update: 2025.8.4 -> 2025.10.1

See https://version-2025-10.goauthentik.io/releases/2025.10/

README.md

@@ -16,7 +16,7 @@ Please note that this project is not directly affiliated with the official [auth
 * [flake.nix](./flake.nix)
   This flake provides packages (server, worker, outposts, ...) as outputs, a NixOS module and a simple VM integration test for the module.
 * [module.nix](./module.nix)
-  The NixOS module configures authentik services, redis and (by default) a local postgres instance. The upstream default authentik configuration can be partially overridden by setting desired parameters under `services.authentik.settings`.
+  The NixOS module configures authentik services and (by default) a local postgres instance. The upstream default authentik configuration can be partially overridden by setting desired parameters under `services.authentik.settings`.
 * [poetry2nix-python-overrides.nix](./poetry2nix-python-overrides.nix)
   contains overrides and fixes for building the python env
 * [minimal-vmtest.nix](./tests/minimal-vmtest.nix)

components/gopkgs.nix

@@ -48,7 +48,7 @@ buildGo124Module {
     "cmd/proxy"
     "cmd/radius"
   ];
-  vendorHash = "sha256-wTTEDBRYCW1UFaeX49ufLT0c17sacJzcCaW/8cPNYR4=";
+  vendorHash = "sha256-m2shrCwoVdbtr8B83ZcAyG+J6dEys2xdjtlfFFF4CDo=";
   nativeBuildInputs = [ makeWrapper ];
   doCheck = false;
   postInstall = ''

flake.lock

@@ -3,16 +3,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1759190535,
+        "lastModified": 1762188128,
-        "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
+        "narHash": "sha256-HowB6DTGCqz770fKYbnE+rQ11XRV0WSNkLD+HSWZwz8=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
+        "rev": "70406664dca2a13aabb695094f85471585668cb1",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2025.8.4",
+        "ref": "version/2025.10.1",
         "repo": "authentik",
         "type": "github"
       }

flake.nix

@@ -42,7 +42,7 @@
     };
     authentik-src = {
       # change version string in outputs as well when updating
-      url = "github:goauthentik/authentik/version/2025.8.4";
+      url = "github:goauthentik/authentik/version/2025.10.1";
       flake = false;
     };
   };
@@ -67,7 +67,7 @@
         ...
       }:
       let
-        authentik-version = "2025.8.4"; # to pass to the drvs of some components
+        authentik-version = "2025.10.1"; # to pass to the drvs of some components
       in
       {
         systems = import inputs.systems;

module.nix

@@ -295,10 +295,6 @@ in
             };
             media.enable_upload = mkDefault true;
           };
-          redis.servers.authentik = {
-            enable = true;
-            port = 6379;
-          };
           postgresql = mkIf cfg.createDatabase {
             enable = true;
             ensureDatabases = [ "authentik" ];
@@ -394,7 +390,6 @@ in
             ];
             after = [
               "network-online.target"
-              "redis-authentik.service"
             ]
             ++ (lib.optionals cfg.createDatabase [ "postgresql.service" ]);
             restartTriggers = [ config.environment.etc."authentik/config.yml".source ];

tests/minimal-vmtest.nix

@@ -51,7 +51,6 @@ pkgs.nixosTest {
     start_all()
 
     authentik.wait_for_unit("postgresql.service")
-    authentik.wait_for_unit("redis-authentik.service")
     authentik.wait_for_unit("authentik-migrate.service")
     authentik.wait_for_unit("authentik-worker.service")
     authentik.wait_for_unit("authentik.service")

tests/override-scope.nix

@@ -92,7 +92,6 @@ pkgs.nixosTest {
     start_all()
 
     authentik.wait_for_unit("postgresql.service")
-    authentik.wait_for_unit("redis-authentik.service")
     authentik.wait_for_unit("authentik-migrate.service")
     authentik.wait_for_unit("authentik-worker.service")
     authentik.wait_for_unit("authentik.service")