feat: package gatekeeper in this package set

samrose · samrose · commit 1dfd426037ea · 2025-08-28T10:40:03.000-04:00
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -14,8 +14,10 @@
     git-hooks.url = "github:cachix/git-hooks.nix";
     git-hooks.inputs.nixpkgs.follows = "nixpkgs";
     nixpkgs-go124.url = "github:Nixos/nixpkgs/3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5";
-    gatekeeper.url = "git+ssh://git@github.com/supabase/jit-db-gatekeeper?ref=sam/add-flake-parts&rev=34ba4a222c15b2480b837bbb3076508f36c9296f";
-    gatekeeper.inputs.nixpkgs.follows = "nixpkgs";
+    gatekeeper-src = {
+      url = "git+ssh://git@github.com/supabase/jit-db-gatekeeper?ref=sam/add-flake-parts&rev=34ba4a222c15b2480b837bbb3076508f36c9296f";
+      flake = false;
+    };
   };
 
   outputs =
diff --git a/nix/overlays/default.nix b/nix/overlays/default.nix
@@ -59,7 +59,7 @@
         (old.postInstall or "")
         + ''
           mkdir -p $out/lib/security
-          cp ${final.gatekeeper}/lib/security/*.so $out/lib/security/
+          cp ${self.packages.${final.system}.gatekeeper}/lib/security/*.so $out/lib/security/
         '';
     });
   };
diff --git a/nix/packages/gatekeeper.nix b/nix/packages/gatekeeper.nix
@@ -1,12 +1,47 @@
 { inputs, ... }:
 {
   perSystem =
-    { system, ... }:
+    { system, pkgs, ... }:
     let
-
       go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
+      # Use completely clean nixpkgs without any overlays for gatekeeper
+      cleanPkgs = inputs.nixpkgs.legacyPackages.${system};
+      buildGoModule = cleanPkgs.buildGoModule.override { go = go124; };
     in
     {
-      packages.gatekeeper = inputs.gatekeeper.lib.${system}.makeGatekeeper { go = go124; };
+      packages.gatekeeper = buildGoModule {
+        pname = "gatekeeper";
+        version = "0.1.0";
+
+        src = inputs.gatekeeper-src;
+
+        vendorHash = "sha256-pdF+bhvZQwd2iSEHVtDAGihkYZGSaQaFdsF8MSrWuKQ=";
+
+        buildInputs =
+          [ cleanPkgs.pam ]
+          ++ cleanPkgs.lib.optionals cleanPkgs.stdenv.isDarwin [
+            cleanPkgs.darwin.apple_sdk.frameworks.Security
+          ];
+
+        buildPhase = ''
+          runHook preBuild
+          go build -buildmode=c-shared -o pam_jwt_pg.so
+          runHook postBuild
+        '';
+
+        installPhase = ''
+          runHook preInstall
+          mkdir -p $out/lib/security
+          cp pam_jwt_pg.so $out/lib/security/
+          runHook postInstall
+        '';
+
+        meta = with pkgs.lib; {
+          description = "PAM module for JWT authentication with PostgreSQL backend";
+          homepage = "https://github.com/supabase/jit-db-gatekeeper";
+          license = licenses.mit;
+          platforms = platforms.unix;
+        };
+      };
     };
 }
