step-bootstrap

modules/features/shell-tools.nix

@@ -32,6 +32,7 @@
       # binName = "show-tools";
       package = (pkgs.symlinkJoin {
         name = "show-tools";
+        meta.mainProgram = "show-tools";
         paths = with pkgs; [
           nh
           ripgrep

modules/features/step-client.nix

@@ -0,0 +1,51 @@
+{ self, inputs, ... }:
+let
+  bootstrapWrapper = inputs.wrappers.lib.wrapModule ({config, lib, wlib, ... }: {
+    options = {
+      caURL = lib.mkOption {
+        type = lib.types.str;
+      };
+      fingerprint = lib.mkOption {
+        type = lib.types.str;
+      };
+      install = lib.mkEnableOption "Install the cert to the system trust store";
+    };
+
+    config = {
+      package = config.pkgs.step-cli; # (1)!
+      binName = "bootstrap";
+      args = [
+        "ca" "bootstrap"
+        "--ca-url" config.caURL
+        "--fingerprint" config.fingerprint
+      ];
+    };
+  });
+in
+{
+  perSystem = { system, self', pkgs, lib, ... }: {
+    packages.step-client = inputs.wrappers.lib.wrapPackage {
+      inherit pkgs;
+      package = (pkgs.symlinkJoin {
+        name = "step";
+        meta.mainProgram = "step";
+        paths = with pkgs; [
+          self'.packages.step-bootstrap
+        ];
+      });
+    };
+
+    packages.step-bootstrap = (bootstrapWrapper.apply {
+      inherit pkgs;
+      caURL = "https://janus.john-stream.com";
+      fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
+      install = true;
+    }).wrapper;
+  };
+
+  flake.modules.homeManager.myStepClient = { config, pkgs, lib, ... }: {
+    home.packages = [
+      inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.step-bootstrap
+    ];
+  };
+}