tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add patch to fix failing "tenant_files" migration

Browse source 
The new migration in tenant_files.py references a MEDIA_ROOT directory
based on its own path, which in our case is in the read-only /nix/store.

We need it to refer to the actual authentik state directory instead,
which defaults to /var/lib/authentik/media in module.nix
This commit is contained in:
WilliButz 2024-02-21 22:02:29 +01:00
parent d85dacb6c2
commit d060292aa6
No known key found for this signature in database
GPG key ID: AB05DF703EB9DC70
3 changed files with 22 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
components/authentik_media_tenant_files_miration.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/lifecycle/system_migrations/tenant_files.py b/lifecycle/system_migrations/tenant_files.py
index 40795d460..7ac1efb34 100644
--- a/lifecycle/system_migrations/tenant_files.py
+++ b/lifecycle/system_migrations/tenant_files.py
@@ -2,8 +2,9 @@
from pathlib import Path
from lifecycle.migrate import BaseMigration
+from authentik.lib.config import CONFIG
-MEDIA_ROOT = Path(__file__).parent.parent.parent / "media"
+MEDIA_ROOT = Path(CONFIG.get("paths.media"))
TENANT_MEDIA_ROOT = MEDIA_ROOT / "public"

7
components/staticWorkdirDeps.nix
View file

@ -7,7 +7,10 @@ let
patched-src = applyPatches { patched-src = applyPatches {
src = authentik-src; src = authentik-src;
name = "patched-authentik-source"; name = "patched-authentik-source";
patches = [ ./authentik_media_upload.patch ]; patches = [
./authentik_media_upload.patch
./authentik_media_tenant_files_miration.patch
];
}; };
in in
linkFarm "authentik-static-workdir-deps" [ linkFarm "authentik-static-workdir-deps" [
@ -15,7 +18,7 @@ linkFarm "authentik-static-workdir-deps" [
{ name = "locale"; path = "${authentik-src}/locale"; } { name = "locale"; path = "${authentik-src}/locale"; }
{ name = "blueprints"; path = "${authentik-src}/blueprints"; } { name = "blueprints"; path = "${authentik-src}/blueprints"; }
{ name = "internal"; path = "${authentik-src}/internal"; } { name = "internal"; path = "${authentik-src}/internal"; }
{ name = "lifecycle"; path = "${authentik-src}/lifecycle"; } { name = "lifecycle"; path = "${patched-src}/lifecycle"; }
{ name = "schemas"; path = "${authentik-src}/schemas"; } { name = "schemas"; path = "${authentik-src}/schemas"; }
{ name = "web"; path = authentikComponents.frontend; } { name = "web"; path = authentikComponents.frontend; }
] ]

1
module.nix
View file

@ -150,6 +150,7 @@ in
User = "authentik"; User = "authentik";
ExecStart = "${cfg.authentikComponents.migrate}/bin/migrate.py"; ExecStart = "${cfg.authentikComponents.migrate}/bin/migrate.py";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
inherit (config.systemd.services.authentik.serviceConfig) StateDirectory;
}; };
}; };
authentik-worker = { authentik-worker = {