tlaternet-server/pkgs/crowdsec/firewall-bouncer.nix

{
  lib,
  fetchFromGitHub,
  buildGoModule,
  envsubst,
  coreutils,
}:
let
  envsubstBin = lib.getExe envsubst;
in
buildGoModule (drv: {
  pname = "crowdsec-firewall-bouncer";
  version = "0.0.34";

  src = fetchFromGitHub {
    owner = "crowdsecurity";
    repo = "cs-firewall-bouncer";
    rev = drv.version;
    hash = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=";
  };

  vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo=";

  postInstall = ''
    mkdir -p $out/lib/systemd/system

    CFG=/var/lib/crowdsec/config BIN=$out/bin/cs-firewall-bouncer ${envsubstBin} \
      -i ./config/crowdsec-firewall-bouncer.service \
      -o $out/lib/systemd/system/crowdsec-firewall-bouncer.service

    substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \
      --replace-fail /bin/sleep ${coreutils}/bin/sleep
  '';
})