push sheeet

pkgs/by-name/va/vault-bin/package.nix

@@ -0,0 +1,80 @@
+{
+  lib,
+  stdenv,
+  fetchzip,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "vault-bin";
+  version = "1.20.4";
+
+  src =
+    let
+      inherit (stdenv.hostPlatform) system;
+      selectSystem = attrs: attrs.${system} or (throw "Unsupported system: ${system}");
+      suffix = selectSystem {
+        x86_64-linux = "linux_amd64";
+        aarch64-linux = "linux_arm64";
+        i686-linux = "linux_386";
+        x86_64-darwin = "darwin_amd64";
+        aarch64-darwin = "darwin_arm64";
+      };
+      hash = selectSystem {
+        x86_64-linux = "sha256-n687yeuM1+1m2TfgT3AaMBOfE8cqbbG0Gq9Imb9olno=";
+        aarch64-linux = "sha256-+MRuCMkskd29xaoAjj42Re1eRra3SKMiciUOG9HwsN4=";
+        i686-linux = "sha256-L1zYFc2nam/pFq/groxeWvyK+ujHOHqvUkR96hPC7jU=";
+        x86_64-darwin = "sha256-t0j3Wr6IrFfN6FcZ3ZF+9qYjR/K6R8o06ebLJohr54w=";
+        aarch64-darwin = "sha256-F/M9ULCkfArlBcLqfR8i1gVcspfe8XEag6etdFXQmqA=";
+      };
+    in
+    fetchzip {
+      url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip";
+      stripRoot = false;
+      inherit hash;
+    };
+
+  dontConfigure = true;
+  dontBuild = true;
+  dontStrip = stdenv.hostPlatform.isDarwin;
+
+  installPhase = ''
+    runHook preInstall
+    install -D vault $out/bin/vault
+    runHook postInstall
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/vault --help
+    $out/bin/vault version
+    runHook postInstallCheck
+  '';
+
+  dontPatchELF = true;
+  dontPatchShebangs = true;
+
+  passthru.updateScript = ./update-bin.sh;
+
+  meta = with lib; {
+    description = "Tool for managing secrets, this binary includes the UI";
+    homepage = "https://www.vaultproject.io";
+    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    license = licenses.bsl11;
+    maintainers = with maintainers; [
+      offline
+      psyanticy
+      Chili-Man
+      techknowlogick
+    ];
+    teams = [ teams.serokell ];
+    mainProgram = "vault";
+    platforms = [
+      "x86_64-linux"
+      "i686-linux"
+      "x86_64-darwin"
+      "aarch64-darwin"
+      "aarch64-linux"
+    ];
+  };
+}

pkgs/by-name/va/vault-bin/update-bin.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl gnused gawk nix-prefetch
+
+set -euo pipefail
+
+ROOT="$(dirname "$(readlink -f "$0")")"
+NIX_DRV="$ROOT/package.nix"
+if [ ! -f "$NIX_DRV" ]; then
+  echo "ERROR: cannot find vault-bin in $ROOT"
+  exit 1
+fi
+
+function calc_hash () {
+    local version=$1
+    local arch=$2
+    url="https://releases.hashicorp.com/vault/${version}/vault_${version}_${arch}.zip"
+    zip_hash=$(nix-prefetch-url --unpack $url)
+    nix --extra-experimental-features nix-command hash to-sri --type sha256 "$zip_hash"
+}
+
+replace_sha() {
+  sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV"
+}
+
+# https://releases.hashicorp.com/vault/1.9.4/vault_1.9.4_linux_arm64.zip
+VAULT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/vault/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
+
+VAULT_LINUX_X86_SHA256=$(calc_hash "$VAULT_VER" "linux_386")
+VAULT_LINUX_X64_SHA256=$(calc_hash "$VAULT_VER" "linux_amd64")
+VAULT_DARWIN_X64_SHA256=$(calc_hash "$VAULT_VER" "darwin_amd64")
+VAULT_LINUX_AARCH64_SHA256=$(calc_hash "$VAULT_VER" "linux_arm64")
+VAULT_DARWIN_AARCH64_SHA256=$(calc_hash "$VAULT_VER" "darwin_arm64")
+
+sed -i "s/version = \".*\"/version = \"$VAULT_VER\"/" "$NIX_DRV"
+
+replace_sha "i686-linux" "$VAULT_LINUX_X86_SHA256"
+replace_sha "x86_64-linux" "$VAULT_LINUX_X64_SHA256"
+replace_sha "x86_64-darwin" "$VAULT_DARWIN_X64_SHA256"
+replace_sha "aarch64-linux" "$VAULT_LINUX_AARCH64_SHA256"
+replace_sha "aarch64-darwin" "$VAULT_DARWIN_AARCH64_SHA256"