tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable media uploads

Browse source 
The media upload feature is build around being deployed in a container
and only enables uploads when `/media` is a mountpoint. This isn't the
case on nixos and as such media uploads are disable.

In order to enable this, we need to patch authentik so that the
`can_save_media` capability is enabled.
This commit is contained in:
Alexander Sieg 2024-01-02 11:45:20 +01:00
parent 8ff6252370
commit 8e23ad0cef
No known key found for this signature in database
3 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
components/authentik_media_upload.patch Normal file
View file

@ -0,0 +1,12 @@
diff --git a/authentik/api/v3/config.py b/authentik/api/v3/config.py
--- a/authentik/api/v3/config.py
+++ b/authentik/api/v3/config.py
@@ -66,7 +66,7 @@ class ConfigView(APIView):
"""Get all capabilities this server instance supports"""
caps = []
deb_test = settings.DEBUG or settings.TEST
- if Path(settings.MEDIA_ROOT).is_mount() or deb_test:
+ if Path(settings.MEDIA_ROOT).is_mount() or CONFIG.get_bool("media.enable_upload") or deb_test:
caps.append(Capabilities.CAN_SAVE_MEDIA)
if GEOIP_READER.enabled:
caps.append(Capabilities.CAN_GEO_IP)

11
components/staticWorkdirDeps.nix
View file

@ -1,10 +1,17 @@
{ authentik-src { authentik-src
, authentikComponents , authentikComponents
, linkFarm , linkFarm
, applyPatches
}: }:
let
patched-src = applyPatches {
src = authentik-src;
name = "patched-authentik-source";
patches = [ ./authentik_media_upload.patch ];
};
in
linkFarm "authentik-static-workdir-deps" [ linkFarm "authentik-static-workdir-deps" [
{ name = "authentik"; path = "${authentik-src}/authentik"; } { name = "authentik"; path = "${patched-src}/authentik"; }
{ name = "locale"; path = "${authentik-src}/locale"; } { name = "locale"; path = "${authentik-src}/locale"; }
{ name = "blueprints"; path = "${authentik-src}/blueprints"; } { name = "blueprints"; path = "${authentik-src}/blueprints"; }
{ name = "internal"; path = "${authentik-src}/internal"; } { name = "internal"; path = "${authentik-src}/internal"; }

3
module.nix
View file

@ -114,6 +114,8 @@ in
host = mkDefault ""; host = mkDefault "";
}; };
cert_discovery_dir = mkIf (cfg.nginx.enable && cfg.nginx.enableACME) "env://CREDENTIALS_DIRECTORY"; cert_discovery_dir = mkIf (cfg.nginx.enable && cfg.nginx.enableACME) "env://CREDENTIALS_DIRECTORY";
paths.media = mkDefault "/var/lib/authentik/media";
media.enable_upload = mkDefault true;
}; };
redis.servers.authentik = { redis.servers.authentik = {
enable = true; enable = true;
@ -181,6 +183,7 @@ in
restartTriggers = [ config.environment.etc."authentik/config.yml".source ]; restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
preStart = '' preStart = ''
ln -svf ${cfg.authentikComponents.staticWorkdirDeps}/* /var/lib/authentik/ ln -svf ${cfg.authentikComponents.staticWorkdirDeps}/* /var/lib/authentik/
mkdir -p ${cfg.settings.paths.media}
''; '';
serviceConfig = { serviceConfig = {
Environment = [ Environment = [