fix: clean up nix flake and lock, drop overlay

Author: samrose

flake.lock

@@ -28,8 +28,6 @@
     git-hooks.inputs.nixpkgs.follows = "nixpkgs";
     nixpkgs-go124.url = "github:Nixos/nixpkgs/d2ac4dfa61fba987a84a0a81555da57ae0b9a2b0";
     nixpkgs-pgbackrest.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    gatekeeper.url = "git+ssh://git@github.com/supabase/jit-db-gatekeeper?ref=sam/add-flake-parts&rev=34ba4a222c15b2480b837bbb3076508f36c9296f";
-    gatekeeper.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs =

flake.nix

@@ -28,15 +28,5 @@
       inherit (final) rust-bin;
     };
 
-    # place the gatekeeper module in the expected libpam location
-    gatekeeper = self.packages.${final.system}.gatekeeper;
-    linux-pam = prev.linux-pam.overrideAttrs (old: {
-      postInstall =
-        (old.postInstall or "")
-        + ''
-          mkdir -p $out/lib/security
-          cp ${final.gatekeeper}/lib/security/*.so $out/lib/security/
-        '';
-    });
   };
 }

nix/overlays/default.nix

@@ -2,7 +2,7 @@
 {
   imports = [
     ./postgres.nix
-    ./gatekeeper.nix
+    # ./gatekeeper.nix
   ];
   perSystem =
     {
@@ -36,6 +36,7 @@
           cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
           dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
           docs = pkgs.callPackage ./docs.nix { };
+          gatekeeper = pkgs.callPackage ./gatekeeper.nix { inherit inputs pkgs; };
           supabase-groonga = pkgs.callPackage ./groonga { };
           http-mock-server = pkgs.callPackage ./http-mock-server.nix { };
           local-infra-bootstrap = pkgs.callPackage ./local-infra-bootstrap.nix { };

nix/packages/default.nix

@@ -1,12 +1,50 @@
-{ inputs, ... }:
 {
-  perSystem =
-    { system, ... }:
-    let
-
-      go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
-    in
-    {
-      packages.gatekeeper = inputs.gatekeeper.lib.${system}.makeGatekeeper { go = go124; };
-    };
+  inputs,
+  system,
+  pkgs,
+  ...
+}:
+let
+  go124 = inputs.nixpkgs-go124.legacyPackages.${system}.go_1_24;
+  # Use completely clean nixpkgs without any overlays for gatekeeper
+  #cleanPkgs = inputs.nixpkgs.legacyPackages.${system};
+  buildGoModule = pkgs.buildGoModule.override { go = go124; };
+in
+
+buildGoModule {
+  pname = "gatekeeper";
+  version = "0.1.0";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "supabase";
+    repo = "jit-db-gatekeeper";
+    rev = "refs/heads/main";
+    hash = "sha256-hrYh1dBxk+aN3b/J9mZqk/ZXHmWA/MIqZLVgICT7e90=";
+  };
+
+  vendorHash = "sha256-G9x2TARSJMn30R6ZOlsggxEtn5t2ezWz1YtkLXdYiAE=";
+
+  buildInputs = [
+    pkgs.pam
+  ] ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ pkgs.darwin.apple_sdk.frameworks.Security ];
+
+  buildPhase = ''
+    runHook preBuild
+    go build -buildmode=c-shared -o pam_jwt_pg.so
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/lib/security
+    cp pam_jwt_pg.so $out/lib/security/
+    runHook postInstall
+  '';
+
+  meta = with pkgs.lib; {
+    description = "PAM module for JWT authentication with PostgreSQL backend";
+    homepage = "https://github.com/supabase/jit-db-gatekeeper";
+    license = licenses.mit;
+    platforms = platforms.unix;
+  };
 }