nixpkgs-suyu/pkgs/servers/teleport/generic.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

168 lines
4.1 KiB
Nix
Raw Normal View History

2021-11-08 22:43:52 +01:00
{ lib
, buildGoModule
2021-11-08 22:43:52 +01:00
, rustPlatform
, fetchFromGitHub
2023-02-03 23:42:58 +01:00
, fetchYarnDeps
2021-11-08 22:43:52 +01:00
, makeWrapper
2022-04-25 18:30:13 +02:00
, CoreFoundation
2022-10-11 10:55:39 +02:00
, AppKit
, libfido2
2023-02-03 23:42:58 +01:00
, nodejs
2022-04-25 18:30:13 +02:00
, openssl
, pkg-config
, Security
2021-11-08 22:43:52 +01:00
, stdenv
, xdg-utils
2023-02-03 23:42:58 +01:00
, yarn
, yarn2nix-moretea
2022-01-08 09:29:19 +01:00
, nixosTests
2018-01-14 09:04:08 +01:00
2022-04-25 18:30:13 +02:00
, withRdpClient ? true
2023-02-23 19:14:50 +01:00
, version
, hash
, vendorHash
2023-04-02 18:05:44 +02:00
, cargoHash ? null
, cargoLock ? null
2023-02-23 19:14:50 +01:00
, yarnHash
2021-11-08 22:43:52 +01:00
}:
let
# This repo has a private submodule "e" which fetchgit cannot handle without failing.
src = fetchFromGitHub {
owner = "gravitational";
repo = "teleport";
rev = "v${version}";
2023-02-23 19:14:50 +01:00
inherit hash;
2021-11-08 22:43:52 +01:00
};
2023-02-23 19:14:50 +01:00
inherit version;
2021-11-08 22:43:52 +01:00
2022-04-25 18:30:13 +02:00
rdpClient = rustPlatform.buildRustPackage rec {
pname = "teleport-rdpclient";
2023-04-02 18:05:44 +02:00
inherit cargoHash cargoLock;
2022-04-25 18:30:13 +02:00
inherit version src;
buildAndTestSubdir = "lib/srv/desktop/rdp/rdpclient";
buildInputs = [ openssl ]
++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
nativeBuildInputs = [ pkg-config ];
# https://github.com/NixOS/nixpkgs/issues/161570 ,
# buildRustPackage sets strictDeps = true;
nativeCheckInputs = buildInputs;
2022-04-25 18:30:13 +02:00
OPENSSL_NO_VENDOR = "1";
postInstall = ''
mkdir -p $out/include
cp ${buildAndTestSubdir}/librdprs.h $out/include/
2021-11-08 22:43:52 +01:00
'';
};
2023-02-03 23:42:58 +01:00
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
2023-02-23 19:14:50 +01:00
hash = yarnHash;
2023-02-03 23:42:58 +01:00
};
webassets = stdenv.mkDerivation {
pname = "teleport-webassets";
inherit src version;
nativeBuildInputs = [
nodejs
yarn
yarn2nix-moretea.fixup_yarn_lock
];
configurePhase = ''
export HOME=$(mktemp -d)
'';
buildPhase = ''
yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
fixup_yarn_lock yarn.lock
yarn install --offline \
--frozen-lockfile \
--ignore-engines --ignore-scripts
patchShebangs .
yarn build-ui-oss
'';
installPhase = ''
mkdir -p $out
cp -R webassets/. $out
'';
2021-11-08 22:43:52 +01:00
};
in
buildGoModule rec {
2021-11-08 22:43:52 +01:00
pname = "teleport";
inherit src version;
2023-02-23 19:14:50 +01:00
inherit vendorHash;
2023-02-03 23:42:58 +01:00
proxyVendor = true;
2020-03-18 11:43:09 +01:00
2022-04-25 18:06:27 +02:00
subPackages = [ "tool/tbot" "tool/tctl" "tool/teleport" "tool/tsh" ];
tags = [ "libfido2" "webassets_embed" ]
++ lib.optional withRdpClient "desktop_access_rdp";
2020-03-18 11:43:09 +01:00
buildInputs = [ openssl libfido2 ]
2022-10-11 10:55:39 +02:00
++ lib.optionals (stdenv.isDarwin && withRdpClient) [ CoreFoundation Security AppKit ];
nativeBuildInputs = [ makeWrapper pkg-config ];
2020-03-18 11:43:09 +01:00
patches = [
# https://github.com/NixOS/nixpkgs/issues/120738
./tsh.patch
# https://github.com/NixOS/nixpkgs/issues/132652
./test.patch
./0001-fix-add-nix-path-to-exec-env.patch
2022-04-25 18:30:13 +02:00
./rdpclient.patch
];
2021-08-11 14:58:40 +02:00
# Reduce closure size for client machines
outputs = [ "out" "client" ];
preBuild = ''
2023-02-03 23:42:58 +01:00
cp -r ${webassets} webassets
'' + lib.optionalString withRdpClient ''
ln -s ${rdpClient}/lib/* lib/
ln -s ${rdpClient}/include/* lib/srv/desktop/rdp/rdpclient/
'';
2018-01-14 09:04:08 +01:00
2022-04-25 18:06:27 +02:00
# Multiple tests fail in the build sandbox
# due to trying to spawn nixbld's shell (/noshell), etc.
doCheck = false;
2021-04-22 17:32:55 +02:00
postInstall = ''
mkdir -p $client/bin
mv {$out,$client}/bin/tsh
# make xdg-open overrideable at runtime
wrapProgram $client/bin/tsh --suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
ln -s {$client,$out}/bin/tsh
'';
2018-01-14 09:04:08 +01:00
2021-02-01 15:45:17 +01:00
doInstallCheck = true;
installCheckPhase = ''
$out/bin/tsh version | grep ${version} > /dev/null
$client/bin/tsh version | grep ${version} > /dev/null
2022-04-25 18:06:27 +02:00
$out/bin/tbot version | grep ${version} > /dev/null
2021-02-01 15:45:17 +01:00
$out/bin/tctl version | grep ${version} > /dev/null
$out/bin/teleport version | grep ${version} > /dev/null
'';
2022-01-08 09:29:19 +01:00
passthru.tests = nixosTests.teleport;
meta = with lib; {
2021-11-08 22:43:52 +01:00
description = "Certificate authority and access plane for SSH, Kubernetes, web applications, and databases";
2021-04-22 17:32:55 +02:00
homepage = "https://goteleport.com/";
license = licenses.asl20;
2023-03-07 15:41:39 +01:00
maintainers = with maintainers; [ arianvp justinas sigma tomberek freezeboy ];
platforms = platforms.unix;
# go-libfido2 is broken on platforms with less than 64-bit because it defines an array
# which occupies more than 31 bits of address space.
broken = stdenv.hostPlatform.parsed.cpu.bits < 64;
2018-01-14 09:04:08 +01:00
};
}