[WIP] Enable Vault UI

maintainers/maintainer-list.nix

@@ -331,6 +331,11 @@
     github = "ardumont";
     name = "Antoine R. Dumont";
   };
+  arianvp = {
+    email = "[email protected]";
+    github = "arianvp";
+    name = "Arian van Putten";
+  };
   aristid = {
     email = "[email protected]";
     github = "aristidb";

nixos/modules/services/security/vault.nix

@@ -25,6 +25,7 @@ let
           ${cfg.telemetryConfig}
         }
       ''}
+    ${optionalString cfg.ui "ui = true"}
     ${cfg.extraConfig}
   '';
 in
@@ -41,6 +42,12 @@ in
         description = "This option specifies the vault package to use.";
       };
 
+      ui = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enables the Vault Web UI";
+      };
+
       address = mkOption {
         type = types.str;
         default = "127.0.0.1:8200";

nixos/tests/vault.nix

@@ -7,7 +7,10 @@ import ./make-test.nix ({ pkgs, ... }:
   machine = { pkgs, ... }: {
     environment.systemPackages = [ pkgs.vault ];
     environment.variables.VAULT_ADDR = "http://127.0.0.1:8200";
-    services.vault.enable = true;
+    services.vault = {
+      enable = true;
+      ui = true;
+    };
   };
 
   testScript =
@@ -19,5 +22,6 @@ import ./make-test.nix ({ pkgs, ... }:
       $machine->waitForOpenPort(8200);
       $machine->succeed('vault operator init');
       $machine->succeed('vault status | grep Sealed | grep true');
+      $machine->succeed('curl --fail http://127.0.0.1:8200/ui/vault/auth | grep "<title>Vault"');
     '';
 })

pkgs/development/tools/yarn2nix/default.nix

@@ -6,6 +6,8 @@ let
 
   yarn2nix = mkYarnPackage {
     src = ./.;
+    pname = "yarn2nix";
+    version = "0.1.0";
     yarnNix = ./yarn.nix;
 
     passthru = {
@@ -120,6 +122,8 @@ let
     name ? null,
     src,
     packageJSON ? src + "/package.json",
+    pname,
+    version,
     yarnLock ? src + "/yarn.lock",
     yarnNix ? mkYarnNix yarnLock,
     yarnFlags ? defaultYarnFlags,
@@ -130,9 +134,6 @@ let
     ...
   }@attrs:
     let
-      package = lib.importJSON packageJSON;
-      pname = package.name;
-      version = package.version;
       deps = mkYarnModules {
         name = "${pname}-modules-${version}";
         preBuild = yarnPreBuild;
@@ -190,7 +191,7 @@ let
       '';
 
       passthru = {
-        inherit package deps;
+        inherit deps;
       } // (attrs.passthru or {});
 
       # TODO: populate meta automatically

pkgs/tools/security/vault/default.nix

@@ -1,6 +1,6 @@
-{ stdenv, fetchFromGitHub, go, gox, removeReferencesTo }:
-
+{ pkgs, stdenv, fetchzip, nodejs-8_x, fetchFromGitHub, go, gox, go-bindata, go-bindata-assetfs,  nodejs, python, nodePackages, yarn2nix, removeReferencesTo }:
 let
+  nodejs = nodejs-8_x;
   # Deprecated since vault 0.8.2: use `vault -autocomplete-install` instead
   # to install auto-complete for bash, zsh and fish
   vaultBashCompletions = fetchFromGitHub {
@@ -20,23 +20,59 @@ in stdenv.mkDerivation rec {
     sha256 = "0lckpfp1yw6rfq2cardsp2qjiajg706qjk98cycrlsa5nr2csafa";
   };
 
-  nativeBuildInputs = [ go gox removeReferencesTo ];
+
+  ui = yarn2nix.mkYarnPackage {
+    pname = "vault";
+    inherit version;
+    src = "${src}/ui";
+    yarnNix = ./yarn.nix;
+    extraBuildInputs = [ nodePackages.node-gyp-build ];
+    yarnPreBuild = ''
+      mkdir -p $HOME/.node-gyp/${nodejs.version}
+      echo 9 > $HOME/.node-gyp/${nodejs.version}/installVersion
+      ln -sfv ${nodejs}/include $HOME/.node-gyp/${nodejs.version}
+    '';
+    pkgConfig.node-sass = {
+      buildInputs = [ python ];
+      postInstall = ''
+        npm run build
+      '';
+    };
+    buildPhase = ''
+      export HOME=$PWD/yarn_home
+      yarn run build --output-path $out/ember;
+    '';
+  };
+
+  nativeBuildInputs = [ go gox go-bindata go-bindata-assetfs removeReferencesTo ];
 
   preBuild = ''
     patchShebangs ./
     substituteInPlace scripts/build.sh --replace 'git rev-parse HEAD' 'echo ${src.rev}'
+    sed -i /^'rm -rf pkg'/d scripts/build.sh
     sed -i s/'^GIT_DIRTY=.*'/'GIT_DIRTY="+NixOS"'/ scripts/build.sh
 
     mkdir -p .git/hooks src/github.com/hashicorp
+    mkdir -p pkg/web_ui
+    cp -r ${ui}/ember/* pkg/web_ui
+    chmod -R u+w pkg/web_ui 
+    go-bindata-assetfs -pkg http -prefix pkg -modtime 1480000000 -tags ui ./pkg/web_ui/...
+    mv bindata_assetfs.go http
+
+    rm -rf pkg/web_ui
+
+
     ln -s $(pwd) src/github.com/hashicorp/vault
 
     export GOPATH=$(pwd)
   '';
 
+  makeFlags = [ "dev-ui" ];
+
   installPhase = ''
     mkdir -p $out/bin $out/share/bash-completion/completions
 
-    cp pkg/*/* $out/bin/
+    cp pkg/*/vault $out/bin/
     find $out/bin -type f -exec remove-references-to -t ${go} '{}' +
 
     cp ${vaultBashCompletions}/vault-bash-completion.sh $out/share/bash-completion/completions/vault
@@ -47,6 +83,6 @@ in stdenv.mkDerivation rec {
     description = "A tool for managing secrets";
     platforms = platforms.linux ++ platforms.darwin;
     license = licenses.mpl20;
-    maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri ];
+    maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri arianvp ];
   };
 }

pkgs/tools/security/vault/update-yarn-nix.sh

@@ -0,0 +1,12 @@
+#/usr/bin/env nix-shell
+#! nix-shell -i bash -p yarn2nix
+
+# Usage:
+#    NIX_PATH=nixpkgs=<your local nixpkgs checkout> ./update-yarn-nix.sh
+
+# Download an unpack URL
+src="$(nix-build '<nixpkgs>' -A vault.src --no-out-link)"
+tmp="$(mktemp)"
+chmod u+w "${tmp}"
+cp "${src}/ui/yarn.lock" "$tmp"
+yarn2nix --lockfile "${tmp}" > yarn.nix