fix: clean up nix flake and lock, drop overlay

Author: samrose

flake.lock

@@ -13,9 +13,7 @@
     treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
     git-hooks.url = "github:cachix/git-hooks.nix";
     git-hooks.inputs.nixpkgs.follows = "nixpkgs";
-    nixpkgs-go124.url = "github:Nixos/nixpkgs/3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5";
-    gatekeeper.url = "git+ssh://[email protected]/supabase/jit-db-gatekeeper?ref=sam/add-flake-parts&rev=34ba4a222c15b2480b837bbb3076508f36c9296f";
-    gatekeeper.inputs.nixpkgs.follows = "nixpkgs";
+    nixpkgs-go124.url = "github:Nixos/nixpkgs/d2ac4dfa61fba987a84a0a81555da57ae0b9a2b0";
   };
 
   outputs =

flake.nix

@@ -51,16 +51,5 @@
     buildPgrxExtension_0_14_3 = prev.buildPgrxExtension.override {
       cargo-pgrx = final.cargo-pgrx.cargo-pgrx_0_14_3;
     };
-
-    # place the gatekeeper module in the expected libpam location
-    gatekeeper = self.packages.${final.system}.gatekeeper;
-    linux-pam = prev.linux-pam.overrideAttrs (old: {
-      postInstall =
-        (old.postInstall or "")
-        + ''
-          mkdir -p $out/lib/security
-          cp ${final.gatekeeper}/lib/security/*.so $out/lib/security/
-        '';
-    });
   };
 }

nix/overlays/default.nix

@@ -2,7 +2,7 @@
 {
   imports = [
     ./postgres.nix
-    ./gatekeeper.nix
+    # ./gatekeeper.nix
   ];
   perSystem =
     {
@@ -37,6 +37,7 @@
           cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
           dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
           docs = pkgs.callPackage ./docs.nix { };
+          gatekeeper = pkgs.callPackage ./gatekeeper.nix { inherit inputs pkgs; };
           supabase-groonga = pkgs.callPackage ./groonga { };
           local-infra-bootstrap = pkgs.callPackage ./local-infra-bootstrap.nix { };
           migrate-tool = pkgs.callPackage ./migrate-tool.nix { psql_15 = self'.packages."psql_15/bin"; };

nix/packages/default.nix

@@ -1,12 +1,50 @@
-{ inputs, ... }:
 {
-  perSystem =
-    { system, ... }:
-    let
-
-      go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
-    in
-    {
-      packages.gatekeeper = inputs.gatekeeper.lib.${system}.makeGatekeeper { go = go124; };
-    };
+  inputs,
+  system,
+  pkgs,
+  ...
+}:
+let
+  go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
+  # Use completely clean nixpkgs without any overlays for gatekeeper
+  #cleanPkgs = inputs.nixpkgs.legacyPackages.${system};
+  buildGoModule = pkgs.buildGoModule.override { go = go124; };
+in
+
+buildGoModule {
+  pname = "gatekeeper";
+  version = "0.1.0";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "supabase";
+    repo = "jit-db-gatekeeper";
+    rev = "refs/heads/main";
+    hash = "sha256-hrYh1dBxk+aN3b/J9mZqk/ZXHmWA/MIqZLVgICT7e90=";
+  };
+
+  vendorHash = "sha256-G9x2TARSJMn30R6ZOlsggxEtn5t2ezWz1YtkLXdYiAE=";
+
+  buildInputs = [
+    pkgs.pam
+  ] ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ pkgs.darwin.apple_sdk.frameworks.Security ];
+
+  buildPhase = ''
+    runHook preBuild
+    go build -buildmode=c-shared -o pam_jwt_pg.so
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/lib/security
+    cp pam_jwt_pg.so $out/lib/security/
+    runHook postInstall
+  '';
+
+  meta = with pkgs.lib; {
+    description = "PAM module for JWT authentication with PostgreSQL backend";
+    homepage = "https://github.com/supabase/jit-db-gatekeeper";
+    license = licenses.mit;
+    platforms = platforms.unix;
+  };
 }