tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
209 commits 1 branch 0 tags 968 KiB
Commit graph

10 commits

Author SHA1 Message Date
Maximilian Bosch
6dc84faaec
update: 2025.6.4 -> 2025.8.1 
See https://next.goauthentik.io/releases/2025.8/
ChangeLog: https://next.goauthentik.io/releases/2025.8/#fixed-in-202581

The following things changed:

* We're blocked on going to NodeJS 24.x (which is the version upstream
  uses) because it breaks with napalm[1].

* The worker has been switched from celery to dramatiq. An automatic
  migration of the tasks doesn't exist, the operator must make sure to
  stop the server and let the queue drain[2].

  While this eliminates the need of Redis for Celery, the tests fails
  without Redis. After inspecting the code, it looks like it's still
  needed for e.g. session management.

[1] https://github.com/npm/cli/issues/8541
[2] https://next.goauthentik.io/releases/2025.8/#fixed-in-202581
 2025-08-30 12:34:10 +02:00
Alexander Sieg
e155dd91f6
update: 2025.4.4 -> 2025.6.4 
co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
 2025-07-24 15:00:27 +02:00
Maximilian Bosch
893670fa74
update: 2025.2.4 -> 2025.4.0 
See https://docs.goauthentik.io/docs/releases/2025.4
 2025-05-03 16:22:32 +02:00
Franz Pletz
74feeec4f1
docs: fix broken blueprints symlink 
Recent nixpkgs unstable added a symlink checker that discovered the
blueprints symlink didn't point to the correct directory location.
 2025-02-15 03:19:49 +01:00
WilliButz
dbfc2207df
treewide: nixfmt 2025-02-02 14:25:09 +01:00
WilliButz
1138b948d3
update: 2024.8.1 -> 2024.8.3 (security update) 
Fixes CVE-2024-47070 and CVE-2024-47077

See https://docs.goauthentik.io/docs/releases/2024.8#fixed-in-202483

Dropped manually resolved lockfiles, fixed upstream in
https://github.com/goauthentik/authentik/pull/11509

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/f5580d311d01f2202b666f76931ed04f30b9ec30' (2024-09-07)
  → 'github:goauthentik/authentik/91d2445c61da49026f76dceb7f5b524e30335a42' (2024-09-27)
 2024-09-27 18:04:42 +02:00
WilliButz
a1630aaf9f
update: 2024.6.4 -> 2024.8.1 
Release notes: https://docs.goauthentik.io/docs/releases/2024.8

Still includes the same hacky workaround for one of the dependencies
that was introduced in the 2024.6.1 update. See components/docs.nix for
more information.

Also, as upstream package-lock.json files do not include source hashes
and urls for a lot of dependencies, building authentik from source is
only possible after they've been resolved. This makes it kind of a
gamble to try and reproduce a build with the same set of dependencies
that the devs use. This is why the two relevant lock files are vendored
here now. See upstream issues for more information:
- https://github.com/goauthentik/authentik/issues/6180
- https://github.com/goauthentik/authentik/issues/11169
and the npm issue for the underlying reason:
https://github.com/npm/cli/issues/4263

Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
  → 'github:hercules-ci/flake-parts/567b938d64d4b4112ee253b9274472dc3a346eb6' (2024-09-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
  → 'https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz?narHash=sha256-Ss8QWLXdr2JCBPcYChJhz4xJm%2Bh/xjl4G0c0XlP6a74%3D' (2024-09-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
  → 'github:NixOS/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/884b66152b0c625b8220b570a31dc7acc36749a3' (2024-08-21)
  → 'github:nix-community/poetry2nix/a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2' (2024-09-05)
 2024-09-07 22:07:37 +02:00
WilliButz
0fc8ad1349
update: 2024.4.3 -> 2024.6.1 
Release notes: https://docs.goauthentik.io/docs/releases/2024.6

Includes a hacky workaround for a node dependency that is required to
build the `/website` subdirectory of the authentik repo, i.e. "docs".
That should not be required after the next major update, as the
dependency causing this is no longer used on authentik's main branch.

See components/docs.nix for more info.

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/5afceaa55f4d831db0cf9d80562e86eb43b622ec' (2024-06-26)
  → 'github:goauthentik/authentik/9075270b01e784d25f2ec08b82e73f1ce3086184' (2024-07-11)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
  → 'github:hercules-ci/flake-parts/c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9' (2024-06-30)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
  → 'https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
• Updated input 'napalm':
    'github:nix-community/napalm/edcb26c266ca37c9521f6a97f33234633cbec186' (2023-12-20)
  → 'github:nix-community/napalm/e1babff744cd278b56abe8478008b4a9e23036cf' (2024-06-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21)
  → 'github:NixOS/nixpkgs/feb2849fdeb70028c70d73b848214b00d324a497' (2024-07-29)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/e6b36523407ae6a7a4dfe29770c30b3a3563b43a' (2024-05-06)
  → 'github:nix-community/poetry2nix/4fd045cdb85f2a0173021a4717dc01d92d7ab2b2' (2024-06-28)
• Updated input 'poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/c6aaf729f34a36c445618580a9f95a48f5e4e03f' (2024-04-25)
  → 'github:numtide/treefmt-nix/68eb1dc333ce82d0ab0c0357363ea17c31ea1f81' (2024-06-16)
 2024-07-12 12:24:51 +02:00
WilliButz
608c5dd4f5
update: 2024.2.3 -> 2024.4.1 
Release notes: https://docs.goauthentik.io/docs/releases/2024.4

Notable dependency updates:
python 3.11 -> python 3.12
golang 1.21 -> golang 1.22
nixpkgs-23.11 -> nixpkgs-unstable (for golang 1.22 until 24.05)

Introduces patch to `web/package-lock.json`, see `components/frontend.nix`,
this will cause IFD until the issue is resolved.
https://nixos.org/manual/nix/stable/language/import-from-derivation

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/6bb180f94ec124092c4f87ae5f5d892a70b32ff3' (2024-04-17)
  → 'github:goauthentik/authentik/ca70c963e55daf73b479a4513da06ac5cea77718' (2024-04-26)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15)
  → 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/3c92540611f42d3fb2d0d084a6c694cd6544b609' (2024-02-22)
  → 'github:nix-community/poetry2nix/9245811b58905453033f1ef551f516cbee71c42c' (2024-04-26)
 2024-04-27 20:59:27 +02:00
WilliButz
6df56466f9
factor out components with callPackage to allow for easier overrides 
Before this change it was very inconvenient to override specific
dependencies, e.g. patching something in pythonEnv and having its
dependents use that patched version.
This is just a step towards better overridability for the individual
authentik components, because patched versions of components still need
to be manually passed to their dependents. An overlay-like approach
would be even better.
 2023-12-14 15:04:04 +01:00