tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #70 from nix-community/authentik-2025.8

Browse source 
update: 2025.6.4 -> 2025.8.1
This commit is contained in:
Maximilian Bosch 2025-09-05 10:49:56 +02:00 committed by GitHub
commit cfa634fd2d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 39 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

6
components/docs.nix
View file

@ -13,8 +13,10 @@ buildNapalmPackage "${authentik-src}/website" {
"cp -v ${authentik-src}/SECURITY.md ../SECURITY.md" "cp -v ${authentik-src}/SECURITY.md ../SECURITY.md"
"cp -vr ${authentik-src}/blueprints ../blueprints" "cp -vr ${authentik-src}/blueprints ../blueprints"
"cp -v ${authentik-src}/schema.yml ../schema.yml" "cp -v ${authentik-src}/schema.yml ../schema.yml"
"npm install --include=dev" "cp -v ${authentik-src}/docker-compose.yml ../docker-compose.yml"
"npm run build-bundled" "npm config set loglevel verbose"
"npm ci --workspaces --include-workspace-root --no-audit"
"npm run build"
]; ];
installPhase = '' installPhase = ''
rm -f ../website/static/blueprints rm -f ../website/static/blueprints

3
components/frontend.nix
View file

@ -17,8 +17,9 @@ buildNapalmPackage "${authentik-src}/web" rec {
# from release build dependencies, therefore this workaround # from release build dependencies, therefore this workaround
CHROMEDRIVER_SKIP_DOWNLOAD = "true"; CHROMEDRIVER_SKIP_DOWNLOAD = "true";
npmCommands = [ npmCommands = [
"npm install --include=dev --nodedir=${nodejs}/include/node --loglevel verbose" "npm install --include=dev --nodedir=${nodejs}/include/node --loglevel verbose --ignore-scripts"
"npm run build" "npm run build"
"npm run build:sfe"
]; ];
installPhase = '' installPhase = ''
mkdir $out mkdir $out

2
components/gopkgs.nix
View file

@ -42,7 +42,7 @@ buildGo124Module {
"cmd/proxy" "cmd/proxy"
"cmd/radius" "cmd/radius"
]; ];
vendorHash = "sha256-7oX7e7Ni5I6zblEQIeXjYOt4+QNSjH4Rpn7B5Cr5LMc="; vendorHash = "sha256-wTTEDBRYCW1UFaeX49ufLT0c17sacJzcCaW/8cPNYR4=";
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
doCheck = false; doCheck = false;
postInstall = '' postInstall = ''

44
flake.lock generated
View file

@ -3,16 +3,16 @@
"authentik-src": { "authentik-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753187012, "lastModified": 1755873658,
"narHash": "sha256-bs/ThY3YixwBObahcS7BrOWj0gsaUXI664ldUQlJul8=", "narHash": "sha256-5l1g55b0xozGg0NaZFimiO5JbHGcudaNSEn1/XsweaU=",
"owner": "goauthentik", "owner": "goauthentik",
"repo": "authentik", "repo": "authentik",
"rev": "23ffad1c6be80bea223caf5f1cf265b984b76328", "rev": "dd7c6b29d950664deadbcf5390272619a8bf9a5e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "goauthentik", "owner": "goauthentik",
"ref": "version/2025.6.4", "ref": "version/2025.8.1",
"repo": "authentik", "repo": "authentik",
"type": "github" "type": "github"
} }
@ -38,11 +38,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1749398372, "lastModified": 1754487366,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -97,11 +97,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1750776420, "lastModified": 1756386758,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -113,11 +113,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1748740939, "lastModified": 1753579242,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2", "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -139,11 +139,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749519371, "lastModified": 1756087852,
"narHash": "sha256-UJONN7mA2stweZCoRcry2aa1XTTBL0AfUOY84Lmqhos=", "narHash": "sha256-4jc3JDQt75fYXFrglgqyzF6C6zLU0QGLymzian4aP+U=",
"owner": "pyproject-nix", "owner": "pyproject-nix",
"repo": "build-system-pkgs", "repo": "build-system-pkgs",
"rev": "7c06967eca687f3482624250428cc12f43c92523", "rev": "6edb3ae27395cd88be3d64b732d1539957dad59c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,11 +159,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750499893, "lastModified": 1756395552,
"narHash": "sha256-ThKBd8XSvITAh2JqU7enOp8AfKeQgf9u7zYC41cnBE4=", "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=",
"owner": "pyproject-nix", "owner": "pyproject-nix",
"repo": "pyproject.nix", "repo": "pyproject.nix",
"rev": "e824458bd917b44bf4c38795dea2650336b2f55d", "rev": "030dffc235dcf240d918c651c78dc5f158067b51",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,11 +211,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750987094, "lastModified": 1756466761,
"narHash": "sha256-GujDElxLgYatnNvuL1U6qd18lcuG6anJMjpfYRScV08=", "narHash": "sha256-ALXRHIMXQ4qVNfCbcWykC23MjMwUoHn9BreoBfqmq0Y=",
"owner": "pyproject-nix", "owner": "pyproject-nix",
"repo": "uv2nix", "repo": "uv2nix",
"rev": "4b703d851b61e664a70238711a8ff0efa1aa2f52", "rev": "0529e6d8227517205afcd1b37eee3088db745730",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -42,7 +42,7 @@
}; };
authentik-src = { authentik-src = {
# change version string in outputs as well when updating # change version string in outputs as well when updating
url = "github:goauthentik/authentik/version/2025.6.4"; url = "github:goauthentik/authentik/version/2025.8.1";
flake = false; flake = false;
}; };
}; };
@ -67,7 +67,7 @@
... ...
}: }:
let let
authentik-version = "2025.6.4"; # to pass to the drvs of some components authentik-version = "2025.8.1"; # to pass to the drvs of some components
in in
{ {
systems = import inputs.systems; systems = import inputs.systems;

12
module.nix
View file

@ -185,10 +185,14 @@ in
tz = "UTC"; tz = "UTC";
# Passed to each service and to the `ak` wrapper using `systemd-run(1)` # Passed to each service and to the `ak` wrapper using `systemd-run(1)`
environment.PROMETHEUS_MULTIPROC_DIR = "%S/authentik/prometheus";
serviceDefaults = { serviceDefaults = {
DynamicUser = true; DynamicUser = true;
User = "authentik"; User = "authentik";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
ExecStartPre = [
"${pkgs.coreutils}/bin/mkdir -p \${PROMETHEUS_MULTIPROC_DIR}"
];
}; };
akOptions = flatten ( akOptions = flatten (
mapAttrsToList mapAttrsToList
@ -265,7 +269,7 @@ in
after = [ "network-online.target" ] ++ lib.optionals cfg.createDatabase [ "postgresql.service" ]; after = [ "network-online.target" ] ++ lib.optionals cfg.createDatabase [ "postgresql.service" ];
before = [ "authentik.service" ]; before = [ "authentik.service" ];
restartTriggers = [ config.environment.etc."authentik/config.yml".source ]; restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
environment.TZ = tz; environment = mkMerge [ environment { TZ = tz; } ];
serviceConfig = mkMerge [ serviceConfig = mkMerge [
serviceDefaults serviceDefaults
{ {
@ -293,13 +297,13 @@ in
preStart = '' preStart = ''
ln -svf ${config.services.authentik.authentikComponents.staticWorkdirDeps}/* /run/authentik/ ln -svf ${config.services.authentik.authentikComponents.staticWorkdirDeps}/* /run/authentik/
''; '';
environment.TZ = tz; environment = mkMerge [ environment { TZ = tz; } ];
serviceConfig = mkMerge [ serviceConfig = mkMerge [
serviceDefaults serviceDefaults
{ {
RuntimeDirectory = "authentik"; RuntimeDirectory = "authentik";
WorkingDirectory = "%t/authentik"; WorkingDirectory = "%t/authentik";
ExecStart = "${cfg.authentikComponents.manage}/bin/manage.py worker"; ExecStart = "${cfg.authentikComponents.manage}/bin/manage.py worker --pid-file %t/authentik/worker.pid";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "1s"; RestartSec = "1s";
LoadCredential = mkIf (cfg.nginx.enable && cfg.nginx.enableACME) [ LoadCredential = mkIf (cfg.nginx.enable && cfg.nginx.enableACME) [
@ -325,7 +329,7 @@ in
mkdir -p ${cfg.settings.storage.media.file.path} mkdir -p ${cfg.settings.storage.media.file.path}
''} ''}
''; '';
environment.TZ = tz; environment = mkMerge [ environment { TZ = tz; } ];
serviceConfig = mkMerge [ serviceConfig = mkMerge [
serviceDefaults serviceDefaults
{ {