fix: clean up nix flake and lock, drop overlay

Author: samrose

flake.lock

@@ -13,9 +13,7 @@
  treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
  git-hooks.url = "github:cachix/git-hooks.nix";
  git-hooks.inputs.nixpkgs.follows = "nixpkgs";
- nixpkgs-go124.url = "github:Nixos/nixpkgs/3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5";
- gatekeeper.url = "git+ssh://git@github.com/supabase/jit-db-gatekeeper?ref=sam/add-flake-parts&rev=34ba4a222c15b2480b837bbb3076508f36c9296f";
- gatekeeper.inputs.nixpkgs.follows = "nixpkgs";
+ nixpkgs-go124.url = "github:Nixos/nixpkgs/d2ac4dfa61fba987a84a0a81555da57ae0b9a2b0";
  };
 
  outputs =

flake.nix

@@ -51,16 +51,5 @@
  buildPgrxExtension_0_14_3 = prev.buildPgrxExtension.override {
  cargo-pgrx = final.cargo-pgrx.cargo-pgrx_0_14_3;
  };
-
- # place the gatekeeper module in the expected libpam location
- gatekeeper = self.packages.${final.system}.gatekeeper;
- linux-pam = prev.linux-pam.overrideAttrs (old: {
- postInstall =
- (old.postInstall or "")
- + ''
- mkdir -p $out/lib/security
- cp ${final.gatekeeper}/lib/security/*.so $out/lib/security/
- '';
- });
  };
 }

nix/overlays/default.nix

@@ -2,7 +2,7 @@
 {
  imports = [
  ./postgres.nix
- ./gatekeeper.nix
+ # ./gatekeeper.nix
  ];
  perSystem =
  {
@@ -37,6 +37,7 @@
  cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
  dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
  docs = pkgs.callPackage ./docs.nix { };
+ gatekeeper = pkgs.callPackage ./gatekeeper.nix { inherit inputs pkgs; };
  supabase-groonga = pkgs.callPackage ./groonga { };
  local-infra-bootstrap = pkgs.callPackage ./local-infra-bootstrap.nix { };
  migrate-tool = pkgs.callPackage ./migrate-tool.nix { psql_15 = self'.packages."psql_15/bin"; };

nix/packages/default.nix

@@ -1,12 +1,50 @@
-{ inputs, ... }:
 {
- perSystem =
- { system, ... }:
- let
-
- go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
- in
- {
- packages.gatekeeper = inputs.gatekeeper.lib.${system}.makeGatekeeper { go = go124; };
- };
+ inputs,
+ system,
+ pkgs,
+ ...
+}:
+let
+ go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
+ # Use completely clean nixpkgs without any overlays for gatekeeper
+ #cleanPkgs = inputs.nixpkgs.legacyPackages.${system};
+ buildGoModule = pkgs.buildGoModule.override { go = go124; };
+in
+
+buildGoModule {
+ pname = "gatekeeper";
+ version = "0.1.0";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "supabase";
+ repo = "jit-db-gatekeeper";
+ rev = "refs/heads/main";
+ hash = "sha256-hrYh1dBxk+aN3b/J9mZqk/ZXHmWA/MIqZLVgICT7e90=";
+ };
+
+ vendorHash = "sha256-G9x2TARSJMn30R6ZOlsggxEtn5t2ezWz1YtkLXdYiAE=";
+
+ buildInputs = [
+ pkgs.pam
+ ] ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ pkgs.darwin.apple_sdk.frameworks.Security ];
+
+ buildPhase = ''
+ runHook preBuild
+ go build -buildmode=c-shared -o pam_jwt_pg.so
+ runHook postBuild
+ '';
+
+ installPhase = ''
+ runHook preInstall
+ mkdir -p $out/lib/security
+ cp pam_jwt_pg.so $out/lib/security/
+ runHook postInstall
+ '';
+
+ meta = with pkgs.lib; {
+ description = "PAM module for JWT authentication with PostgreSQL backend";
+ homepage = "https://github.com/supabase/jit-db-gatekeeper";
+ license = licenses.mit;
+ platforms = platforms.unix;
+ };
 }