; devShells.x86_64-linux.default = mkShell { inputsFrom = [ bin ]; nativeBuildInputs = with pkgs; [ dive go_1_21 ]; }; }; }