59 lines
1.1 KiB
Nix
59 lines
1.1 KiB
Nix
|
{
|
||
|
lib,
|
||
|
runCommand,
|
||
|
awscli,
|
||
|
}:
|
||
|
|
||
|
{
|
||
|
s3url,
|
||
|
name ? builtins.baseNameOf s3url,
|
||
|
sha256,
|
||
|
region ? "us-east-1",
|
||
|
credentials ? null, # Default to looking at local EC2 metadata service
|
||
|
recursiveHash ? false,
|
||
|
postFetch ? null,
|
||
|
}:
|
||
|
|
||
|
let
|
||
|
mkCredentials =
|
||
|
{
|
||
|
access_key_id,
|
||
|
secret_access_key,
|
||
|
session_token ? null,
|
||
|
}:
|
||
|
{
|
||
|
AWS_ACCESS_KEY_ID = access_key_id;
|
||
|
AWS_SECRET_ACCESS_KEY = secret_access_key;
|
||
|
AWS_SESSION_TOKEN = session_token;
|
||
|
};
|
||
|
|
||
|
credentialAttrs = lib.optionalAttrs (credentials != null) (mkCredentials credentials);
|
||
|
in
|
||
|
runCommand name
|
||
|
(
|
||
|
{
|
||
|
nativeBuildInputs = [ awscli ];
|
||
|
|
||
|
outputHashAlgo = "sha256";
|
||
|
outputHash = sha256;
|
||
|
outputHashMode = if recursiveHash then "recursive" else "flat";
|
||
|
|
||
|
preferLocalBuild = true;
|
||
|
|
||
|
AWS_DEFAULT_REGION = region;
|
||
|
}
|
||
|
// credentialAttrs
|
||
|
)
|
||
|
(
|
||
|
if postFetch != null then
|
||
|
''
|
||
|
downloadedFile="$(mktemp)"
|
||
|
aws s3 cp ${s3url} $downloadedFile
|
||
|
${postFetch}
|
||
|
''
|
||
|
else
|
||
|
''
|
||
|
aws s3 cp ${s3url} $out
|
||
|
''
|
||
|
)
|