refactor(flake.nix): Clean up last references to a gobal pkgs

pkgs/packages/crowdsec-firewall-bouncer.nix

@@ -4,19 +4,22 @@
   buildGoModule,
   envsubst,
   coreutils,
+
+  writers,
+  nix-update,
 }:
 let
   envsubstBin = lib.getExe envsubst;
 in
 buildGoModule (drv: {
   pname = "crowdsec-firewall-bouncer";
-  version = "0.0.34";
+  version = drv.src.rev;
 
   src = fetchFromGitHub {
     owner = "crowdsecurity";
     repo = "cs-firewall-bouncer";
-    rev = drv.version;
-    hash = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=";
+    rev = "0.0.34";
+    sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=";
   };
 
   vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo=";
@@ -31,4 +34,18 @@ buildGoModule (drv: {
     substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \
       --replace-fail /bin/sleep ${coreutils}/bin/sleep
   '';
+
+  passthru.updateScript =
+    writers.writeNuBin "update-crowdsec-firewall-bouncer"
+      {
+        makeWrapperArgs = [
+          "--prefix"
+          "PATH"
+          ":"
+          (lib.makeBinPath [ nix-update ])
+        ];
+      }
+      ''
+        nix-update --flake --format crowdsec-firewall-bouncer
+      '';
 })

pkgs/packages/crowdsec-hub.nix

@@ -1,4 +1,11 @@
-{ fetchFromGitHub, stdenvNoCC }:
+{
+  lib,
+  fetchFromGitHub,
+  stdenvNoCC,
+
+  writers,
+  nix-update,
+}:
 # Using `mkDerivation` so nix-update can pick up the version
 stdenvNoCC.mkDerivation (drv: {
   pname = "crowdsec-hub";
@@ -14,4 +21,18 @@ stdenvNoCC.mkDerivation (drv: {
   installPhase = ''
     cp -r $src $out
   '';
+
+  passthru.updateScript =
+    writers.writeNuBin "update-crowdsec-hub"
+      {
+        makeWrapperArgs = [
+          "--prefix"
+          "PATH"
+          ":"
+          (lib.makeBinPath [ nix-update ])
+        ];
+      }
+      ''
+        nix-update --flake --format --version=skip crowdsec-hub
+      '';
 })