tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
179 commits 1 branch 0 tags 968 KiB
Commit graph

179 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marcel
73af54b0d6
Update README.md 2025-05-01 19:00:34 +02:00
Marcel
ac06ee0ecc
Update README.md 2025-05-01 18:40:48 +02:00
Maximilian Bosch
618330bee6
Merge pull request #51 from Ma27/path-type 
module: prohibit store-paths for environmentFile
 2025-04-28 16:50:30 +02:00
Maximilian Bosch
e9bde1ace0
module: prohibit store-paths for environmentFile 
The store is world-readable, so secrets shouldn't end up there in the
first place. On top, `types.path` has the following behavior:

* `toString foo` returns the absolute path
* `${foo}` copies the path silently into the store and returns the
  store-path.

This happens without any real feedback, so this can be caused by an
innocent looking change.

To address this problem, `pathsWith` was introduced into <nixpkgs/lib>
which allows absolute paths represented as string, but rejects things
pointing to the store and path literals which may be copied later on.
 2025-04-28 13:52:51 +02:00
Maximilian Bosch
a8a5de7890
Merge pull request #53 from fpletz/nixpkgs-libpq 
flake.lock: Update, fix psycopg build
 2025-04-26 12:36:15 +02:00
Franz Pletz
ddf14710b7
flake.lock: Update, fix psycopg build 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c8cd81426f45942bb2906d5ed2fe21d2f19d95b7' (2025-04-08)
  → 'github:NixOS/nixpkgs/8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7' (2025-04-23)
 2025-04-24 19:21:57 +02:00
Maximilian Bosch
105b3b6c00
update: 2025.2.3 -> 2025.2.4 
See https://docs.goauthentik.io/docs/releases/2025.2#fixed-in-202524

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a' (2025-03-28)
  → 'github:goauthentik/authentik/74eab55c615b156e4191ee98dc789e2d58c016f9' (2025-04-11)
 2025-04-11 14:41:12 +02:00
Maximilian Bosch
5c674147fe
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd' (2025-02-01)
  → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz?narHash=sha256-vJzFZGaCpnmo7I6i416HaBLpC%2BhvcURh/BQwROcGIp8%3D' (2025-02-01)
  → 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0196c0175e9191c474c26ab5548db27ef5d34b05' (2025-02-24)
  → 'github:NixOS/nixpkgs/c8cd81426f45942bb2906d5ed2fe21d2f19d95b7' (2025-04-08)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/d90f9db68a4bda31c346be16dfd8d3263be4547e' (2025-02-18)
  → 'github:nix-community/poetry2nix/ce2369db77f45688172384bbeb962bc6c2ea6f94' (2025-04-03)
 2025-04-11 14:41:12 +02:00
Maximilian Bosch
ca765bc344
Merge pull request #52 from 0x5a4/fix-broken-cargo-fetch-tarball 
fix: use fetchCargoVendor for all poetry dependencies
 2025-04-11 14:29:03 +02:00
0x5a4
f4202fabeb
fix: use fetchCargoVendor for all poetry dependencies 2025-04-08 19:35:23 +02:00
WilliButz
b4916a86d4
update: 2025.2.2 -> 2025.2.3 (security update) 
Fixes CVE-2025-29928

See https://docs.goauthentik.io/docs/releases/2025.2#fixed-in-202523

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/3adf79c4939276e108c25c719843b6174e9e22fd' (2025-03-17)
  → 'github:goauthentik/authentik/748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a' (2025-03-28)
 2025-03-28 15:35:44 +01:00
WilliButz
8268406ca9
terraform-provider: 2024.10.1 -> 2025.2.0 2025-03-28 15:25:43 +01:00
Maximilian Bosch
04f5e14643
update: 2025.2.1 -> 2025.2.2 
See https://docs.goauthentik.io/docs/releases/2025.2#fixed-in-202522

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/31fe0e59234e487a42012510d1a4e4819b9aba26' (2025-02-26)
  → 'github:goauthentik/authentik/3adf79c4939276e108c25c719843b6174e9e22fd' (2025-03-17)
 2025-03-17 21:15:10 +00:00
WilliButz
bfcad34bec
update: 2025.2.0 -> 2025.2.1 
See https://docs.goauthentik.io/docs/releases/2025.2#fixed-in-202521

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5' (2025-02-24)
  → 'github:goauthentik/authentik/31fe0e59234e487a42012510d1a4e4819b9aba26' (2025-02-26)
 2025-02-26 21:29:00 +01:00
WilliButz
c79e9b7810
flake.lock: update nixpkgs, fix cryptography vendor hash 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0' (2025-02-13)
  → 'github:NixOS/nixpkgs/0196c0175e9191c474c26ab5548db27ef5d34b05' (2025-02-24)
 2025-02-24 19:13:31 +01:00
WilliButz
543e15bee6
update: 2024.12.3 -> 2025.2.0 
See https://docs.goauthentik.io/docs/releases/2025.2

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/f1b7a9f934e6b58a1884ba753575eac6267f4b6e' (2025-01-29)
  → 'github:goauthentik/authentik/5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5' (2025-02-24)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/be1fe795035d3d36359ca9135b26dcc5321b31fb' (2025-02-05)
  → 'github:nix-community/poetry2nix/d90f9db68a4bda31c346be16dfd8d3263be4547e' (2025-02-18)
 2025-02-24 17:45:30 +01:00
WilliButz
efd801f6fa
Merge pull request #44 from fpletz/flake-update/2025-02-15 
flake.lock: Update, blueprint & fetchCargoVendor fixes
 2025-02-15 10:38:44 +01:00
Franz Pletz
219e3fd2f5
python-overrides: fetchCargoTarball is deprecated 
`fetchCargoTarball` was deprecated and replaced with `fetchCargoVendor`.
Newer cargo versions produce different output which changes
`fetchCargoTarball` hashes.
 2025-02-15 03:20:51 +01:00
Franz Pletz
74feeec4f1
docs: fix broken blueprints symlink 
Recent nixpkgs unstable added a symlink checker that discovered the
blueprints symlink didn't point to the correct directory location.
 2025-02-15 03:19:49 +01:00
Franz Pletz
6af7fb2623
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b905f6fc23a9051a6e1b741e1438dbfc0634c6de' (2025-01-06)
  → 'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd' (2025-02-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz?narHash=sha256-CewEm1o2eVAnoqb6Ml%2BQi9Gg/EfNAxbRx1lANGVyoLI%3D' (2025-01-01)
  → 'https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz?narHash=sha256-vJzFZGaCpnmo7I6i416HaBLpC%2BhvcURh/BQwROcGIp8%3D' (2025-02-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0aa475546ed21629c4f5bbf90e38c846a99ec9e9' (2025-01-23)
  → 'github:NixOS/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0' (2025-02-13)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/75d0515332b7ca269f6d7abfd2c44c47a7cbca7b' (2025-01-14)
  → 'github:nix-community/poetry2nix/be1fe795035d3d36359ca9135b26dcc5321b31fb' (2025-02-05)
 2025-02-15 03:04:52 +01:00
WilliButz
bc62d55099
git-blame-ignore-revs: init after treewide nixfmt 2025-02-02 14:38:42 +01:00
WilliButz
dbfc2207df
treewide: nixfmt 2025-02-02 14:25:09 +01:00
WilliButz
d653af66b3
cleanup scope and re-enable override-scope test 
Based on the discussion from #27
 2025-02-02 14:24:51 +01:00
WilliButz
e877502737
README: use same secret length in example as official docs 
Upstream documentation uses 60 bytes:
https://docs.goauthentik.io/docs/install-config/install/docker-compose#preparation

Originally the length here was taken from the upstream Makefile:
https://github.com/goauthentik/authentik/blob/version/2023.5.1/Makefile#L29
 2025-01-30 19:39:30 +01:00
WilliButz
48fda0cade
github/workflows: drop magic-nix-cache-action 
Evidently did not do much anyway, right now GitHub lists four caches,
the largest is 23MB ¯\_(ツ)_/¯
 2025-01-30 19:05:33 +01:00
WilliButz
f2b0754dce
update: 2024.12.2 -> 2024.12.3 
See https://docs.goauthentik.io/docs/releases/2024.12#fixed-in-2024123

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/9d81f0598c7735e2b4616ee865ab896056a67408' (2025-01-09)
  → 'github:goauthentik/authentik/f1b7a9f934e6b58a1884ba753575eac6267f4b6e' (2025-01-29)
 2025-01-29 22:25:38 +01:00
WilliButz
1fa3cbed36
Merge pull request #39 from MarcelCoding/fix-doc 
doc: remove mdDoc
 2025-01-25 14:03:54 +01:00
WilliButz
5470f39934
Merge pull request #42 from Ma27/flake-update 
Update flake, fix `pyrad` build
 2025-01-25 14:01:58 +01:00
Maximilian Bosch
f63f1d327f
Update flake, fix pyrad build 
The build fails for me with

      File "/nix/store/3wbw03q2z5d7ys1pzp30rmzn6qcxnyrp-python3.12-poetry-core-2.0.0/lib/python3.12/site-packages/poetry/core/masonry/metadata.py", line 112, in from_package
        if name == "repository" and url == package.urls["Repository"]:
                                           ~~~~~~~~~~~~^^^^^^^^^^^^^^
    KeyError: 'Repository'
    error: subprocess-exited-with-error

Making the `repository` key in the `urls` section of `pyproject.toml`
fixes the build.

There's a pending upstream PR doing the same: https://github.com/pyradius/pyrad/pull/209
 2025-01-25 12:08:01 +01:00
WilliButz
bf5a5bf421
update: 2024.12.1 -> 2024.12.2 
See https://docs.goauthentik.io/docs/releases/2024.12#fixed-in-2024122

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/e87a17fd8169d3fa92bcc47eb2743928df83bc95' (2024-12-23)
  → 'github:goauthentik/authentik/9d81f0598c7735e2b4616ee865ab896056a67408' (2025-01-09)
 2025-01-09 18:59:23 +01:00
WilliButz
5db6f7711a
flake.lock: update nixpkgs + include fix for xmlsec build with gcc14 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd' (2024-10-29)
  → 'github:NixOS/nixpkgs/6df24922a1400241dae323af55f30e4318a6ca65' (2025-01-02)

Co-authored-by: tuedel <tuedel@tdl.gr>
 2025-01-04 16:51:56 +01:00
WilliButz
6da4c7da80
update: 2024.10.5 -> 2024.12.1 
See https://docs.goauthentik.io/docs/releases/2024.12

guess we're doing rust now

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956' (2024-12-10)
  → 'github:goauthentik/authentik/e87a17fd8169d3fa92bcc47eb2743928df83bc95' (2024-12-23)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/43a898b4d76f7f3f70df77a2cc2d40096bc9d75e' (2024-10-30)
  → 'github:nix-community/poetry2nix/1fb01e90771f762655be7e0e805516cd7fa4d58e' (2024-12-25)

Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
 2025-01-04 16:20:11 +01:00
WilliButz
b059e1d6e7
update: 2024.10.4 -> 2024.10.5 
See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024105

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/527e584699abc93712114b05f70f59c5187caa66' (2024-11-21)
  → 'github:goauthentik/authentik/0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956' (2024-12-10)
 2024-12-10 18:25:14 +01:00
Marcel
9107922274
doc: remove mdDoc 2024-12-06 10:22:51 +01:00
WilliButz
9d9c0a3a94
update: 2024.10.3 -> 2024.10.4 
See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024104

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/a9776a83d38850da3b2212efa9485a73b46e512f' (2024-11-21)
  → 'github:goauthentik/authentik/527e584699abc93712114b05f70f59c5187caa66' (2024-11-21)
 2024-11-21 19:57:31 +01:00
WilliButz
12b724b46a
update: 2024.10.2 -> 2024.10.3 (security update) 
Fixes CVE-2024-52287, CVE-2024-52289 and CVE-2024-52307

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024103

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/66a4970014da49ceec0715e5dec8c9aa032a3146' (2024-11-14)
  → 'github:goauthentik/authentik/a9776a83d38850da3b2212efa9485a73b46e512f' (2024-11-21)
 2024-11-21 17:47:01 +01:00
WilliButz
91ff8d93f0
terraform-provider: 2024.10.0 -> 2024.10.1 2024-11-14 23:20:32 +01:00
WilliButz
7c97a8bf17
update: 2024.10.1 -> 2024.10.2 
See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024102

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/665de8ef2211524f3cc13dce9344bd59c61c3a5c' (2024-11-05)
  → 'github:goauthentik/authentik/66a4970014da49ceec0715e5dec8c9aa032a3146' (2024-11-14)
 2024-11-14 22:49:50 +01:00
WilliButz
5af11599ea
github-workflows: run flake check 2024-11-05 20:46:32 +01:00
WilliButz
7e39d653fd
terraform-provider: 2024.8.4 -> 2024.10.0 2024-11-05 19:26:29 +01:00
WilliButz
9c827b98b4
update: 2024.10.0 -> 2024.10.1 
See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024101

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/6ce33ab912d764a87ec75876febcd57a6355f3c8' (2024-10-30)
  → 'github:goauthentik/authentik/665de8ef2211524f3cc13dce9344bd59c61c3a5c' (2024-11-05)
 2024-11-05 18:57:55 +01:00
WilliButz
26829732e1
update: 2024.8.4 -> 2024.10.0 
See https://docs.goauthentik.io/docs/releases/2024.10
 2024-10-31 17:01:18 +01:00
WilliButz
4e1f5a6a36
flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a' (2024-09-12)
  → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz?narHash=sha256-Ss8QWLXdr2JCBPcYChJhz4xJm%2Bh/xjl4G0c0XlP6a74%3D' (2024-09-01)
  → 'https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9357f4f23713673f310988025d9dc261c20e70c6' (2024-09-21)
  → 'github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd' (2024-10-29)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/7624b3e0275d9b52dbdda46ef7ffee66b36ff823' (2024-09-24)
  → 'github:nix-community/poetry2nix/43a898b4d76f7f3f70df77a2cc2d40096bc9d75e' (2024-10-30)
• Updated input 'poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/5163432afc817cf8bd1f031418d1869e4c9d5547' (2023-12-29)
  → 'github:nix-community/nix-github-actions/e04df33f62cdcf93d73e9a04142464753a16db67' (2024-10-24)
• Updated input 'poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30)
  → 'github:numtide/treefmt-nix/9ef337e492a5555d8e17a51c911ff1f02635be15' (2024-10-28)
 2024-10-31 17:41:50 +01:00
WilliButz
d364fb819d
terraform-provider: 2024.6.0 -> 2024.8.4 2024-10-31 16:44:32 +01:00
WilliButz
74b5a8c5ff
update: 2024.8.3 -> 2024.8.4 
See https://docs.goauthentik.io/docs/releases/2024.8#fixed-in-202484

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/91d2445c61da49026f76dceb7f5b524e30335a42' (2024-09-27)
  → 'github:goauthentik/authentik/e8b5e4c1272151f4a3666e53754f7deefb8e2fb3' (2024-10-30)
 2024-10-31 16:18:21 +01:00
WilliButz
31128721a9
README: update matrix room address 2024-09-30 14:30:31 +02:00
WilliButz
1138b948d3
update: 2024.8.1 -> 2024.8.3 (security update) 
Fixes CVE-2024-47070 and CVE-2024-47077

See https://docs.goauthentik.io/docs/releases/2024.8#fixed-in-202483

Dropped manually resolved lockfiles, fixed upstream in
https://github.com/goauthentik/authentik/pull/11509

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/f5580d311d01f2202b666f76931ed04f30b9ec30' (2024-09-07)
  → 'github:goauthentik/authentik/91d2445c61da49026f76dceb7f5b524e30335a42' (2024-09-27)
 2024-09-27 18:04:42 +02:00
WilliButz
63516a96c0
flake: fix comment about nixpkgs input 2024-09-27 18:03:30 +02:00
WilliButz
5bf15f6630
Merge pull request #34 from Ma27/flake-update 
Update `nixpkgs` input
 2024-09-27 17:26:51 +02:00
Maximilian Bosch
97f96dc50f
poetry2nix-python-overrides: fix build of opencontainers 
`pytest-runner` was dropped upstream, the build of opencontainers is
fine even without it.
 2024-09-25 18:55:29 +02:00