From 905036eb17f1afa67ffb8d62d24dc315498b3d07 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 27 Feb 2026 15:00:05 +0100 Subject: [PATCH 1/3] tests: don't run update checks in VM tests --- tests/minimal-vmtest.nix | 1 + tests/override-scope.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/minimal-vmtest.nix b/tests/minimal-vmtest.nix index 4f0e41f..eabe78e 100644 --- a/tests/minimal-vmtest.nix +++ b/tests/minimal-vmtest.nix @@ -33,6 +33,7 @@ pkgs.testers.runNixOSTest { enable = true; host = "localhost"; }; + settings.disable_update_check = true; }; services.xserver.enable = true; diff --git a/tests/override-scope.nix b/tests/override-scope.nix index 24d084b..1781f9a 100644 --- a/tests/override-scope.nix +++ b/tests/override-scope.nix @@ -74,6 +74,7 @@ pkgs.testers.runNixOSTest { }; # pass authentikComponents with patched pythonEnv and staticWorkdirDeps inherit (customScope) authentikComponents; + settings.disable_update_check = true; }; services.xserver.enable = true; From 3abc7ff26a2718ca8691bcaf946c896ebb93e1a2 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 27 Feb 2026 15:04:03 +0100 Subject: [PATCH 2/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'authentik-go': 'github:goauthentik/client-go/280022b0a8de5c8f4b2965d1147a1c4fa846ba64' (2026-02-05) → 'github:goauthentik/client-go/4c1444ee54d945fbcc5ae107b4f191ca0352023d' (2026-02-23) • Updated input 'flake-compat': 'github:edolstra/flake-compat/65f23138d8d09a92e30f1e5c87611b23ef451bf3' (2025-12-07) → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab' (2025-12-29) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9' (2025-12-15) → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381' (2026-02-02) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14) → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c' (2026-02-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1412caf7bf9e660f2f962917c14b1ea1c3bc695e' (2026-01-13) → 'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993' (2026-02-23) • Updated input 'pyproject-build-systems': 'github:pyproject-nix/build-system-pkgs/042904167604c681a090c07eb6967b4dd4dae88c' (2025-11-20) → 'github:pyproject-nix/build-system-pkgs/04e9c186e01f0830dad3739088070e4c551191a4' (2026-02-18) • Updated input 'pyproject-nix': 'github:pyproject-nix/pyproject.nix/2c8df1383b32e5443c921f61224b198a2282a657' (2025-11-26) → 'github:pyproject-nix/pyproject.nix/eb204c6b3335698dec6c7fc1da0ebc3c6df05937' (2026-02-19) • Updated input 'uv2nix': 'github:pyproject-nix/uv2nix/4cca323a547a1aaa9b94929c4901bed5343eafe8' (2025-12-13) → 'github:pyproject-nix/uv2nix/abe65de114300de41614002fe9dce2152ac2ac23' (2026-02-27) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 596a49c..a7f43c9 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "authentik-go": { "flake": false, "locked": { - "lastModified": 1770333754, - "narHash": "sha256-Yyna75Nd6485tZP9IpdEa5QNomswe9hRfM+w3MuET9E=", + "lastModified": 1771856219, + "narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=", "owner": "goauthentik", "repo": "client-go", - "rev": "280022b0a8de5c8f4b2965d1147a1c4fa846ba64", + "rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1765121682, - "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -54,11 +54,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -113,11 +113,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768305791, - "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -155,11 +155,11 @@ ] }, "locked": { - "lastModified": 1763662255, - "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", + "lastModified": 1771423342, + "narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "042904167604c681a090c07eb6967b4dd4dae88c", + "rev": "04e9c186e01f0830dad3739088070e4c551191a4", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1764134915, - "narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=", + "lastModified": 1771518446, + "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "2c8df1383b32e5443c921f61224b198a2282a657", + "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1765631794, - "narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=", + "lastModified": 1772187362, + "narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8", + "rev": "abe65de114300de41614002fe9dce2152ac2ac23", "type": "github" }, "original": { From 4b7126941b7684b5abe8d2274929c22c62163188 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 27 Feb 2026 15:00:21 +0100 Subject: [PATCH 3/3] update: 2025.12.4 -> 2026.2.0 ChangeLog: https://docs.goauthentik.io/releases/2026.2/ --- components/docs.nix | 3 ++- components/fix-lxml-libxml-2.15-build.patch | 12 ------------ components/gopkgs.nix | 2 +- components/python-overrides.nix | 21 +++++++++++++-------- flake.lock | 8 ++++---- flake.nix | 6 +++--- tests/minimal-vmtest.nix | 2 +- tests/override-scope.nix | 2 +- 8 files changed, 25 insertions(+), 31 deletions(-) delete mode 100644 components/fix-lxml-libxml-2.15-build.patch diff --git a/components/docs.nix b/components/docs.nix index 58bcebb..e849268 100644 --- a/components/docs.nix +++ b/components/docs.nix @@ -13,7 +13,8 @@ buildNapalmPackage "${authentik-src}/website" { "cp -v ${authentik-src}/SECURITY.md ../SECURITY.md" "cp -vr ${authentik-src}/blueprints ../blueprints" "cp -v ${authentik-src}/schema.yml ../schema.yml" - "cp -v ${authentik-src}/docker-compose.yml ../docker-compose.yml" + "mkdir -p ../lifecycle/container" + "cp -v ${authentik-src}/lifecycle/container/compose.yml ../lifecycle/container/compose.yml" "npm config set loglevel verbose" "npm ci --workspaces --include-workspace-root --no-audit" "npm run build" diff --git a/components/fix-lxml-libxml-2.15-build.patch b/components/fix-lxml-libxml-2.15-build.patch deleted file mode 100644 index 3cc369b..0000000 --- a/components/fix-lxml-libxml-2.15-build.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/lxml/etree.c b/src/lxml/etree.c -index 9fbfe5a..74c83c7 100644 ---- a/src/lxml/etree.c -+++ b/src/lxml/etree.c -@@ -35183,7 +35183,6 @@ static void __pyx_f_4lxml_5etree_fixThreadDictNamesForDtd(xmlDtd *__pyx_v_c_dtd, - * _fixThreadDictPtr(&c_attribute.name, c_src_dict, c_dict) - * _fixThreadDictPtr(&c_attribute.prefix, c_src_dict, c_dict) - */ -- __pyx_f_4lxml_5etree__fixThreadDictPtr((&__pyx_v_c_attribute->defaultValue), __pyx_v_c_src_dict, __pyx_v_c_dict); - - /* "src/lxml/proxy.pxi":578 - * while c_attribute: diff --git a/components/gopkgs.nix b/components/gopkgs.nix index 9bebe9d..774cb1c 100644 --- a/components/gopkgs.nix +++ b/components/gopkgs.nix @@ -69,7 +69,7 @@ buildGo125Module { ] ++ lib.optionals guacamoleAvailable [ "cmd/rac" ]; - vendorHash = "sha256-hdkd7/bqgTvYwlhVA9zEQny6yDowMaoRcC7TdRoXfJc="; + vendorHash = "sha256-0YKn6qScUjkLOq/hyUZp7e+dQ58POSgj4CgfDro+5J4="; nativeBuildInputs = [ makeWrapper ]; doCheck = false; postInstall = '' diff --git a/components/python-overrides.nix b/components/python-overrides.nix index a6d665c..e0246f5 100644 --- a/components/python-overrides.nix +++ b/components/python-overrides.nix @@ -8,6 +8,7 @@ libtool, pkg-config, xmlsec, + python, }: let @@ -44,6 +45,18 @@ let # Fixes for dependencies with C libraries. buildFixes = final: prev: { + django-tenants = prev.django-tenants.overrideAttrs { + /* + Resolves + + > FileCollisionError: Two or more packages are trying to provide the same file with different contents + > + > Files: /nix/store/snsw4gij9l7pllphdskxqmr3y5a951aq-django-tenants-3.10.0/lib/python3.14/site-packages/docs/Makefile /nix/store/dxy56wp46sm8nqjfhmfswb5k5rcwrj6y-pyrad-2.5.4/lib/python3.14/site-packages/docs/Makefile + */ + postFixup = '' + rm -r $out/${python.sitePackages}/docs + ''; + }; gssapi = prev.gssapi.overrideAttrs ( { buildInputs ? [ ], @@ -77,7 +90,6 @@ let lxml = prev.lxml.overrideAttrs ( { buildInputs ? [ ], - patches ? [ ], ... }: { @@ -86,13 +98,6 @@ let libxml2 zlib ]; - patches = patches ++ [ - # The upstream fix for this is - # https://github.com/lxml/lxml/commit/f7a813483c4482dd114e7ee8b42b54337e285503, - # however, this doesn't help us here because the `etree.c` file is already generated - # (we're using the wheel), so we have to patch the C file directly. - ./fix-lxml-libxml-2.15-build.patch - ]; } ); xmlsec = prev.xmlsec.overrideAttrs ( diff --git a/flake.lock b/flake.lock index a7f43c9..67cd0d6 100644 --- a/flake.lock +++ b/flake.lock @@ -19,16 +19,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1770911230, - "narHash": "sha256-alTyrMBbjZbw4jhEna8saabf93sqSrZCu+Z5xH3pZ7M=", + "lastModified": 1771963976, + "narHash": "sha256-pVQ34cZYX3hlk6hF1aZ/n32xMqTF4Jmp0G0VGDU7iXc=", "owner": "goauthentik", "repo": "authentik", - "rev": "19ad8d3ae3f266ec1096bc4461fdf6bcda1aa079", + "rev": "8af491630b70ff6bd089753e21bef511bfb3f557", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.12.4", + "ref": "version/2026.2.0", "repo": "authentik", "type": "github" } diff --git a/flake.nix b/flake.nix index 086dfce..913a573 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,7 @@ }; authentik-src = { # change version string in outputs as well when updating - url = "github:goauthentik/authentik/version/2025.12.4"; + url = "github:goauthentik/authentik/version/2026.2.0"; flake = false; }; authentik-go = { @@ -72,7 +72,7 @@ ... }: let - authentik-version = "2025.12.4"; # to pass to the drvs of some components + authentik-version = "2026.2.0"; # to pass to the drvs of some components in { systems = import inputs.systems; @@ -114,7 +114,7 @@ { pkgs, system ? pkgs.stdenv.hostPlatform.system, - python ? pkgs.python313, + python ? pkgs.python314, authentik-version ? authentik-version', buildNapalmPackage ? napalm.legacyPackages.${system}.buildPackage, }: diff --git a/tests/minimal-vmtest.nix b/tests/minimal-vmtest.nix index eabe78e..096fe93 100644 --- a/tests/minimal-vmtest.nix +++ b/tests/minimal-vmtest.nix @@ -9,7 +9,7 @@ pkgs.testers.runNixOSTest { authentik = { virtualisation = { cores = 3; - memorySize = 2048; + memorySize = 3072; }; imports = [ nixosModules.default diff --git a/tests/override-scope.nix b/tests/override-scope.nix index 1781f9a..7ac1180 100644 --- a/tests/override-scope.nix +++ b/tests/override-scope.nix @@ -48,7 +48,7 @@ pkgs.testers.runNixOSTest { authentik = { virtualisation = { cores = 3; - memorySize = 2048; + memorySize = 3072; }; imports = [ nixosModules.default