Merge pull request #22348 from nand0p/hologram-module

hologram: 8d86e3f -> d20d1c3
2024-12-29 14:57:28 +03:00 · 2017-02-02 17:42:07 +01:00 · 2017-02-02 17:42:07 +01:00 · ff8a21e03c
commit ff8a21e03c
parent 7bc17013f8 1d85e0bbab
5 changed files with 81 additions and 6 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -498,7 +498,8 @@
  ./services/security/frandom.nix
  ./services/security/haka.nix
  ./services/security/haveged.nix
-  ./services/security/hologram.nix
+  ./services/security/hologram-server.nix
+  ./services/security/hologram-agent.nix
  ./services/security/munge.nix
  ./services/security/oauth2_proxy.nix
  ./services/security/physlock.nix
--- a/nixos/modules/services/security/hologram-agent.nix
+++ b/nixos/modules/services/security/hologram-agent.nix
@ -0,0 +1,57 @@
+{pkgs, config, lib, ...}:
+
+with lib;
+
+let
+  cfg = config.services.hologram-agent;
+
+  cfgFile = pkgs.writeText "hologram-agent.json" (builtins.toJSON {
+    host = cfg.dialAddress;
+  });
+in {
+  options = {
+    services.hologram-agent = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the Hologram agent for AWS instance credentials";
+      };
+
+      dialAddress = mkOption {
+        type        = types.str;
+        default     = "localhost:3100";
+        description = "Hologram server and port.";
+      };
+
+      httpPort = mkOption {
+        type        = types.str;
+        default     = "80";
+        description = "Port for metadata service to listen on.";
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.interfaces.dummy0 = {
+      ipAddress = "169.254.169.254";
+      prefixLength = 32;
+    };
+
+    systemd.services.hologram-agent = {
+      description = "Provide EC2 instance credentials to machines outside of EC2";
+      after       = [ "network.target" ];
+      wantedBy    = [ "multi-user.target" ];
+      requires    = [ "network-link-dummy0.service" "network-addresses-dummy0.service" ]; 
+      preStart = ''
+        /run/current-system/sw/bin/rm -fv /var/run/hologram.sock
+      '';
+      serviceConfig = {
+        ExecStart = "${pkgs.hologram.bin}/bin/hologram-agent -debug -conf ${cfgFile} -port ${cfg.httpPort}";
+      };
+    };
+
+  };
+
+  meta.maintainers = with lib.maintainers; [ nand0p ];
+}
--- a/nixos/modules/services/security/hologram-server.nix
+++ b/nixos/modules/services/security/hologram-server.nix
--- a/pkgs/tools/security/hologram/default.nix
+++ b/pkgs/tools/security/hologram/default.nix
@ -2,16 +2,24 @@

 buildGoPackage rec {
  name = "hologram-${version}";
-  version = "20160209-${stdenv.lib.strings.substring 0 7 rev}";
-  rev = "8d86e3fdcbfd967ba58d8de02f5e8173c101212e";
-
-  goPackagePath = "github.com/AdRoll/hologram";
+  version = "20170130-${stdenv.lib.strings.substring 0 7 rev}";
+  rev = "d20d1c30379e7010e8f9c428a5b9e82f54d390e1";

  src = fetchgit {
    inherit rev;
    url = "https://github.com/AdRoll/hologram";
-    sha256 = "0i0p170brdsczfz079mqbc5y7x7mdph04p3wgqsd7xcrddvlkkaf";
+    sha256 = "0dg5kfs16kf2gzhpmzsg83qzi2pxgnc9g81lw5zpa6fmzpa9kgsn";
  };

+  goPackagePath = "github.com/AdRoll/hologram";
+
  goDeps = ./deps.nix;
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/AdRoll/hologram/;
+    description = "Easy, painless AWS credentials on developer laptops.";
+    maintainers = with maintainers; [ nand0p ];
+    platforms = platforms.all;
+    license = licenses.asl20;
+  };
 }
--- a/pkgs/tools/security/hologram/deps.nix
+++ b/pkgs/tools/security/hologram/deps.nix
@ -98,4 +98,13 @@
      sha256 = "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz";
    };
  }
+  {
+    goPackagePath = "github.com/aws/aws-sdk-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/aws/aws-sdk-go";
+      rev = "3f8f870ec9939e32b3372abf74d24e468bcd285d";
+      sha256 = "0a4hycs3d87s50z4prf5h6918r0fa2rvrrwlbffs430ilc4y8ghv";
+    };
+  }
 ]