tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update: 2025.12.1 -> 2025.12.3

Browse source 
Closes #90

ChangeLogs:
* https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.2
* https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.3

Using the `client-go` library that is vendored in this release's `go.mod`
breaks all outposts for me, so we're now doing what upstream is also
doing, i.e. generating the Go client code ourselves.
This commit is contained in:
Maximilian Bosch 2026-02-07 16:31:47 +01:00
parent eee255ff2f
commit 9eed4f7e7e
No known key found for this signature in database
5 changed files with 68 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

12
components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch
View file

@ -1,20 +1,20 @@
From 2f51711b64204d090ad8cd6b2ef19fd11a1a6469 Mon Sep 17 00:00:00 2001 From 18b41fcb663a11fcd8ccc27bd951cc150456291b Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me> From: Maximilian Bosch <maximilian@mbosch.me>
Date: Fri, 16 Jan 2026 21:50:11 +0100 Date: Fri, 16 Jan 2026 21:50:11 +0100
Subject: [PATCH 2/2] admin: file dir doesn't have to be a mountpoint Subject: [PATCH] admin: file dir doesn't have to be a mountpoint
--- ---
authentik/admin/files/backends/file.py | 1 - authentik/admin/files/backends/file.py | 1 -
1 file changed, 1 deletion(-) 1 file changed, 1 deletion(-)
diff --git a/authentik/admin/files/backends/file.py b/authentik/admin/files/backends/file.py diff --git a/authentik/admin/files/backends/file.py b/authentik/admin/files/backends/file.py
index 7858ed5e9b..8a6d55ce64 100644 index 6d60d5f236..720223231f 100644
--- a/authentik/admin/files/backends/file.py --- a/authentik/admin/files/backends/file.py
+++ b/authentik/admin/files/backends/file.py +++ b/authentik/admin/files/backends/file.py
@@ -47,7 +47,6 @@ class FileBackend(ManageableBackend): @@ -52,7 +52,6 @@ class FileBackend(ManageableBackend):
def manageable(self) -> bool: # file creation on fresh installs.
return ( return (
self.base_path.exists() self._base_dir.exists()
- and (self._base_dir.is_mount() or (self._base_dir / self.usage.value).is_mount()) - and (self._base_dir.is_mount() or (self._base_dir / self.usage.value).is_mount())
or (settings.DEBUG or settings.TEST) or (settings.DEBUG or settings.TEST)
) )

20
components/client-go.nix Normal file
View file

@ -0,0 +1,20 @@
{
authentik-src,
authentik-go,
openapi-generator-cli,
runCommand,
}:
runCommand "go-client-code" {
nativeBuildInputs = [
openapi-generator-cli
];
} ''
cp --no-preserve=mode -vr ${authentik-go}/ $out/
cp -vr ${authentik-src}/schema.yml $out/
pushd $out &>/dev/null
substituteInPlace config.yaml \
--replace-fail "templateDir: /local/templates/" "templateDir: ./templates/"
openapi-generator-cli generate -i schema.yml -g go -o . -c config.yaml
popd &>/dev/null
''

8
components/gopkgs.nix
View file

@ -8,10 +8,12 @@
guacamole-server, guacamole-server,
stdenv, stdenv,
patches, patches,
generatedGoClient,
}: }:
let let
guacamoleAvailable = lib.meta.availableOn stdenv.hostPlatform guacamole-server; guacamoleAvailable = lib.meta.availableOn stdenv.hostPlatform guacamole-server;
in in
buildGo125Module { buildGo125Module {
pname = "authentik-gopkgs"; pname = "authentik-gopkgs";
@ -21,6 +23,9 @@ buildGo125Module {
sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' web/static.go sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' web/static.go
sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' internal/web/static.go sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' internal/web/static.go
sed -i"" -e 's,./lifecycle/gunicorn.conf.py,${authentikComponents.staticWorkdirDeps}/lifecycle/gunicorn.conf.py,' internal/gounicorn/gounicorn.go sed -i"" -e 's,./lifecycle/gunicorn.conf.py,${authentikComponents.staticWorkdirDeps}/lifecycle/gunicorn.conf.py,' internal/gounicorn/gounicorn.go
cp --no-preserve=mode -vr ${generatedGoClient} gen-go-api
echo "replace goauthentik.io/api/v3 => ./gen-go-api" >>go.mod
go mod edit -require=goauthentik.io/api/v3@v3.0.0
'' + lib.optionalString guacamoleAvailable '' '' + lib.optionalString guacamoleAvailable ''
substituteInPlace internal/outpost/rac/guacd.go \ substituteInPlace internal/outpost/rac/guacd.go \
--replace-fail '/opt/guacamole/sbin/guacd' \ --replace-fail '/opt/guacamole/sbin/guacd' \
@ -43,6 +48,7 @@ buildGo125Module {
"/web/security.txt" "/web/security.txt"
"go.mod" "go.mod"
"go.sum" "go.sum"
"schema.yml"
]) ])
)) ))
); );
@ -63,7 +69,7 @@ buildGo125Module {
] ++ lib.optionals guacamoleAvailable [ ] ++ lib.optionals guacamoleAvailable [
"cmd/rac" "cmd/rac"
]; ];
vendorHash = "sha256-u/kAqDCeWHPaw/0+lQ9U6/pHSgdANOeflQLVgUV64Vs="; vendorHash = "sha256-meqQHr5U0/6nc8fv1b4SFo2ohFcwSeAmSB1eLKsO9nc=";
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
doCheck = false; doCheck = false;
postInstall = '' postInstall = ''

33
flake.lock generated
View file

@ -1,18 +1,34 @@
{ {
"nodes": { "nodes": {
"authentik-src": { "authentik-go": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1768596569, "lastModified": 1770333754,
"narHash": "sha256-HDTbQB/sMhYh2b95dQwzF8OgrwLWdl4hVmx6wtDcgE8=", "narHash": "sha256-Yyna75Nd6485tZP9IpdEa5QNomswe9hRfM+w3MuET9E=",
"owner": "ma27", "owner": "goauthentik",
"repo": "authentik", "repo": "client-go",
"rev": "72ad5fe320f2201fc2a37372d4c9cb46377a58e5", "rev": "280022b0a8de5c8f4b2965d1147a1c4fa846ba64",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ma27", "owner": "goauthentik",
"ref": "2025.12.1-dependency-fix", "repo": "client-go",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1770055313,
"narHash": "sha256-t9DOFNSQJZdUnZSEr3z8EBRsltS4DKu9xad9gS5/Ikc=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "6760f4c5d38e245edb72e12e4f45bda8dd859ccd",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.12.3",
"repo": "authentik", "repo": "authentik",
"type": "github" "type": "github"
} }
@ -174,6 +190,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"authentik-go": "authentik-go",
"authentik-src": "authentik-src", "authentik-src": "authentik-src",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",

13
flake.nix
View file

@ -42,8 +42,11 @@
}; };
authentik-src = { authentik-src = {
# change version string in outputs as well when updating # change version string in outputs as well when updating
#url = "github:goauthentik/authentik/version/2025.12.1"; url = "github:goauthentik/authentik/version/2025.12.3";
url = "github:ma27/authentik/2025.12.1-dependency-fix"; flake = false;
};
authentik-go = {
url = "github:goauthentik/client-go";
flake = false; flake = false;
}; };
}; };
@ -54,6 +57,7 @@
flake-parts, flake-parts,
napalm, napalm,
authentik-src, authentik-src,
authentik-go,
uv2nix, uv2nix,
pyproject-build-systems, pyproject-build-systems,
pyproject-nix, pyproject-nix,
@ -68,7 +72,7 @@
... ...
}: }:
let let
authentik-version = "2025.12.1"; # to pass to the drvs of some components authentik-version = "2025.12.3"; # to pass to the drvs of some components
in in
{ {
systems = import inputs.systems; systems = import inputs.systems;
@ -127,6 +131,8 @@
manage = final.callPackage ./components/manage.nix { }; manage = final.callPackage ./components/manage.nix { };
}; };
generatedGoClient = final.callPackage ./components/client-go.nix { };
# for uv2nix # for uv2nix
pythonOverlay = final.callPackage ./components/python-overrides.nix { }; pythonOverlay = final.callPackage ./components/python-overrides.nix { };
@ -136,6 +142,7 @@
inherit inherit
authentik-src authentik-src
authentik-go
authentik-version authentik-version
buildNapalmPackage buildNapalmPackage
uv2nix uv2nix