update: 2023.8.3 -> 2023.10.0

* nixpkgs-23.05 -> nixpkgs-unstable (for nodejs 21)
* nodejs_20 -> nodejs_21
* go_1_20 -> go_1_21
* added workaround for poetry2nix to drop python dev-dependencies

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/f885f8c0395df639ccabd762910867bef0f4577c' (2023-09-11)
  → 'github:goauthentik/authentik/b7c02808c664714144bd7ae6fee4c6402a88f426' (2023-10-26)
• Updated input 'flake-compat':
    'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
  → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/7f53fdb7bdc5bb237da7fefef12d099e4fd611ca' (2023-09-01)
  → 'github:hercules-ci/flake-parts/c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4' (2023-10-03)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/3e52e76b70d5508f3cec70b882a29199f4d1ee85?dir=lib' (2023-08-31)
  → 'github:NixOS/nixpkgs/f5892ddac112a1e9b3612c39af1b72987ee5783a?dir=lib' (2023-09-29)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
  → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4c8cf44c5b9481a4f093f1df3b8b7ba997a7c760' (2023-09-10)
  → 'github:NixOS/nixpkgs/8efd5d1e283604f75a808a20e6cde0ef313d07d4' (2023-10-24)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/c3d3c4a0396b1bcccd72c82551a319229997f6e4' (2023-09-08)
  → 'github:nix-community/poetry2nix/8f2c483f9a40db26011f6668559574a4b86ed499' (2023-10-26)
• Updated input 'poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
  → 'github:nix-community/nix-github-actions/bd5bdbb52350e145c526108f4ef192eb8e554fa0' (2023-09-02)
• Added input 'poetry2nix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/aae39f64f5ecbe89792d05eacea5cb241891292a' (2023-10-15)
• Added input 'poetry2nix/treefmt-nix/nixpkgs':
    follows 'poetry2nix/nixpkgs'

flake.lock

@@ -3,16 +3,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1694451308,
-        "narHash": "sha256-dpGvxhA5NWO8LKrGXzalV9EVn/nUIj6sMy2HdY5tjlM=",
+        "lastModified": 1698329167,
+        "narHash": "sha256-diHPyIN9c3klwhlPu5Q0DhjamLyB3UYUe4T58d6fdjQ=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "f885f8c0395df639ccabd762910867bef0f4577c",
+        "rev": "b7c02808c664714144bd7ae6fee4c6402a88f426",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2023.8.3",
+        "ref": "version/2023.10.0",
         "repo": "authentik",
         "type": "github"
       }
@@ -20,11 +20,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -38,11 +38,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1693611461,
-        "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
+        "lastModified": 1696343447,
+        "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
+        "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
         "type": "github"
       },
       "original": {
@@ -56,11 +56,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1692799911,
-        "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {
@@ -100,11 +100,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1688870561,
-        "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
+        "lastModified": 1693660503,
+        "narHash": "sha256-B/g2V4v6gjirFmy+I5mwB2bCYc0l3j5scVfwgl6WOl8=",
         "owner": "nix-community",
         "repo": "nix-github-actions",
-        "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
+        "rev": "bd5bdbb52350e145c526108f4ef192eb8e554fa0",
         "type": "github"
       },
       "original": {
@@ -115,16 +115,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1694304580,
-        "narHash": "sha256-5tIpNodDpEKT8mM/F5zCzWEAnidOg8eb1/x3SRaaBLs=",
+        "lastModified": 1698134075,
+        "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4c8cf44c5b9481a4f093f1df3b8b7ba997a7c760",
+        "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -132,11 +132,11 @@
     "nixpkgs-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1693471703,
-        "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
+        "lastModified": 1696019113,
+        "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
+        "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
         "type": "github"
       },
       "original": {
@@ -155,14 +155,16 @@
         "nix-github-actions": "nix-github-actions",
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1694165861,
-        "narHash": "sha256-FMiPKVcNxb9QWATnQrC68nIL2t8Fm4zBH0XyLz9uqko=",
+        "lastModified": 1698324369,
+        "narHash": "sha256-rftG/00dnS+HHun11lDFtL33NNcGUE3XznYI78gU7dY=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "c3d3c4a0396b1bcccd72c82551a319229997f6e4",
+        "rev": "8f2c483f9a40db26011f6668559574a4b86ed499",
         "type": "github"
       },
       "original": {
@@ -196,6 +198,41 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "id": "systems",
+        "type": "indirect"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1697388351,
+        "narHash": "sha256-63N2eBpKaziIy4R44vjpUu8Nz5fCJY7okKrkixvDQmY=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "aae39f64f5ecbe89792d05eacea5cb241891292a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -8,7 +8,7 @@
       url = "github:edolstra/flake-compat";
       flake = false;
     };
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     poetry2nix = {
       url = "github:nix-community/poetry2nix";
       inputs = {
@@ -24,7 +24,7 @@
       };
     };
     authentik-src = { # change version string in outputs as well when updating
-      url = "github:goauthentik/authentik/version/2023.8.3";
+      url = "github:goauthentik/authentik/version/2023.10.0";
       flake = false;
     };
   };
@@ -43,7 +43,7 @@
     { inherit inputs; }
     ({ inputs, lib, withSystem, ... }:
     let
-      authentik-version = "2023.8.3"; # to pass to the drvs of some components
+      authentik-version = "2023.10.0"; # to pass to the drvs of some components
     in {
       systems = [
         "x86_64-linux"
@@ -58,8 +58,8 @@
           );
         };
       };
-      perSystem = { inputs', pkgs, system, ... }: let
-        inherit (inputs'.poetry2nix.legacyPackages)
+      perSystem = { pkgs, system, ... }: let
+        inherit (import inputs.poetry2nix { inherit pkgs; })
           mkPoetryEnv
           defaultPoetryOverrides;
       in {
@@ -79,15 +79,15 @@
               mv -v ../website $out
             '';
           };
-          frontend = napalm.legacyPackages.${system}.buildPackage "${authentik-src}/web" {
+          frontend = napalm.legacyPackages.${system}.buildPackage "${authentik-src}/web" rec {
             version = authentik-version; # 0.0.0 specified upstream in package.json
             NODE_ENV = "production";
-            nodejs = pkgs.nodejs_20;
+            nodejs = pkgs.nodejs_21;
             preBuild = ''
               ln -sv ${docs} ../website
             '';
             npmCommands = [
-              "npm install --include=dev --nodedir=${pkgs.nodejs_20}/include/node --loglevel verbose --ignore-scripts"
+              "npm install --include=dev --nodedir=${nodejs}/include/node --loglevel verbose --ignore-scripts"
               "npm run build"
             ];
             installPhase = ''
@@ -100,9 +100,16 @@
             projectDir = authentik-src;
             python = pkgs.python311;
             overrides = [ defaultPoetryOverrides ] ++ (import ./poetry2nix-python-overrides.nix pkgs);
+            # workaround to remove dev-dependencies for the current combination of legacy pyproject.toml format
+            # used by authentik and poetry2nix's behavior
+            groups = [];
+            checkGroups = [];
+            pyproject = pkgs.runCommandLocal "patched-pyproject.toml" {} ''
+              sed -e 's,tool.poetry.dev-dependencies,tool.poetry.group.dev.dependencies,' ${authentik-src}/pyproject.toml > $out
+            '';
           };
           # server + outposts
-          gopkgs = pkgs.buildGo120Module {
+          gopkgs = pkgs.buildGo121Module {
             pname = "authentik-gopkgs";
             version = authentik-version;
             prePatch = ''
@@ -137,7 +144,7 @@
               "cmd/proxy"
               "cmd/radius"
             ];
-            vendorSha256 = "sha256-F3JzzL6Gg9H4qdmp4MbQFupccATYIUIFL05is6xzoZY=";
+            vendorSha256 = "sha256-JQRGlQ7iYrB5nKli3hoIAJHG9UeGqVD+dMupMUDZ2Zo=";
             nativeBuildInputs = [ pkgs.makeWrapper ];
             postInstall = ''
               wrapProgram $out/bin/server --prefix PATH : ${pythonEnv}/bin
@@ -162,8 +169,8 @@
             patchShebangs $out/bin/migrate.py
             substituteInPlace $out/bin/migrate.py \
               --replace \
-              'migration in Path(__file__).parent.absolute().glob("system_migrations/*.py")' \
-              'migration in Path("${staticWorkdirDeps}/lifecycle").glob("system_migrations/*.py")'
+              'migration_path in Path(__file__).parent.absolute().glob("system_migrations/*.py")' \
+              'migration_path in Path("${staticWorkdirDeps}/lifecycle").glob("system_migrations/*.py")'
             wrapProgram $out/bin/migrate.py \
               --prefix PATH : ${pythonEnv}/bin \
               --prefix PYTHONPATH : ${staticWorkdirDeps}

poetry2nix-python-overrides.nix

@@ -73,6 +73,11 @@ pkgs:
           final.hatch-fancy-pypi-readme
         ];
       });
+      django-filter = prev.django-filter.overrideAttrs (oA: {
+        nativeBuildInputs = oA.nativeBuildInputs ++ [
+          final.flit-core
+        ];
+      });
     }
   )
 ]