oubliette/flake.nix

{
  description = "Oubliette - SSH Honeypot";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
  };

  outputs = { self, nixpkgs }:
    let
      supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
    in
    {
      nixosModules.default = import ./nixos-module.nix;

      packages = forAllSystems (system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
          mainGo = builtins.readFile ./cmd/oubliette/main.go;
          version = builtins.head (builtins.match ''.*const Version = "([^"]+)".*'' mainGo);
          geoipDb = pkgs.fetchurl {
            url = "https://download.db-ip.com/free/dbip-country-lite-2026-02.mmdb.gz";
            hash = "sha256-xmQZEJZ5WzE9uQww1Sdb8248l+liYw46tjbfJeu945Q=";
          };
        in
        {
          default = pkgs.buildGoModule {
            pname = "oubliette";
            inherit version;
            src = ./.;
            vendorHash = "sha256-/zxK6CABLYBNtuSOI8dIVgMNxKiDIcbZUS7bQR5TenA=";
            subPackages = [ "cmd/oubliette" ];
            nativeBuildInputs = [ pkgs.gzip ];
            preBuild = ''
              gunzip -c ${geoipDb} > internal/geoip/dbip-country-lite.mmdb
            '';
            meta = {
              description = "SSH honeypot";
              mainProgram = "oubliette";
            };
          };

          dockerImage = pkgs.dockerTools.buildLayeredImage {
            name = "oubliette";
            tag = version;
            contents = [ self.packages.${system}.default ];
            config = {
              Entrypoint = [ "/bin/oubliette" ];
              Cmd = [ "-config" "/data/oubliette.toml" ];
              ExposedPorts = {
                "2222/tcp" = {};
                "8080/tcp" = {};
              };
              Volumes = {
                "/data" = {};
              };
            };
          };
        });

      devShells = forAllSystems (system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
        in
        {
          default = pkgs.mkShell {
            buildInputs = [
              pkgs.go
              pkgs.govulncheck
              pkgs.golangci-lint
              pkgs.sqlite
            ];
          };
        });
    };
}