harald/vault-auth-tee
1
0
Fork 0
mirror of https://github.com/matter-labs/vault-auth-tee.git synced 2025-07-21 15:53:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
vault-auth-tee/flake.nix
Harald Hoyer c2411a45a7
feat: initial commit 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2023-10-26 14:15:52 +02:00

52 lines
1.6 KiB
Nix
Raw Blame History

{
description = "vault auth plugin for remote attestation of TEEs";
inputs = {
# for libsgx-dcap-quote-verify
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
mynixpkgs.url =
"github:haraldh/nixpkgs/intel-dcap-openssl";
gitignore = {
url = "github:hercules-ci/gitignore.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, gitignore, mynixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
mypkgs = import mynixpkgs { inherit system; };
bin = pkgs.buildGoModule {
buildInputs = with mypkgs; [ sgx-sdk libsgx-dcap-quote-verify ];
CGO_CFLAGS =
"-I${mypkgs.libsgx-dcap-quote-verify.dev}/include -I${mypkgs.sgx-sdk}/include";
LDFLAGS = "-L${mypkgs.libsgx-dcap-quote-verify.dev}/lib";
name = "vault-auth-tee";
src = gitignore.lib.gitignoreSource ./.;
vendorSha256 = "sha256-9l1EVnWIJ+FdIcEic14M/B2BLD/Ffj+dCkompa06KJQ=";
};
dockerImage = pkgs.dockerTools.buildImage {
name = "vault-auth-tee";
tag = "latest";
copyToRoot = [
bin
# pkgs.vault
];
#config = { Cmd = [ "${bin}/bin/vault" ]; };
};
in
with pkgs; {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
packages.x86_64-linux = {
inherit bin dockerImage;
default = bin;
};
devShells.x86_64-linux.default = mkShell {
inputsFrom = [ bin ];
buildInputs = with pkgs; [ dive go_1_19 gotools mypkgs.sgx-sdk mypkgs.libsgx-dcap-quote-verify ];
};
};
}
Reference in a new issue View git blame Copy permalink