From ad2994c95fe0c4927ac3c542f39b86ca10f9b697 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 16 Jan 2026 21:54:23 +0100 Subject: [PATCH] update: 2025.10.3 -> 2025.12.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #83 Closes #85 ChangeLog: https://docs.goauthentik.io/releases/2025.12 ⚠️ When using the Avatar upload, you'll have to make your users re-upload their avatars due to changes in how media is served by Authentik[1]. For now, we're using a branch from me that is 2025.12.1 with an update of `@goauthentik/api` on top[2]. Without that change, `AdminFileListUsageEnum` doesn't exist which breaks all usage of `AdminFileListUsageEnum.Media`: TypeError: can't access property "Media", R.AdminFileListUsageEnum is undefined renderForm ApplicationForm.ts:191 [...] This made e.g. the modal to edit applications unusable which infinitely hang on a loading spinner. The media path now points to `/var/lib/authentik`. This path is only used for media storage and Authentik now always appends the "usage name" as directory behind the storage path, i.e. it already appends `/var/lib/authentik/media`, so this is needed to make Authentik discover existing media. Finally, I added a `patches` attribute to the authentik scope that applies patches to both the workdir-deps (which is the PYTHONPATH in the end, i.e. where we load the authentik module from) and the gopkgs. We're still missing patchability for frontend (since we directly build the subdir in napalm), but I think that's a step in the right direction. [1] https://github.com/goauthentik/authentik/discussions/6824#discussioncomment-15490793 [2] Upstream PR: https://github.com/goauthentik/authentik/pull/19542 --- ...-dir-doesn-t-have-to-be-a-mountpoint.patch | 24 +++++ ...thentik_media_tenant_files_migration.patch | 15 ---- components/authentik_media_upload.patch | 11 --- .../js-fetch-npm-shrinkwrap.json | 89 ++++++++++--------- .../nodejs-native-npm-shrinkwrap.json | 48 ++++------ .../postman-cli-npm-shrinkwrap.json | 5 ++ components/docs.nix | 2 +- components/gopkgs.nix | 8 +- components/staticWorkdirDeps.nix | 6 +- flake.lock | 18 ++-- flake.nix | 9 +- module.nix | 6 +- 12 files changed, 118 insertions(+), 123 deletions(-) create mode 100644 components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch delete mode 100644 components/authentik_media_tenant_files_migration.patch delete mode 100644 components/authentik_media_upload.patch create mode 100644 components/docs-extra-package-locks/postman-cli-npm-shrinkwrap.json diff --git a/components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch b/components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch new file mode 100644 index 0000000..b08bb3c --- /dev/null +++ b/components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch @@ -0,0 +1,24 @@ +From 2f51711b64204d090ad8cd6b2ef19fd11a1a6469 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch +Date: Fri, 16 Jan 2026 21:50:11 +0100 +Subject: [PATCH 2/2] admin: file dir doesn't have to be a mountpoint + +--- + authentik/admin/files/backends/file.py | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/authentik/admin/files/backends/file.py b/authentik/admin/files/backends/file.py +index 7858ed5e9b..8a6d55ce64 100644 +--- a/authentik/admin/files/backends/file.py ++++ b/authentik/admin/files/backends/file.py +@@ -47,7 +47,6 @@ class FileBackend(ManageableBackend): + def manageable(self) -> bool: + return ( + self.base_path.exists() +- and (self._base_dir.is_mount() or (self._base_dir / self.usage.value).is_mount()) + or (settings.DEBUG or settings.TEST) + ) + +-- +2.51.2 + diff --git a/components/authentik_media_tenant_files_migration.patch b/components/authentik_media_tenant_files_migration.patch deleted file mode 100644 index 4cc997f..0000000 --- a/components/authentik_media_tenant_files_migration.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/lifecycle/system_migrations/tenant_files.py b/lifecycle/system_migrations/tenant_files.py -index 40795d460..7ac1efb34 100644 ---- a/lifecycle/system_migrations/tenant_files.py -+++ b/lifecycle/system_migrations/tenant_files.py -@@ -2,8 +2,9 @@ - from pathlib import Path - - from lifecycle.migrate import BaseMigration -+from authentik.lib.config import CONFIG - --MEDIA_ROOT = Path(__file__).parent.parent.parent / "media" -+MEDIA_ROOT = Path(CONFIG.get("storage.media.file.path")) - TENANT_MEDIA_ROOT = MEDIA_ROOT / "public" - - diff --git a/components/authentik_media_upload.patch b/components/authentik_media_upload.patch deleted file mode 100644 index 74558c1..0000000 --- a/components/authentik_media_upload.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff --git a/authentik/api/v3/config.py b/authentik/api/v3/config.py ---- a/authentik/api/v3/config.py -+++ b/authentik/api/v3/config.py -@@ -71,6 +71,7 @@ class ConfigView(APIView): - if ( - CONFIG.get("storage.media.backend", "file") == "s3" - or Path(settings.STORAGES["default"]["OPTIONS"]["location"]).is_mount() -+ or CONFIG.get_bool("media.enable_upload") - or deb_test - ): - caps.append(Capabilities.CAN_SAVE_MEDIA) diff --git a/components/docs-extra-package-locks/js-fetch-npm-shrinkwrap.json b/components/docs-extra-package-locks/js-fetch-npm-shrinkwrap.json index 25b7bf9..cf9011a 100644 --- a/components/docs-extra-package-locks/js-fetch-npm-shrinkwrap.json +++ b/components/docs-extra-package-locks/js-fetch-npm-shrinkwrap.json @@ -4,57 +4,58 @@ "lockfileVersion": 1, "requires": true, "dependencies": { - "asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=", + "data-uri-to-buffer": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", "dev": true }, - "combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "fetch-blob": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz", + "integrity": "sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==", "dev": true, "requires": { - "delayed-stream": "~1.0.0" + "node-domexception": "^1.0.0", + "web-streams-polyfill": "^3.0.3" } }, - "delayed-stream": { + "formdata-node": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/formdata-node/-/formdata-node-6.0.3.tgz", + "integrity": "sha512-8e1++BCiTzUno9v5IZ2J6bv4RU+3UKDmqWUQD0MIMVCd9AdhWkO1gw57oo1mNEX1dMq2EGI+FbWz4B92pscSQg==", + "dev": true + }, + "formdata-polyfill": { + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", + "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==", + "dev": true, + "requires": { + "fetch-blob": "^3.1.2" + } + }, + "node-domexception": { "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", + "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", + "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==", "dev": true }, - "form-data": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.1.tgz", - "integrity": "sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==", - "dev": true, - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.6", - "mime-types": "^2.1.12" - } - }, - "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==", - "dev": true - }, - "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", - "dev": true, - "requires": { - "mime-db": "1.44.0" - } - }, "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", + "dev": true, + "requires": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + } + }, + "node-fetch2": { + "version": "npm:node-fetch@2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", "dev": true, "requires": { "whatwg-url": "^5.0.0" @@ -66,6 +67,12 @@ "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==", "dev": true }, + "web-streams-polyfill": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz", + "integrity": "sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==", + "dev": true + }, "webidl-conversions": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", diff --git a/components/docs-extra-package-locks/nodejs-native-npm-shrinkwrap.json b/components/docs-extra-package-locks/nodejs-native-npm-shrinkwrap.json index 1bb10ce..ca70e49 100644 --- a/components/docs-extra-package-locks/nodejs-native-npm-shrinkwrap.json +++ b/components/docs-extra-package-locks/nodejs-native-npm-shrinkwrap.json @@ -48,23 +48,15 @@ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - }, "mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==" }, "mime-format": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/mime-format/-/mime-format-2.0.1.tgz", - "integrity": "sha512-XxU3ngPbEnrYnNbIX+lYSaYg0M01v6p2ntd2YaFksTu0vayaw5OJvbdRyWs07EYRlLED5qadUZ+xo+XhOvFhwg==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/mime-format/-/mime-format-2.0.2.tgz", + "integrity": "sha512-Y5ERWVcyh3sby9Fx2U5F1yatiTFjNsqF5NltihTWI9QgNtr5o3dbCZdcKa1l2wyfhnwwoP9HGNxga7LqZLA6gw==", "requires": { "charset": "^1.0.0" } @@ -78,9 +70,9 @@ } }, "postman-collection": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/postman-collection/-/postman-collection-4.4.0.tgz", - "integrity": "sha512-2BGDFcUwlK08CqZFUlIC8kwRJueVzPjZnnokWPtJCd9f2J06HBQpGL7t2P1Ud1NEsK9NHq9wdipUhWLOPj5s/Q==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/postman-collection/-/postman-collection-5.0.0.tgz", + "integrity": "sha512-1LK795Atv/ZX3jK1MCTx9KCBz0rAiIJJhTLqnJ4AsXLiLSqJuAH1w5jI1CQzHVLpPFg6E8Rl4tQIhF0eBgKNQQ==", "requires": { "@faker-js/faker": "5.5.3", "file-type": "3.9.0", @@ -88,19 +80,19 @@ "iconv-lite": "0.6.3", "liquid-json": "0.3.1", "lodash": "4.17.21", - "mime-format": "2.0.1", + "mime-format": "2.0.2", "mime-types": "2.1.35", - "postman-url-encoder": "3.0.5", - "semver": "7.5.4", + "postman-url-encoder": "3.0.6", + "semver": "7.7.1", "uuid": "8.3.2" } }, "postman-url-encoder": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.5.tgz", - "integrity": "sha512-jOrdVvzUXBC7C+9gkIkpDJ3HIxOHTIqjpQ4C1EMt1ZGeMvSEpbFCKq23DEfgsj46vMnDgyQf+1ZLp2Wm+bKSsA==", + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.6.tgz", + "integrity": "sha512-uOlnZW+4Cmpbfbuq02hdj1hSpcIFmQxlAwsO6dflwUIVpt9+1duYVxXv3ikf+wHrAO8Wy98uVKnnuR8R0Qpdng==", "requires": { - "punycode": "^2.1.1" + "punycode": "^2.3.1" } }, "punycode": { @@ -114,22 +106,14 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "requires": { - "lru-cache": "^6.0.0" - } + "version": "7.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", + "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==" }, "uuid": { "version": "8.3.2", "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" - }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" } } } diff --git a/components/docs-extra-package-locks/postman-cli-npm-shrinkwrap.json b/components/docs-extra-package-locks/postman-cli-npm-shrinkwrap.json new file mode 100644 index 0000000..d8e84ce --- /dev/null +++ b/components/docs-extra-package-locks/postman-cli-npm-shrinkwrap.json @@ -0,0 +1,5 @@ +{ + "name": "@postman/codegen-postman-cli", + "version": "0.0.1", + "lockfileVersion": 1 +} diff --git a/components/docs.nix b/components/docs.nix index 196e076..4bafe12 100644 --- a/components/docs.nix +++ b/components/docs.nix @@ -64,7 +64,7 @@ buildNapalmPackage "${authentik-src}/website" { # $ cd postman-code-generators # $ git checkout v[version-from-lockfile] # $ cd codegens/ - # $ for f in **/npm-shrinkfile.json; do cp "$f" "[this projects root]/comonents/docs-extra-package-locks/${f//\//-}" + # $ for f in **/npm-shrinkwrap.json; do cp "$f" "[this projects root]/components/docs-extra-package-locks/${f//\//-}"; done # # diff --git a/components/gopkgs.nix b/components/gopkgs.nix index 2bc894d..50ab417 100644 --- a/components/gopkgs.nix +++ b/components/gopkgs.nix @@ -2,19 +2,21 @@ authentik-src, authentik-version, authentikComponents, - buildGo124Module, + buildGo125Module, lib, makeWrapper, guacamole-server, stdenv, + patches, }: let guacamoleAvailable = lib.meta.availableOn stdenv.hostPlatform guacamole-server; in -buildGo124Module { +buildGo125Module { pname = "authentik-gopkgs"; version = authentik-version; + inherit patches; prePatch = '' sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' web/static.go sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' internal/web/static.go @@ -61,7 +63,7 @@ buildGo124Module { ] ++ lib.optionals guacamoleAvailable [ "cmd/rac" ]; - vendorHash = "sha256-m2shrCwoVdbtr8B83ZcAyG+J6dEys2xdjtlfFFF4CDo="; + vendorHash = "sha256-u/kAqDCeWHPaw/0+lQ9U6/pHSgdANOeflQLVgUV64Vs="; nativeBuildInputs = [ makeWrapper ]; doCheck = false; postInstall = '' diff --git a/components/staticWorkdirDeps.nix b/components/staticWorkdirDeps.nix index 2b85f96..41e6427 100644 --- a/components/staticWorkdirDeps.nix +++ b/components/staticWorkdirDeps.nix @@ -3,15 +3,13 @@ authentikComponents, linkFarm, applyPatches, + patches, }: let patched-src = applyPatches { src = authentik-src; name = "patched-authentik-source"; - patches = [ - ./authentik_media_upload.patch - ./authentik_media_tenant_files_migration.patch - ]; + inherit patches; }; in linkFarm "authentik-static-workdir-deps" [ diff --git a/flake.lock b/flake.lock index 11a8b63..1a7ad88 100644 --- a/flake.lock +++ b/flake.lock @@ -3,16 +3,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1765907481, - "narHash": "sha256-d0pPNE2T30COdFse0T15Mx8XW4BGg8hgPQvmW2dAV9s=", - "owner": "goauthentik", + "lastModified": 1768596569, + "narHash": "sha256-HDTbQB/sMhYh2b95dQwzF8OgrwLWdl4hVmx6wtDcgE8=", + "owner": "ma27", "repo": "authentik", - "rev": "0d617e4ad1eb9e4540ba5381e6ce06e971affc63", + "rev": "72ad5fe320f2201fc2a37372d4c9cb46377a58e5", "type": "github" }, "original": { - "owner": "goauthentik", - "ref": "version/2025.10.3", + "owner": "ma27", + "ref": "2025.12.1-dependency-fix", "repo": "authentik", "type": "github" } @@ -97,11 +97,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1768305791, + "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2773218..123b625 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,8 @@ }; authentik-src = { # change version string in outputs as well when updating - url = "github:goauthentik/authentik/version/2025.10.3"; + #url = "github:goauthentik/authentik/version/2025.12.1"; + url = "github:ma27/authentik/2025.12.1-dependency-fix"; flake = false; }; }; @@ -67,7 +68,7 @@ ... }: let - authentik-version = "2025.10.3"; # to pass to the drvs of some components + authentik-version = "2025.12.1"; # to pass to the drvs of some components in { systems = import inputs.systems; @@ -129,6 +130,10 @@ # for uv2nix pythonOverlay = final.callPackage ./components/python-overrides.nix { }; + patches = [ + ./components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch + ]; + inherit authentik-src authentik-version diff --git a/module.nix b/module.nix index 25e0391..e02a2b2 100644 --- a/module.nix +++ b/module.nix @@ -323,10 +323,9 @@ in storage.media = { backend = mkDefault "file"; file = mkDefault { - path = "/var/lib/authentik/media"; + path = "/var/lib/authentik"; }; }; - media.enable_upload = mkDefault true; }; postgresql = mkIf cfg.createDatabase { enable = true; @@ -428,9 +427,6 @@ in restartTriggers = [ config.environment.etc."authentik/config.yml".source ]; preStart = '' ln -svf ${cfg.authentikComponents.staticWorkdirDeps}/* /var/lib/authentik/ - ${optionalString (cfg.settings.storage.media.backend == "file") '' - mkdir -p ${cfg.settings.storage.media.file.path} - ''} ''; environment = mkMerge [ environment