From 1d85e0bbab6a9f1b5a0d0a66c0ed927f6198f63b Mon Sep 17 00:00:00 2001
From: Fernando J Pando <fernando.pando@stelligent.com>
Date: Wed, 1 Feb 2017 11:26:55 -0500
Subject: [PATCH] hologram: 8d86e3f -> d20d1c3

- Updates dependencies
- Adds configuration module
- Tested on Nixos Unstable
---
 nixos/modules/module-list.nix                 |  3 +-
 .../services/security/hologram-agent.nix      | 57 +++++++++++++++++++
 .../{hologram.nix => hologram-server.nix}     |  0
 pkgs/tools/security/hologram/default.nix      | 18 ++++--
 pkgs/tools/security/hologram/deps.nix         |  9 +++
 5 files changed, 81 insertions(+), 6 deletions(-)
 create mode 100644 nixos/modules/services/security/hologram-agent.nix
 rename nixos/modules/services/security/{hologram.nix => hologram-server.nix} (100%)

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 23acc11db23..fed75053e56 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -498,7 +498,8 @@
   ./services/security/frandom.nix
   ./services/security/haka.nix
   ./services/security/haveged.nix
-  ./services/security/hologram.nix
+  ./services/security/hologram-server.nix
+  ./services/security/hologram-agent.nix
   ./services/security/munge.nix
   ./services/security/oauth2_proxy.nix
   ./services/security/physlock.nix
diff --git a/nixos/modules/services/security/hologram-agent.nix b/nixos/modules/services/security/hologram-agent.nix
new file mode 100644
index 00000000000..49b5c935267
--- /dev/null
+++ b/nixos/modules/services/security/hologram-agent.nix
@@ -0,0 +1,57 @@
+{pkgs, config, lib, ...}:
+
+with lib;
+
+let
+  cfg = config.services.hologram-agent;
+
+  cfgFile = pkgs.writeText "hologram-agent.json" (builtins.toJSON {
+    host = cfg.dialAddress;
+  });
+in {
+  options = {
+    services.hologram-agent = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the Hologram agent for AWS instance credentials";
+      };
+
+      dialAddress = mkOption {
+        type        = types.str;
+        default     = "localhost:3100";
+        description = "Hologram server and port.";
+      };
+
+      httpPort = mkOption {
+        type        = types.str;
+        default     = "80";
+        description = "Port for metadata service to listen on.";
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.interfaces.dummy0 = {
+      ipAddress = "169.254.169.254";
+      prefixLength = 32;
+    };
+
+    systemd.services.hologram-agent = {
+      description = "Provide EC2 instance credentials to machines outside of EC2";
+      after       = [ "network.target" ];
+      wantedBy    = [ "multi-user.target" ];
+      requires    = [ "network-link-dummy0.service" "network-addresses-dummy0.service" ]; 
+      preStart = ''
+        /run/current-system/sw/bin/rm -fv /var/run/hologram.sock
+      '';
+      serviceConfig = {
+        ExecStart = "${pkgs.hologram.bin}/bin/hologram-agent -debug -conf ${cfgFile} -port ${cfg.httpPort}";
+      };
+    };
+
+  };
+
+  meta.maintainers = with lib.maintainers; [ nand0p ];
+}
diff --git a/nixos/modules/services/security/hologram.nix b/nixos/modules/services/security/hologram-server.nix
similarity index 100%
rename from nixos/modules/services/security/hologram.nix
rename to nixos/modules/services/security/hologram-server.nix
diff --git a/pkgs/tools/security/hologram/default.nix b/pkgs/tools/security/hologram/default.nix
index e7673cf5842..abdcd5d2d3e 100644
--- a/pkgs/tools/security/hologram/default.nix
+++ b/pkgs/tools/security/hologram/default.nix
@@ -2,16 +2,24 @@
 
 buildGoPackage rec {
   name = "hologram-${version}";
-  version = "20160209-${stdenv.lib.strings.substring 0 7 rev}";
-  rev = "8d86e3fdcbfd967ba58d8de02f5e8173c101212e";
-
-  goPackagePath = "github.com/AdRoll/hologram";
+  version = "20170130-${stdenv.lib.strings.substring 0 7 rev}";
+  rev = "d20d1c30379e7010e8f9c428a5b9e82f54d390e1";
 
   src = fetchgit {
     inherit rev;
     url = "https://github.com/AdRoll/hologram";
-    sha256 = "0i0p170brdsczfz079mqbc5y7x7mdph04p3wgqsd7xcrddvlkkaf";
+    sha256 = "0dg5kfs16kf2gzhpmzsg83qzi2pxgnc9g81lw5zpa6fmzpa9kgsn";
   };
 
+  goPackagePath = "github.com/AdRoll/hologram";
+
   goDeps = ./deps.nix;
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/AdRoll/hologram/;
+    description = "Easy, painless AWS credentials on developer laptops.";
+    maintainers = with maintainers; [ nand0p ];
+    platforms = platforms.all;
+    license = licenses.asl20;
+  };
 }
diff --git a/pkgs/tools/security/hologram/deps.nix b/pkgs/tools/security/hologram/deps.nix
index 2c4cdbe84f0..a9b66da2a9c 100644
--- a/pkgs/tools/security/hologram/deps.nix
+++ b/pkgs/tools/security/hologram/deps.nix
@@ -98,4 +98,13 @@
       sha256 = "179lwaf0hvczl8g4xzkpcpzq25p1b23f7399bx5zl55iin62d8yz";
     };
   }
+  {
+    goPackagePath = "github.com/aws/aws-sdk-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/aws/aws-sdk-go";
+      rev = "3f8f870ec9939e32b3372abf74d24e468bcd285d";
+      sha256 = "0a4hycs3d87s50z4prf5h6918r0fa2rvrrwlbffs430ilc4y8ghv";
+    };
+  }
 ]