factor out components with callPackage to allow for easier overrides

Before this change it was very inconvenient to override specific dependencies, e.g. patching something in pythonEnv and having its dependents use that patched version. This is just a step towards better overridability for the individual authentik components, because patched versions of components still need to be manually passed to their dependents. An overlay-like approach would be even better.
2023-12-09 16:01:26 +01:00 · 2023-12-09 16:01:26 +01:00 · 6df56466f9
commit 6df56466f9
parent d12bdcc87d
8 changed files with 191 additions and 118 deletions
--- a/components/celery.nix
+++ b/components/celery.nix
@ -0,0 +1,13 @@
+{ authentikComponents
+, makeWrapper
+, runCommandLocal
+}:
+
+runCommandLocal "authentik-celery" {
+  nativeBuildInputs = [ makeWrapper ];
+} ''
+  mkdir -vp $out/bin
+  ln -sv ${authentikComponents.pythonEnv}/bin/celery $out/bin/celery
+  wrapProgram $out/bin/celery \
+    --prefix PYTHONPATH : ${authentikComponents.staticWorkdirDeps}
+''
--- a/components/docs.nix
+++ b/components/docs.nix
@ -0,0 +1,21 @@
+{ authentik-src
+, authentik-version
+, buildNapalmPackage
+, nodejs_20
+}:
+
+buildNapalmPackage "${authentik-src}/website" {
+  version = authentik-version; # 0.0.0 specified upstream in package.json
+  NODE_ENV = "production";
+  nodejs = nodejs_20;
+  npmCommands = [
+    "cp -v ${authentik-src}/SECURITY.md ../SECURITY.md"
+    "cp -vr ${authentik-src}/blueprints ../blueprints"
+    "npm install --include=dev"
+    "npm run build-docs-only"
+  ];
+  installPhase = ''
+    rm -r ../website/node_modules/.cache
+    mv -v ../website $out
+  '';
+}
--- a/components/frontend.nix
+++ b/components/frontend.nix
@ -0,0 +1,24 @@
+{ authentik-src
+, authentik-version
+, authentikComponents
+, buildNapalmPackage
+, nodejs_21
+}:
+
+buildNapalmPackage "${authentik-src}/web" rec {
+  version = authentik-version; # 0.0.0 specified upstream in package.json
+  NODE_ENV = "production";
+  nodejs = nodejs_21;
+  preBuild = ''
+    ln -sv ${authentikComponents.docs} ../website
+  '';
+  npmCommands = [
+    "npm install --include=dev --nodedir=${nodejs}/include/node --loglevel verbose --ignore-scripts"
+    "npm run build"
+  ];
+  installPhase = ''
+    mkdir $out
+    mv dist $out/dist
+    cp -r authentik icons $out
+  '';
+}
--- a/components/gopkgs.nix
+++ b/components/gopkgs.nix
@ -0,0 +1,50 @@
+{ authentik-src
+, authentik-version
+, authentikComponents
+, buildGo121Module
+, lib
+, makeWrapper
+}:
+
+buildGo121Module {
+  pname = "authentik-gopkgs";
+  version = authentik-version;
+  prePatch = ''
+    sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' web/static.go
+    sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' internal/web/static.go
+    sed -i"" -e 's,./lifecycle/gunicorn.conf.py,${authentikComponents.staticWorkdirDeps}/lifecycle/gunicorn.conf.py,' internal/gounicorn/gounicorn.go
+  '';
+  src = lib.cleanSourceWith {
+    src = authentik-src;
+    filter = (path: _:
+      (builtins.any (x: x) (
+        (map (infix: lib.hasInfix infix path) [
+          "/authentik"
+          "/cmd"
+          "/internal"
+        ])
+        ++
+        (map (suffix: lib.hasSuffix suffix path) [
+          "/web"
+          "/web/static.go"
+          "/web/robots.txt"
+          "/web/security.txt"
+          "go.mod"
+          "go.sum"
+        ])
+      ))
+    );
+  };
+  subPackages = [
+    "cmd/ldap"
+    "cmd/server"
+    "cmd/proxy"
+    "cmd/radius"
+  ];
+  vendorHash = "sha256-8F9emmQmbe7R+xtGrjV5ht0adGasU6WAvLa8Wxr+j8M=";
+  nativeBuildInputs = [ makeWrapper ];
+  postInstall = ''
+    wrapProgram $out/bin/server --prefix PATH : ${authentikComponents.pythonEnv}/bin
+    wrapProgram $out/bin/server --prefix PYTHONPATH : ${authentikComponents.staticWorkdirDeps}
+  '';
+}
--- a/components/migrate.nix
+++ b/components/migrate.nix
@ -0,0 +1,21 @@
+{ authentik-src
+, authentikComponents
+, makeWrapper
+, runCommandLocal
+}:
+
+runCommandLocal "authentik-migrate.py" {
+  nativeBuildInputs = [ makeWrapper ];
+} ''
+  mkdir -vp $out/bin
+  cp ${authentik-src}/lifecycle/migrate.py $out/bin/migrate.py
+  chmod +w $out/bin/migrate.py
+  patchShebangs $out/bin/migrate.py
+  substituteInPlace $out/bin/migrate.py \
+    --replace \
+    'migration_path in Path(__file__).parent.absolute().glob("system_migrations/*.py")' \
+    'migration_path in Path("${authentikComponents.staticWorkdirDeps}/lifecycle").glob("system_migrations/*.py")'
+  wrapProgram $out/bin/migrate.py \
+    --prefix PATH : ${authentikComponents.pythonEnv}/bin \
+    --prefix PYTHONPATH : ${authentikComponents.staticWorkdirDeps}
+''
--- a/components/pythonEnv.nix
+++ b/components/pythonEnv.nix
@ -0,0 +1,24 @@
+{ authentik-src
+, authentikPoetryOverrides
+, defaultPoetryOverrides
+, lib
+, mkPoetryEnv
+, python311
+}:
+
+mkPoetryEnv {
+  projectDir = authentik-src;
+  python = python311;
+  overrides = [
+    defaultPoetryOverrides
+  ] ++ authentikPoetryOverrides;
+  groups = [];
+  checkGroups = [];
+  # workaround to remove dev-dependencies for the current combination of legacy
+  # used by authentik and poetry2nix's behavior
+  pyproject = builtins.toFile "patched-pyproject.toml" (lib.replaceStrings
+    ["tool.poetry.dev-dependencies"]
+    ["tool.poetry.group.dev.dependencies"]
+    (builtins.readFile "${authentik-src}/pyproject.toml")
+  );
+}
--- a/components/staticWorkdirDeps.nix
+++ b/components/staticWorkdirDeps.nix
@ -0,0 +1,14 @@
+{ authentik-src
+, authentikComponents
+, linkFarm
+}:
+
+linkFarm "authentik-static-workdir-deps" [
+  { name = "authentik"; path = "${authentik-src}/authentik"; }
+  { name = "locale"; path = "${authentik-src}/locale"; }
+  { name = "blueprints"; path = "${authentik-src}/blueprints"; }
+  { name = "internal"; path = "${authentik-src}/internal"; }
+  { name = "lifecycle"; path = "${authentik-src}/lifecycle"; }
+  { name = "schemas"; path = "${authentik-src}/schemas"; }
+  { name = "web"; path = authentikComponents.frontend; }
+]