From 5e4381c1c4e73b3d560dd5d8940806f9720ca02f Mon Sep 17 00:00:00 2001
From: Brian McGee <brian@bmcgee.ie>
Date: Tue, 1 Apr 2025 14:57:56 +0100
Subject: [PATCH 1/2] age: add a convenience function for wrapping with plugins

---
 pkgs/by-name/ag/age/package.nix | 48 ++++++++++++++++++++++++++-------
 1 file changed, 39 insertions(+), 9 deletions(-)

diff --git a/pkgs/by-name/ag/age/package.nix b/pkgs/by-name/ag/age/package.nix
index da7380a91475..91c368133fc2 100644
--- a/pkgs/by-name/ag/age/package.nix
+++ b/pkgs/by-name/ag/age/package.nix
@@ -3,16 +3,22 @@
   buildGoModule,
   fetchFromGitHub,
   installShellFiles,
+  age-plugin-tpm,
+  age-plugin-ledger,
+  age-plugin-yubikey,
+  age-plugin-fido2-hmac,
+  makeWrapper,
+  runCommand,
 }:
 
-buildGoModule rec {
+buildGoModule (final: {
   pname = "age";
   version = "1.2.1";
 
   src = fetchFromGitHub {
     owner = "FiloSottile";
     repo = "age";
-    rev = "v${version}";
+    rev = "v${final.version}";
     hash = "sha256-9ZJdrmqBj43zSvStt0r25wjSfnvitdx3GYtM3urHcaA=";
   };
 
@@ -21,10 +27,12 @@ buildGoModule rec {
   ldflags = [
     "-s"
     "-w"
-    "-X main.Version=${version}"
+    "-X main.Version=${final.version}"
   ];
 
-  nativeBuildInputs = [ installShellFiles ];
+  nativeBuildInputs = [
+    installShellFiles
+  ];
 
   preInstall = ''
     installManPage doc/*.1
@@ -32,10 +40,10 @@ buildGoModule rec {
 
   doInstallCheck = true;
   installCheckPhase = ''
-    if [[ "$("$out/bin/${pname}" --version)" == "${version}" ]]; then
-      echo '${pname} smoke check passed'
+    if [[ "$("$out/bin/${final.pname}" --version)" == "${final.version}" ]]; then
+      echo '${final.pname} smoke check passed'
     else
-      echo '${pname} smoke check failed'
+      echo '${final.pname} smoke check failed'
       return 1
     fi
   '';
@@ -46,12 +54,34 @@ buildGoModule rec {
     "TestScript/plugin"
   ];
 
+  # group age plugins together
+  passthru.plugins = {
+    inherit
+      age-plugin-tpm
+      age-plugin-ledger
+      age-plugin-yubikey
+      age-plugin-fido2-hmac
+      ;
+  };
+
+  # convenience function for wrapping sops with plugins
+  passthru.withPlugins =
+    filter:
+    runCommand "age-${final.version}-with-plugins"
+      {
+        nativeBuildInputs = [ makeWrapper ];
+      }
+      ''
+        makeWrapper ${lib.getBin final.finalPackage}/bin/age $out/bin/age \
+          --prefix PATH : "${lib.makeBinPath (filter final.passthru.plugins)}"
+      '';
+
   meta = with lib; {
-    changelog = "https://github.com/FiloSottile/age/releases/tag/v${version}";
+    changelog = "https://github.com/FiloSottile/age/releases/tag/v${final.version}";
     homepage = "https://age-encryption.org/";
     description = "Modern encryption tool with small explicit keys";
     license = licenses.bsd3;
     mainProgram = "age";
     maintainers = with maintainers; [ tazjin ];
   };
-}
+})

From 5d9c67a8f79143a9e7da17f333122d27ab53e819 Mon Sep 17 00:00:00 2001
From: Brian McGee <brian@bmcgee.ie>
Date: Tue, 1 Apr 2025 14:58:11 +0100
Subject: [PATCH 2/2] sops: add a convenience function for wrapping age plugins

---
 pkgs/by-name/so/sops/package.nix | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/pkgs/by-name/so/sops/package.nix b/pkgs/by-name/so/sops/package.nix
index 4705134f6b27..0a80ffce37f4 100644
--- a/pkgs/by-name/so/sops/package.nix
+++ b/pkgs/by-name/so/sops/package.nix
@@ -5,16 +5,19 @@
   installShellFiles,
   versionCheckHook,
   nix-update-script,
+  makeWrapper,
+  runCommand,
+  age,
 }:
 
-buildGoModule rec {
+buildGoModule (final: {
   pname = "sops";
   version = "3.10.1";
 
   src = fetchFromGitHub {
     owner = "getsops";
-    repo = pname;
-    tag = "v${version}";
+    repo = final.pname;
+    tag = "v${final.version}";
     hash = "sha256-LdsuN243oQ/L6LYgynb7Kw60alXn5IfUfhY0WaZFVCU=";
   };
 
@@ -25,10 +28,13 @@ buildGoModule rec {
   ldflags = [
     "-s"
     "-w"
-    "-X github.com/getsops/sops/v3/version.Version=${version}"
+    "-X github.com/getsops/sops/v3/version.Version=${final.version}"
   ];
 
-  nativeBuildInputs = [ installShellFiles ];
+  nativeBuildInputs = [
+    installShellFiles
+    makeWrapper
+  ];
 
   postInstall = ''
     installShellCompletion --cmd sops --bash ${./bash_autocomplete}
@@ -41,10 +47,22 @@ buildGoModule rec {
 
   passthru.updateScript = nix-update-script { };
 
+  # wrap sops with age plugins
+  passthru.withAgePlugins =
+    filter:
+    runCommand "sops-${final.version}-with-age-plugins"
+      {
+        nativeBuildInputs = [ makeWrapper ];
+      }
+      ''
+        makeWrapper ${lib.getBin final.finalPackage}/bin/sops $out/bin/sops \
+          --prefix PATH : "${lib.makeBinPath (filter age.passthru.plugins)}"
+      '';
+
   meta = {
     homepage = "https://getsops.io/";
     description = "Simple and flexible tool for managing secrets";
-    changelog = "https://github.com/getsops/sops/blob/v${version}/CHANGELOG.rst";
+    changelog = "https://github.com/getsops/sops/blob/v${final.version}/CHANGELOG.rst";
     mainProgram = "sops";
     maintainers = with lib.maintainers; [
       Scrumplex
@@ -52,4 +70,4 @@ buildGoModule rec {
     ];
     license = lib.licenses.mpl20;
   };
-}
+})