refactor(update-script): Switch from nvfetcher to nix-update

2025-09-29 13:08:07 +08:00 · 2025-09-29 13:08:07 +08:00 · 8757f2ad22
commit 8757f2ad22
parent 099666d14d
8 changed files with 91 additions and 102 deletions
--- a/pkgs/packages/crowdsec-firewall-bouncer.nix
+++ b/pkgs/packages/crowdsec-firewall-bouncer.nix
@ -1,15 +1,26 @@
 {
  lib,
-  sources,
+  fetchFromGitHub,
  buildGoModule,
  envsubst,
  coreutils,
+
+  writers,
+  nix-update,
 }:
 let
  envsubstBin = lib.getExe envsubst;
 in
-buildGoModule {
-  inherit (sources.crowdsec-firewall-bouncer) pname version src;
+buildGoModule (drv: {
+  pname = "crowdsec-firewall-bouncer";
+  version = drv.src.rev;
+
+  src = fetchFromGitHub {
+    owner = "crowdsecurity";
+    repo = "cs-firewall-bouncer";
+    rev = "0.0.34";
+    sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=";
+  };

  vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo=";

@ -23,4 +34,18 @@ buildGoModule {
    substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \
      --replace-fail /bin/sleep ${coreutils}/bin/sleep
  '';
-}
+
+  passthru.updateScript =
+    writers.writeNuBin "update-crowdsec-firewall-bouncer"
+      {
+        makeWrapperArgs = [
+          "--prefix"
+          "PATH"
+          ":"
+          (lib.makeBinPath [ nix-update ])
+        ];
+      }
+      ''
+        nix-update --flake --format crowdsec-firewall-bouncer
+      '';
+})
--- a/pkgs/packages/crowdsec-hub.nix
+++ b/pkgs/packages/crowdsec-hub.nix
@ -1 +1,38 @@
-{ sources }: sources.crowdsec-hub.src
+{
+  lib,
+  fetchFromGitHub,
+  stdenvNoCC,
+
+  writers,
+  nix-update,
+}:
+# Using `mkDerivation` so nix-update can pick up the version
+stdenvNoCC.mkDerivation (drv: {
+  pname = "crowdsec-hub";
+  version = drv.src.rev;
+
+  src = fetchFromGitHub {
+    owner = "crowdsecurity";
+    repo = "hub";
+    rev = "fc59f78180f3edfce76df3e77b001c454f567d3d";
+    hash = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q=";
+  };
+
+  installPhase = ''
+    cp -r $src $out
+  '';
+
+  passthru.updateScript =
+    writers.writeNuBin "update-crowdsec-hub"
+      {
+        makeWrapperArgs = [
+          "--prefix"
+          "PATH"
+          ":"
+          (lib.makeBinPath [ nix-update ])
+        ];
+      }
+      ''
+        nix-update --flake --format --version=branch crowdsec-hub
+      '';
+})