feat: a nix package, config and devShell for supabase-auth

Author: samrose

.gitignore

@@ -17,3 +17,4 @@ www/.DS_Store
 www/node_modules
 npm-debug.log
 .data
+result

flake.lock

@@ -0,0 +1,170 @@
+{
+  description = "Supabase Auth Service with Nix modules and steps";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    let
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+
+      forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
+
+      mkAuthConfig = system:
+        let
+          pkgs = nixpkgs.legacyPackages.${system};
+          lib = pkgs.lib;
+
+          # Go package
+          auth-service = pkgs.buildGoModule {
+            pname = "supabase-auth";
+            version = "0.1.0";
+            src = ./.;
+            
+            vendorHash = "sha256-QBQUUFWT3H3L7ajFV8cgi0QREXnm0ReIisD+4ACfLZQ=";
+            
+            buildFlags = [ "-tags" "netgo" ];
+            doCheck = false;
+
+            # Specify the main package
+            subPackages = [ "." ];
+            
+            # Specify the output binary name
+            postInstall = ''
+              mv $out/bin/auth $out/bin/supabase-auth
+            '';
+          };
+
+          # Evaluate both the auth and steps modules
+          config = lib.evalModules {
+            modules = [
+              ./nix/auth-module.nix
+              ./nix/steps-module.nix
+              {
+                _module.args.pkgs = pkgs;
+                auth = {
+                  enable = true;
+                  package = auth-service;
+                  port = 9999;
+                  settings = {
+                    GOTRUE_DB_DRIVER = "postgres";
+                    GOTRUE_SITE_URL = "http://localhost:3000";
+                    SITE_URL = "http://localhost:3000";
+                    GOTRUE_API_EXTERNAL_URL = "http://localhost:9999";
+                    API_EXTERNAL_URL = "http://localhost:9999";
+                    GOTRUE_DB_HOST = "localhost";
+                    GOTRUE_DB_PORT = "5432";
+                    GOTRUE_DB_NAME = "postgres";
+                    GOTRUE_DB_USER = "postgres";
+                    GOTRUE_DB_PASSWORD = "postgres";
+                    DATABASE_URL = "postgres://postgres:postgres@localhost:5432/postgres";
+                    GOTRUE_JWT_SECRET = "your-super-secret-jwt-token-with-at-least-32-characters-long";
+                    GOTRUE_JWT_EXP = "3600";
+                    GOTRUE_JWT_DEFAULT_GROUP_NAME = "authenticated";
+                    GOTRUE_DISABLE_SIGNUP = "false";
+                    GOTRUE_MAILER_AUTOCONFIRM = "true";
+                    GOTRUE_SMTP_ADMIN_EMAIL = "[email protected]";
+                    GOTRUE_SMTP_HOST = "localhost";
+                    GOTRUE_SMTP_PORT = "2500";
+                    GOTRUE_SMTP_USER = "";
+                    GOTRUE_SMTP_PASS = "";
+                    GOTRUE_SMTP_SENDER_NAME = "Supabase";
+                  };
+                };
+                steps = {
+                  enable = true;
+                };
+              }
+            ];
+          };
+
+          authConfigOutput = pkgs.stdenv.mkDerivation {
+            name = "auth-config";
+            src = ./.;
+            buildInputs = [ pkgs.bash auth-service ];
+
+            buildPhase = ''
+              mkdir -p $out/etc $out/bin
+
+              # Write the auth configuration
+              cat > $out/etc/auth.env <<EOF
+              # Auth configuration generated by Nix
+              ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.config.auth.settings)}
+              EOF
+
+              # Write a script to manage the auth service
+              cat > $out/bin/manage-auth <<EOF
+              #!/bin/sh
+              
+              case "\$1" in
+                start)
+                  echo "Starting auth service..."
+                  ${auth-service}/bin/supabase-auth -c $out/etc/auth.env
+                  # Execute steps if enabled
+                  ${lib.optionalString config.config.steps.enable (lib.concatStringsSep "\n" config.config.steps.commands)}
+                  ;;
+                stop)
+                  echo "Stopping auth service..."
+                  pkill -f "supabase-auth"
+                  ;;
+                restart)
+                  echo "Restarting auth service..."
+                  pkill -f "supabase-auth"
+                  ${auth-service}/bin/supabase-auth -c $out/etc/auth.env
+                  ;;
+                status)
+                  if pgrep -f "supabase-auth" > /dev/null; then
+                    echo "Auth service is running"
+                  else
+                    echo "Auth service is not running"
+                  fi
+                  ;;
+                *)
+                  echo "Usage: \$0 {start|stop|restart|status}"
+                  exit 1
+                  ;;
+              esac
+              EOF
+              chmod +x $out/bin/manage-auth
+            '';
+
+            installPhase = "true";
+          };
+
+        in
+        {
+          packages.default = authConfigOutput;
+          devShells.default = pkgs.mkShell {
+            buildInputs = [ 
+              pkgs.bash 
+              auth-service
+              pkgs.go
+              pkgs.gopls
+              pkgs.gotools
+              pkgs.go-outline
+              pkgs.gocode
+              pkgs.gopkgs
+              pkgs.godef
+              pkgs.golint
+              pkgs.delve
+            ];
+            shellHook = ''
+              echo "Build with: nix build ."
+              echo "Result will be in ./result"
+              echo "Auth service version: ${auth-service.version}"
+            '';
+          };
+        };
+    in
+    {
+      packages = forAllSystems (system: (mkAuthConfig system).packages);
+      devShells = forAllSystems (system: (mkAuthConfig system).devShells);
+    };
+} 

flake.nix

@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.auth;
+in {
+  options.auth = {
+    enable = mkEnableOption "Supabase Auth Service";
+
+    package = mkOption {
+      type = types.package;
+      description = "The Supabase Auth package to use.";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 9999;
+      description = "Port to run the auth service on.";
+    };
+
+    settings = mkOption {
+      type = types.attrs;
+      default = {
+        SITE_URL = "http://localhost:3000";
+        API_EXTERNAL_URL = "http://localhost:9999";
+        DB_HOST = "localhost";
+        DB_PORT = "5432";
+        DB_NAME = "postgres";
+        DB_USER = "postgres";
+        DB_PASSWORD = "postgres";
+        JWT_SECRET = "your-super-secret-jwt-token-with-at-least-32-characters-long";
+        JWT_EXP = "3600";
+        JWT_DEFAULT_GROUP_NAME = "authenticated";
+        DISABLE_SIGNUP = "false";
+        MAILER_AUTOCONFIRM = "true";
+        SMTP_ADMIN_EMAIL = "[email protected]";
+        SMTP_HOST = "localhost";
+        SMTP_PORT = "2500";
+        SMTP_USER = "";
+        SMTP_PASS = "";
+        SMTP_SENDER_NAME = "Supabase";
+      };
+      description = "Configuration settings for the auth service.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # No NixOS-specific options here
+  };
+} 

nix/auth-module.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.steps;
+in {
+  options.steps = {
+    enable = mkEnableOption "Auth service initialization steps";
+
+    commands = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Commands to run during service initialization.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    steps.commands = [
+      # Wait for database to be ready
+      #"until pg_isready -h ${config.auth.settings.DB_HOST} -p ${config.auth.settings.DB_PORT} -U ${config.auth.settings.DB_USER}; do sleep 1; done"
+      # Run migrations if they exist
+      #"if [ -d migrations ]; then go run main.go migrate up; fi"
+    ];
+  };
+}