update: 2024.2.3 -> 2024.4.1

Release notes: https://docs.goauthentik.io/docs/releases/2024.4 Notable dependency updates: python 3.11 -> python 3.12 golang 1.21 -> golang 1.22 nixpkgs-23.11 -> nixpkgs-unstable (for golang 1.22 until 24.05) Introduces patch to `web/package-lock.json`, see `components/frontend.nix`, this will cause IFD until the issue is resolved. https://nixos.org/manual/nix/stable/language/import-from-derivation Flake lock file updates: • Updated input 'authentik-src': 'github:goauthentik/authentik/6bb180f94ec124092c4f87ae5f5d892a70b32ff3' (2024-04-17) → 'github:goauthentik/authentik/ca70c963e55daf73b479a4513da06ac5cea77718' (2024-04-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15) → 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/3c92540611f42d3fb2d0d084a6c694cd6544b609' (2024-02-22) → 'github:nix-community/poetry2nix/9245811b58905453033f1ef551f516cbee71c42c' (2024-04-26)
2024-04-24 18:44:40 +02:00 · 2024-04-24 18:44:40 +02:00 · 608c5dd4f5
commit 608c5dd4f5
parent 5011f30262
9 changed files with 129 additions and 71 deletions
--- a/module.nix
+++ b/module.nix
@ -214,6 +214,12 @@ in
          serviceConfig = mkMerge [ serviceDefaults {
            Type = "oneshot";
            RemainAfterExit = true;
+            RuntimeDirectory = "authentik-migrate";
+            WorkingDirectory = "%t/authentik-migrate";
+            ExecStartPre = [
+              # needs access to "authentik/sources/schemas"
+              "${pkgs.coreutils}/bin/ln -svf ${cfg.authentikComponents.staticWorkdirDeps}/authentik"
+            ];
            ExecStart = "${cfg.authentikComponents.migrate}/bin/migrate.py";
            inherit (config.systemd.services.authentik.serviceConfig) StateDirectory;
          } ];
@ -230,12 +236,13 @@ in
          serviceConfig = mkMerge [ serviceDefaults {
            RuntimeDirectory = "authentik";
            WorkingDirectory = "%t/authentik";
-            # TODO maybe make this configurable
            ExecStart = "${cfg.authentikComponents.manage}/bin/manage.py worker";
            LoadCredential = mkIf (cfg.nginx.enable && cfg.nginx.enableACME) [
              "${cfg.nginx.host}.pem:${config.security.acme.certs.${cfg.nginx.host}.directory}/fullchain.pem"
              "${cfg.nginx.host}.key:${config.security.acme.certs.${cfg.nginx.host}.directory}/key.pem"
            ];
+            # needs access to $StateDirectory/media/public
+            inherit (config.systemd.services.authentik.serviceConfig) StateDirectory;
          } ];
        };
        authentik = {