tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
262 commits 1 branch 0 tags 968 KiB
Commit graph

262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marcel
03895f5997
terraform-provider-authentik: 2025.12.0 -> 2026.2.0 2026-05-15 11:47:01 +02:00
Marcel
6dc61c8c21
checks: use firefox in kiosk mode 
I don't know why but this fixes the tests after the `nix flake update`.
 2026-05-15 11:46:41 +02:00
Maximilian Bosch
0bc1bd9de1
flake.lock: Update 
Flake lock file updates:

• Updated input 'authentik-go':
    'github:goauthentik/client-go/4c1444ee54d945fbcc5ae107b4f191ca0352023d' (2026-02-23)
  → 'github:goauthentik/client-go/58f64509446aab6bc2d9b1fe36be19b5f2a3b4a8' (2026-05-13)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381' (2026-02-02)
  → 'github:hercules-ci/flake-parts/f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb' (2026-05-13)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c' (2026-02-01)
  → 'github:nix-community/nixpkgs.lib/f5901329dade4a6ea039af1433fb087bd9c1fe14' (2026-04-26)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993' (2026-02-23)
  → 'github:NixOS/nixpkgs/da5ad661ba4e5ef59ba743f0d112cbc30e474f32' (2026-05-10)
• Updated input 'pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/04e9c186e01f0830dad3739088070e4c551191a4' (2026-02-18)
  → 'github:pyproject-nix/build-system-pkgs/ffaa2161dd5d63e0e94591f86b54fc239660fb2e' (2026-04-20)
• Updated input 'pyproject-nix':
    'github:pyproject-nix/pyproject.nix/eb204c6b3335698dec6c7fc1da0ebc3c6df05937' (2026-02-19)
  → 'github:pyproject-nix/pyproject.nix/69f57f27e52a87c54e28138a75ec741cd46663c9' (2026-04-20)
• Updated input 'uv2nix':
    'github:pyproject-nix/uv2nix/5ad90d48b80ecc920ca2247d53f46beba302e186' (2026-05-04)
  → 'github:pyproject-nix/uv2nix/b48abe99ef639cd100c224898529370e5d935294' (2026-05-13)
 2026-05-14 17:55:10 +02:00
Maximilian Bosch
6bb0bc723d
Merge pull request #112 from nix-community/dependabot/nix/uv2nix-5ad90d4 
build(deps): bump uv2nix from `abe65de` to `5ad90d4`
 2026-05-14 16:25:18 +02:00
Maximilian Bosch
646a0fdaca
Merge pull request #115 from bartoostveen/authentik-2026.2.3 
update: 2026.2.2 -> 2026.2.3
 2026-05-14 16:24:13 +02:00
Bart Oostveen
7f59e4d042
update: 2026.2.2 -> 2026.2.3 
Changelog: https://github.com/goauthentik/authentik/releases/tag/version%2F2026.2.3
Release notes: https://docs.goauthentik.io/releases/2026.2#fixed-in-202623
 2026-05-12 23:12:05 +02:00
dependabot[bot]
3c09020420
build(deps): bump uv2nix from abe65de to 5ad90d4 
Bumps [uv2nix](https://github.com/pyproject-nix/uv2nix) from `abe65de` to `5ad90d4`.
- [Commits](abe65de114...5ad90d48b8)

---
updated-dependencies:
- dependency-name: uv2nix
  dependency-version: 5ad90d48b80ecc920ca2247d53f46beba302e186
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-04 15:39:18 +00:00
Maximilian Bosch
4370b561c8
Merge pull request #102 from JamieMagee/dependabot-nix 
Add Dependabot for nix flake updates
 2026-04-13 14:10:03 +01:00
Maximilian Bosch
f86fa999ab
Merge pull request #100 from bartoostveen/2026.2.2 
update: 2026.2.1 -> 2026.2.2
 2026-04-13 14:07:25 +01:00
Jamie Magee
e39bef4e07 Add Dependabot for nix flake updates 
See https://github.blog/changelog/2026-04-07-dependabot-version-updates-now-support-the-nix-ecosystem/
 2026-04-10 11:19:19 -07:00
Bart Oostveen
8048437d60
update: 2026.2.1 -> 2026.2.2 2026-04-07 19:06:07 +02:00
Maximilian Bosch
1f279763d8
Merge pull request #97 from networkException/service-dependency-fix 
module: fix Before=authentik-worker.service in authentik-migrate.service
 2026-03-21 08:49:22 +01:00
networkException
92e192cd9c
module: fix Before=authentik-worker.service in authentik-migrate.service 2026-03-20 19:56:07 +01:00
Maximilian Bosch
7e4730351f
Merge pull request #96 from freiheitsrechte/authentik-2026.2.1 
update: 2026.2 -> 2026.2.1
 2026-03-07 19:43:41 +01:00
Lennart Mühlenmeier
6857248084
update: 2026.2 -> 2026.2.1 
ChangeLog: https://docs.goauthentik.io/releases/2026.2/#fixed-in-202621
 2026-03-07 11:06:30 +01:00
Maximilian Bosch
5818986331
Merge pull request #95 from freiheitsrechte/add-docs-migrating 
README: Add considerations for migrating a deployment
 2026-02-28 20:54:41 +01:00
Lennart Mühlenmeier
013eadba88
README: Add considerations for migrating a deployment 
We migrated `authentik-nix` a few weeks ago to another machine. Was real
painless.

Not too sure how helpful these considerations are written down into the
README but they might lower the stress levels for some though.
 2026-02-28 20:39:58 +01:00
Maximilian Bosch
cb09279e74
Merge pull request #94 from nix-community/authentik-2026.2 
update: 2025.12.4 -> 2026.2.0
 2026-02-28 18:58:35 +01:00
Maximilian Bosch
4b7126941b
update: 2025.12.4 -> 2026.2.0 
ChangeLog: https://docs.goauthentik.io/releases/2026.2/
 2026-02-28 13:30:11 +01:00
Maximilian Bosch
3abc7ff26a
flake.lock: Update 
Flake lock file updates:

• Updated input 'authentik-go':
    'github:goauthentik/client-go/280022b0a8de5c8f4b2965d1147a1c4fa846ba64' (2026-02-05)
  → 'github:goauthentik/client-go/4c1444ee54d945fbcc5ae107b4f191ca0352023d' (2026-02-23)
• Updated input 'flake-compat':
    'github:edolstra/flake-compat/65f23138d8d09a92e30f1e5c87611b23ef451bf3' (2025-12-07)
  → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab' (2025-12-29)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9' (2025-12-15)
  → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381' (2026-02-02)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14)
  → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c' (2026-02-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/1412caf7bf9e660f2f962917c14b1ea1c3bc695e' (2026-01-13)
  → 'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993' (2026-02-23)
• Updated input 'pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/042904167604c681a090c07eb6967b4dd4dae88c' (2025-11-20)
  → 'github:pyproject-nix/build-system-pkgs/04e9c186e01f0830dad3739088070e4c551191a4' (2026-02-18)
• Updated input 'pyproject-nix':
    'github:pyproject-nix/pyproject.nix/2c8df1383b32e5443c921f61224b198a2282a657' (2025-11-26)
  → 'github:pyproject-nix/pyproject.nix/eb204c6b3335698dec6c7fc1da0ebc3c6df05937' (2026-02-19)
• Updated input 'uv2nix':
    'github:pyproject-nix/uv2nix/4cca323a547a1aaa9b94929c4901bed5343eafe8' (2025-12-13)
  → 'github:pyproject-nix/uv2nix/abe65de114300de41614002fe9dce2152ac2ac23' (2026-02-27)
 2026-02-28 13:30:11 +01:00
Maximilian Bosch
905036eb17
tests: don't run update checks in VM tests 2026-02-27 15:00:05 +01:00
Maximilian Bosch
3df5c21303
Merge pull request #93 from kilimnik/sandbox 
docs: fix build in non sandboxed mode
 2026-02-21 15:58:40 +01:00
Daniel Kilimnik
9eee350b95
docs: fix build in non sandboxed mode 2026-02-19 13:36:07 +01:00
Maximilian Bosch
0487b4db05
update: 2025.12.3 -> 2025.12.4, fix CVE-2026-25227, CVE-2026-25748, CVE-2026-25227 
Changes: https://docs.goauthentik.io/releases/2025.12/#fixed-in-2025124
 2026-02-12 22:25:30 +01:00
Maximilian Bosch
b09825ea48
Merge pull request #91 from Ma27/2025.12.3 
update: 2025.12.1 -> 2025.12.3
 2026-02-08 08:18:14 +01:00
Maximilian Bosch
9eed4f7e7e
update: 2025.12.1 -> 2025.12.3 
Closes #90

ChangeLogs:
* https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.2
* https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.3

Using the `client-go` library that is vendored in this release's `go.mod`
breaks all outposts for me, so we're now doing what upstream is also
doing, i.e. generating the Go client code ourselves.
 2026-02-07 16:52:28 +01:00
Maximilian Bosch
eee255ff2f
module: wait for postgresql.target 
This is needed since 25.11 because the target is what makes sure that
PostgreSQL is not only up, but also in rw-mode (and ensure* being
applied).

Also adding this to `authentik-worker` to prevent situations where
postgresql.service stops before the worker on reboot and the worker
blocks shutdown while trying to reconnect to the database[1].

[1] https://github.com/nix-community/authentik-nix/pull/86#issuecomment-3794325343
 2026-01-25 14:49:58 +01:00
Maximilian Bosch
1cab906a5c
Merge pull request #86 from nix-community/authentik-2025.12 
update: 2025.10.3 -> 2025.12.1
 2026-01-24 10:48:14 +01:00
Maximilian Bosch
801ff190cf
TODO: remove implemented things 2026-01-21 08:53:17 +01:00
Maximilian Bosch
25a380396f
terraform-provider-authentik: 2025.10.0 -> 2025.12.0 2026-01-17 09:22:53 +01:00
Maximilian Bosch
ad2994c95f
update: 2025.10.3 -> 2025.12.1 
Closes #83
Closes #85

ChangeLog: https://docs.goauthentik.io/releases/2025.12

⚠️ When using the Avatar upload, you'll have to make your users
re-upload their avatars due to changes in how media is served by
Authentik[1].

For now, we're using a branch from me that is 2025.12.1 with an update
of `@goauthentik/api` on top[2]. Without that change, `AdminFileListUsageEnum`
doesn't exist which breaks all usage of `AdminFileListUsageEnum.Media`:

    TypeError: can't access property "Media", R.AdminFileListUsageEnum is undefined
      renderForm ApplicationForm.ts:191
      [...]

This made e.g. the modal to edit applications unusable which infinitely
hang on a loading spinner.

The media path now points to `/var/lib/authentik`. This path is only
used for media storage and Authentik now always appends the "usage name"
as directory behind the storage path, i.e. it already appends
`/var/lib/authentik/media`, so this is needed to make Authentik discover
existing media.

Finally, I added a `patches` attribute to the authentik scope that
applies patches to both the workdir-deps (which is the PYTHONPATH in the
end, i.e. where we load the authentik module from) and the gopkgs. We're
still missing patchability for frontend (since we directly build the
subdir in napalm), but I think that's a step in the right direction.

[1] https://github.com/goauthentik/authentik/discussions/6824#discussioncomment-15490793
[2] Upstream PR: https://github.com/goauthentik/authentik/pull/19542
 2026-01-17 09:22:53 +01:00
Maximilian Bosch
94c544f6cd
Merge pull request #84 from Ma27/restart-worker 
module: restart worker when cert is changed
 2026-01-12 13:13:36 +01:00
Maximilian Bosch
cf07c71418
module: restart worker when cert is changed 
Closes #12

The worker gets access to the ACME-managed certs via `LoadCredential`,
however that doesn't refresh files when the files in the credential
source change. Explicitly restart the worker to make sure these changes
are reflected in what the worker sees.
 2026-01-06 15:06:31 +01:00
Maximilian Bosch
e929253ded
update: 2025.10.2 -> 2025.10.3 
ChangeLog: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.3
 2025-12-17 12:38:30 +01:00
Maximilian Bosch
c487a94057
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-compat':
    'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5' (2025-10-27)
  → 'github:edolstra/flake-compat/65f23138d8d09a92e30f1e5c87611b23ef451bf3' (2025-12-07)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12)
  → 'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9' (2025-12-15)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29)
  → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17)
  → 'github:NixOS/nixpkgs/1306659b587dc277866c7b69eb97e5f07864d8c4' (2025-12-15)
• Updated input 'pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/795a980d25301e5133eca37adae37283ec3c8e66' (2025-10-29)
  → 'github:pyproject-nix/build-system-pkgs/042904167604c681a090c07eb6967b4dd4dae88c' (2025-11-20)
• Updated input 'pyproject-nix':
    'github:pyproject-nix/pyproject.nix/7d3d8848358ccbd415afe2139f12b9e1508d3ace' (2025-11-18)
  → 'github:pyproject-nix/pyproject.nix/2c8df1383b32e5443c921f61224b198a2282a657' (2025-11-26)
• Updated input 'uv2nix':
    'github:pyproject-nix/uv2nix/c9752c6c5915eece99505612d8f7805185cff990' (2025-11-17)
  → 'github:pyproject-nix/uv2nix/4cca323a547a1aaa9b94929c4901bed5343eafe8' (2025-12-13)
 2025-12-17 11:11:58 +01:00
Maximilian Bosch
4a67075708
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-compat':
    'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885' (2025-05-12)
  → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5' (2025-10-27)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04' (2025-10-20)
  → 'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6' (2025-08-10)
  → 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/01f116e4df6a15f4ccdffb1bcd41096869fb385c' (2025-10-22)
  → 'github:NixOS/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17)
• Updated input 'pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/dbfc0483b5952c6b86e36f8b3afeb9dde30ea4b5' (2025-09-29)
  → 'github:pyproject-nix/build-system-pkgs/795a980d25301e5133eca37adae37283ec3c8e66' (2025-10-29)
• Updated input 'pyproject-nix':
    'github:pyproject-nix/pyproject.nix/84c4ea102127c77058ea1ed7be7300261fafc7d2' (2025-10-14)
  → 'github:pyproject-nix/pyproject.nix/7d3d8848358ccbd415afe2139f12b9e1508d3ace' (2025-11-18)
• Updated input 'uv2nix':
    'github:pyproject-nix/uv2nix/e6e728d9719e989c93e65145fe3f9e0c65a021a2' (2025-10-22)
  → 'github:pyproject-nix/uv2nix/c9752c6c5915eece99505612d8f7805185cff990' (2025-11-17)
 2025-11-20 13:51:20 +01:00
Maximilian Bosch
a5c8611fda
update: 2025.10.1 -> 2025.10.2 
Changes: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.2

Fixes CVE-2025-64521[1] & CVE-2025-64708[2].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-64521
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-64708
 2025-11-20 13:49:22 +01:00
Maximilian Bosch
c14192ad67
Merge pull request #80 from Ma27/default-pg-host 
module: set postgresql.host to /run/postgresql
 2025-11-09 16:17:37 +01:00
Maximilian Bosch
21cafb4b85
module: set postgresql.host to /run/postgresql 
Closes #79

So apparently the Python-based server knew to use `/run/postgresql` if
`host` is empty, but the Go driver tripped over it. Use this explicitly
to fix both cases.
 2025-11-09 13:37:45 +01:00
Maximilian Bosch
bbd5f56c4b
Merge pull request #78 from Ma27/authentik-2025.10 
update: 2025.8.4 -> 2025.10.0
 2025-11-04 11:44:08 +01:00
Maximilian Bosch
bb1a7604fc
terraform-provider-authentik: 2025.8.0 -> 2025.10.0 2025-11-04 11:18:38 +01:00
Maximilian Bosch
62cb06d2ef
update: 2025.8.4 -> 2025.10.1 
See https://version-2025-10.goauthentik.io/releases/2025.10/
 2025-11-04 11:18:38 +01:00
Maximilian Bosch
ea1e06f9fe
Merge pull request #48 from dminuoso/add-rac-outpost 
Add RAC outpost
 2025-10-29 09:35:59 +01:00
Victor Nawothnig
e31ed431d7
Add RAC outpost 
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
 2025-10-27 15:20:28 +01:00
Maximilian Bosch
3082a94074
Merge pull request #50 from GeoffreyFrogeye/push-pollrpxtlxts 
Split gopkgs
 2025-10-27 14:52:31 +01:00
Maximilian Bosch
3cf7092397
components/{docs,frontend}: use nodejs_24 again 
We kept nodejs_22 in 6dc84faaec because of
a bug in NPM preventing us from upgrading[1]. This got solved in the
meantime and seems to have landed in a nodejs release (these usually
bundle NPM versions), so we can use the nodejs version that upstream
also uses again.

[1] https://github.com/npm/cli/issues/8541
 2025-10-27 14:28:29 +01:00
Maximilian Bosch
be208eac08
python-overrides/lxml: fix build w/ libxml-2.15 
Closes #76
 2025-10-27 12:48:13 +01:00
Geoffrey “Frogeye” Preud'homme
960bc776bb
Make gopkgs a split package 2025-10-26 11:45:06 +01:00
Maximilian Bosch
6ae9b507c8
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751' (2025-09-01)
  → 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04' (2025-10-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c23193b943c6c689d70ee98ce3128239ed9e32d1' (2025-09-13)
  → 'github:NixOS/nixpkgs/01f116e4df6a15f4ccdffb1bcd41096869fb385c' (2025-10-22)
• Updated input 'pyproject-build-systems':
    'github:pyproject-nix/build-system-pkgs/5b8e37fe0077db5c1df3a5ee90a651345f085d38' (2025-09-08)
  → 'github:pyproject-nix/build-system-pkgs/dbfc0483b5952c6b86e36f8b3afeb9dde30ea4b5' (2025-09-29)
• Updated input 'pyproject-nix':
    'github:pyproject-nix/pyproject.nix/8d77f342d66ad1601cdb9d97e9388b69f64d4c8e' (2025-09-07)
  → 'github:pyproject-nix/pyproject.nix/84c4ea102127c77058ea1ed7be7300261fafc7d2' (2025-10-14)
• Updated input 'uv2nix':
    'github:pyproject-nix/uv2nix/780494c40895bb7419a73d942bee326291e80b3b' (2025-09-15)
  → 'github:pyproject-nix/uv2nix/e6e728d9719e989c93e65145fe3f9e0c65a021a2' (2025-10-22)
 2025-10-26 08:16:15 +01:00
Maximilian Bosch
69fac057b2
update: 2025.8.3 -> 2025.8.4 
ChangeLog: https://github.com/goauthentik/authentik/releases/tag/version%2F2025.8.4
 2025-10-01 14:42:09 +02:00