tools/ca/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

{ system, self, mach-nix, leapseconds, ... }:
let
  pkgs = self.legacyPackages.${system};
in mach-nix.lib.${system}.buildPythonPackage {
  pname = "ca";
  src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^ca(/[^/]+.*)?$"];
  version = "0.0.0";
  ignoreDataOutdated = true;

  requirements = ''
    cryptography >=38.0.0
    fqdn
    atomicwrites
    leapseconddata
    xkcdpass
  '';

  _.cryptography.buildInputs = with pkgs; [ openssl ];

  postInstall = ''
    wrapProgram $out/bin/ca \
      --set-default LEAPSECONDS_FILE ${leapseconds} \
      --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
  '';
}