Maximilian Bosch
88a8771c30
Merge pull request #123 from nix-community/dependabot/nix/pyproject-build-systems-7bff980
...
build(deps): bump pyproject-build-systems from `ffaa216` to `7bff980`
2026-05-26 13:40:54 +02:00
Maximilian Bosch
dd9ef81535
Merge pull request #122 from nix-community/dependabot/nix/uv2nix-fdf2a76
...
build(deps): bump uv2nix from `b48abe9` to `fdf2a76`
2026-05-26 13:40:49 +02:00
dependabot[bot]
43032d4d04
build(deps): bump pyproject-build-systems from ffaa216 to 7bff980
...
Bumps [pyproject-build-systems](https://github.com/pyproject-nix/build-system-pkgs ) from `ffaa216` to `7bff980`.
- [Commits](ffaa2161dd...7bff980f37
2026-05-25 18:18:28 +00:00
dependabot[bot]
a41613b712
build(deps): bump uv2nix from b48abe9 to fdf2a76
...
Bumps [uv2nix](https://github.com/pyproject-nix/uv2nix ) from `b48abe9` to `fdf2a76`.
- [Commits](b48abe99ef...fdf2a76275
2026-05-25 18:18:23 +00:00
Maximilian Bosch
451a9a1d27
Merge pull request #116 from Ma27/maintenance
...
Flake update & project maintenance
2026-05-15 17:27:29 +02:00
Maximilian Bosch
4f27356536
tests: address machine deprecation
2026-05-15 11:48:16 +02:00
Marcel
03895f5997
terraform-provider-authentik: 2025.12.0 -> 2026.2.0
2026-05-15 11:47:01 +02:00
Marcel
6dc61c8c21
checks: use firefox in kiosk mode
...
I don't know why but this fixes the tests after the `nix flake update`.
2026-05-15 11:46:41 +02:00
Maximilian Bosch
0bc1bd9de1
flake.lock: Update
...
Flake lock file updates:
• Updated input 'authentik-go':
'github:goauthentik/client-go/4c1444ee54d945fbcc5ae107b4f191ca0352023d' (2026-02-23)
→ 'github:goauthentik/client-go/58f64509446aab6bc2d9b1fe36be19b5f2a3b4a8' (2026-05-13)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381' (2026-02-02)
→ 'github:hercules-ci/flake-parts/f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb' (2026-05-13)
• Updated input 'flake-parts/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c' (2026-02-01)
→ 'github:nix-community/nixpkgs.lib/f5901329dade4a6ea039af1433fb087bd9c1fe14' (2026-04-26)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993' (2026-02-23)
→ 'github:NixOS/nixpkgs/da5ad661ba4e5ef59ba743f0d112cbc30e474f32' (2026-05-10)
• Updated input 'pyproject-build-systems':
'github:pyproject-nix/build-system-pkgs/04e9c186e01f0830dad3739088070e4c551191a4' (2026-02-18)
→ 'github:pyproject-nix/build-system-pkgs/ffaa2161dd5d63e0e94591f86b54fc239660fb2e' (2026-04-20)
• Updated input 'pyproject-nix':
'github:pyproject-nix/pyproject.nix/eb204c6b3335698dec6c7fc1da0ebc3c6df05937' (2026-02-19)
→ 'github:pyproject-nix/pyproject.nix/69f57f27e52a87c54e28138a75ec741cd46663c9' (2026-04-20)
• Updated input 'uv2nix':
'github:pyproject-nix/uv2nix/5ad90d48b80ecc920ca2247d53f46beba302e186' (2026-05-04)
→ 'github:pyproject-nix/uv2nix/b48abe99ef639cd100c224898529370e5d935294' (2026-05-13)
2026-05-14 17:55:10 +02:00
Maximilian Bosch
6bb0bc723d
Merge pull request #112 from nix-community/dependabot/nix/uv2nix-5ad90d4
...
build(deps): bump uv2nix from `abe65de` to `5ad90d4`
2026-05-14 16:25:18 +02:00
Maximilian Bosch
646a0fdaca
Merge pull request #115 from bartoostveen/authentik-2026.2.3
...
update: 2026.2.2 -> 2026.2.3
2026-05-14 16:24:13 +02:00
Bart Oostveen
7f59e4d042
update: 2026.2.2 -> 2026.2.3
...
Changelog: https://github.com/goauthentik/authentik/releases/tag/version%2F2026.2.3
Release notes: https://docs.goauthentik.io/releases/2026.2#fixed-in-202623
2026-05-12 23:12:05 +02:00
dependabot[bot]
3c09020420
build(deps): bump uv2nix from abe65de to 5ad90d4
...
Bumps [uv2nix](https://github.com/pyproject-nix/uv2nix ) from `abe65de` to `5ad90d4`.
- [Commits](abe65de114...5ad90d48b8
2026-05-04 15:39:18 +00:00
Maximilian Bosch
4370b561c8
Merge pull request #102 from JamieMagee/dependabot-nix
...
Add Dependabot for nix flake updates
2026-04-13 14:10:03 +01:00
Maximilian Bosch
f86fa999ab
Merge pull request #100 from bartoostveen/2026.2.2
...
update: 2026.2.1 -> 2026.2.2
2026-04-13 14:07:25 +01:00
Jamie Magee
e39bef4e07
Add Dependabot for nix flake updates
...
See https://github.blog/changelog/2026-04-07-dependabot-version-updates-now-support-the-nix-ecosystem/
2026-04-10 11:19:19 -07:00
Bart Oostveen
8048437d60
update: 2026.2.1 -> 2026.2.2
2026-04-07 19:06:07 +02:00
Maximilian Bosch
1f279763d8
Merge pull request #97 from networkException/service-dependency-fix
...
module: fix Before=authentik-worker.service in authentik-migrate.service
2026-03-21 08:49:22 +01:00
networkException
92e192cd9c
module: fix Before=authentik-worker.service in authentik-migrate.service
2026-03-20 19:56:07 +01:00
Maximilian Bosch
7e4730351f
Merge pull request #96 from freiheitsrechte/authentik-2026.2.1
...
update: 2026.2 -> 2026.2.1
2026-03-07 19:43:41 +01:00
Lennart Mühlenmeier
6857248084
update: 2026.2 -> 2026.2.1
...
ChangeLog: https://docs.goauthentik.io/releases/2026.2/#fixed-in-202621
2026-03-07 11:06:30 +01:00
Maximilian Bosch
5818986331
Merge pull request #95 from freiheitsrechte/add-docs-migrating
...
README: Add considerations for migrating a deployment
2026-02-28 20:54:41 +01:00
Lennart Mühlenmeier
013eadba88
README: Add considerations for migrating a deployment
...
We migrated `authentik-nix` a few weeks ago to another machine. Was real
painless.
Not too sure how helpful these considerations are written down into the
README but they might lower the stress levels for some though.
2026-02-28 20:39:58 +01:00
Maximilian Bosch
cb09279e74
Merge pull request #94 from nix-community/authentik-2026.2
...
update: 2025.12.4 -> 2026.2.0
2026-02-28 18:58:35 +01:00
Maximilian Bosch
4b7126941b
update: 2025.12.4 -> 2026.2.0
...
ChangeLog: https://docs.goauthentik.io/releases/2026.2/
2026-02-28 13:30:11 +01:00
Maximilian Bosch
3abc7ff26a
flake.lock: Update
...
Flake lock file updates:
• Updated input 'authentik-go':
'github:goauthentik/client-go/280022b0a8de5c8f4b2965d1147a1c4fa846ba64' (2026-02-05)
→ 'github:goauthentik/client-go/4c1444ee54d945fbcc5ae107b4f191ca0352023d' (2026-02-23)
• Updated input 'flake-compat':
'github:edolstra/flake-compat/65f23138d8d09a92e30f1e5c87611b23ef451bf3' (2025-12-07)
→ 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab' (2025-12-29)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9' (2025-12-15)
→ 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381' (2026-02-02)
• Updated input 'flake-parts/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14)
→ 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c' (2026-02-01)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/1412caf7bf9e660f2f962917c14b1ea1c3bc695e' (2026-01-13)
→ 'github:NixOS/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993' (2026-02-23)
• Updated input 'pyproject-build-systems':
'github:pyproject-nix/build-system-pkgs/042904167604c681a090c07eb6967b4dd4dae88c' (2025-11-20)
→ 'github:pyproject-nix/build-system-pkgs/04e9c186e01f0830dad3739088070e4c551191a4' (2026-02-18)
• Updated input 'pyproject-nix':
'github:pyproject-nix/pyproject.nix/2c8df1383b32e5443c921f61224b198a2282a657' (2025-11-26)
→ 'github:pyproject-nix/pyproject.nix/eb204c6b3335698dec6c7fc1da0ebc3c6df05937' (2026-02-19)
• Updated input 'uv2nix':
'github:pyproject-nix/uv2nix/4cca323a547a1aaa9b94929c4901bed5343eafe8' (2025-12-13)
→ 'github:pyproject-nix/uv2nix/abe65de114300de41614002fe9dce2152ac2ac23' (2026-02-27)
2026-02-28 13:30:11 +01:00
Maximilian Bosch
905036eb17
tests: don't run update checks in VM tests
2026-02-27 15:00:05 +01:00
Maximilian Bosch
3df5c21303
Merge pull request #93 from kilimnik/sandbox
...
docs: fix build in non sandboxed mode
2026-02-21 15:58:40 +01:00
Daniel Kilimnik
9eee350b95
docs: fix build in non sandboxed mode
2026-02-19 13:36:07 +01:00
Maximilian Bosch
0487b4db05
update: 2025.12.3 -> 2025.12.4, fix CVE-2026-25227, CVE-2026-25748, CVE-2026-25227
...
Changes: https://docs.goauthentik.io/releases/2025.12/#fixed-in-2025124
2026-02-12 22:25:30 +01:00
Maximilian Bosch
b09825ea48
Merge pull request #91 from Ma27/2025.12.3
...
update: 2025.12.1 -> 2025.12.3
2026-02-08 08:18:14 +01:00
Maximilian Bosch
9eed4f7e7e
update: 2025.12.1 -> 2025.12.3
...
Closes #90
ChangeLogs:
* https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.2
* https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.3
Using the `client-go` library that is vendored in this release's `go.mod`
breaks all outposts for me, so we're now doing what upstream is also
doing, i.e. generating the Go client code ourselves.
2026-02-07 16:52:28 +01:00
Maximilian Bosch
eee255ff2f
module: wait for postgresql.target
...
This is needed since 25.11 because the target is what makes sure that
PostgreSQL is not only up, but also in rw-mode (and ensure* being
applied).
Also adding this to `authentik-worker` to prevent situations where
postgresql.service stops before the worker on reboot and the worker
blocks shutdown while trying to reconnect to the database[1].
[1] https://github.com/nix-community/authentik-nix/pull/86#issuecomment-3794325343
2026-01-25 14:49:58 +01:00
Maximilian Bosch
1cab906a5c
Merge pull request #86 from nix-community/authentik-2025.12
...
update: 2025.10.3 -> 2025.12.1
2026-01-24 10:48:14 +01:00
Maximilian Bosch
801ff190cf
TODO: remove implemented things
2026-01-21 08:53:17 +01:00
Maximilian Bosch
25a380396f
terraform-provider-authentik: 2025.10.0 -> 2025.12.0
2026-01-17 09:22:53 +01:00
Maximilian Bosch
ad2994c95f
update: 2025.10.3 -> 2025.12.1
...
Closes #83
Closes #85
ChangeLog: https://docs.goauthentik.io/releases/2025.12
⚠️ When using the Avatar upload, you'll have to make your users
re-upload their avatars due to changes in how media is served by
Authentik[1].
For now, we're using a branch from me that is 2025.12.1 with an update
of `@goauthentik/api` on top[2]. Without that change, `AdminFileListUsageEnum`
doesn't exist which breaks all usage of `AdminFileListUsageEnum.Media`:
TypeError: can't access property "Media", R.AdminFileListUsageEnum is undefined
renderForm ApplicationForm.ts:191
[...]
This made e.g. the modal to edit applications unusable which infinitely
hang on a loading spinner.
The media path now points to `/var/lib/authentik`. This path is only
used for media storage and Authentik now always appends the "usage name"
as directory behind the storage path, i.e. it already appends
`/var/lib/authentik/media`, so this is needed to make Authentik discover
existing media.
Finally, I added a `patches` attribute to the authentik scope that
applies patches to both the workdir-deps (which is the PYTHONPATH in the
end, i.e. where we load the authentik module from) and the gopkgs. We're
still missing patchability for frontend (since we directly build the
subdir in napalm), but I think that's a step in the right direction.
[1] https://github.com/goauthentik/authentik/discussions/6824#discussioncomment-15490793
[2] Upstream PR: https://github.com/goauthentik/authentik/pull/19542
2026-01-17 09:22:53 +01:00
Maximilian Bosch
94c544f6cd
Merge pull request #84 from Ma27/restart-worker
...
module: restart worker when cert is changed
2026-01-12 13:13:36 +01:00
Maximilian Bosch
cf07c71418
module: restart worker when cert is changed
...
Closes #12
The worker gets access to the ACME-managed certs via `LoadCredential`,
however that doesn't refresh files when the files in the credential
source change. Explicitly restart the worker to make sure these changes
are reflected in what the worker sees.
2026-01-06 15:06:31 +01:00
Maximilian Bosch
e929253ded
update: 2025.10.2 -> 2025.10.3
...
ChangeLog: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.3
2025-12-17 12:38:30 +01:00
Maximilian Bosch
c487a94057
flake.lock: Update
...
Flake lock file updates:
• Updated input 'flake-compat':
'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5' (2025-10-27)
→ 'github:edolstra/flake-compat/65f23138d8d09a92e30f1e5c87611b23ef451bf3' (2025-12-07)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12)
→ 'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9' (2025-12-15)
• Updated input 'flake-parts/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29)
→ 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85' (2025-12-14)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17)
→ 'github:NixOS/nixpkgs/1306659b587dc277866c7b69eb97e5f07864d8c4' (2025-12-15)
• Updated input 'pyproject-build-systems':
'github:pyproject-nix/build-system-pkgs/795a980d25301e5133eca37adae37283ec3c8e66' (2025-10-29)
→ 'github:pyproject-nix/build-system-pkgs/042904167604c681a090c07eb6967b4dd4dae88c' (2025-11-20)
• Updated input 'pyproject-nix':
'github:pyproject-nix/pyproject.nix/7d3d8848358ccbd415afe2139f12b9e1508d3ace' (2025-11-18)
→ 'github:pyproject-nix/pyproject.nix/2c8df1383b32e5443c921f61224b198a2282a657' (2025-11-26)
• Updated input 'uv2nix':
'github:pyproject-nix/uv2nix/c9752c6c5915eece99505612d8f7805185cff990' (2025-11-17)
→ 'github:pyproject-nix/uv2nix/4cca323a547a1aaa9b94929c4901bed5343eafe8' (2025-12-13)
2025-12-17 11:11:58 +01:00
Maximilian Bosch
4a67075708
flake.lock: Update
...
Flake lock file updates:
• Updated input 'flake-compat':
'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885' (2025-05-12)
→ 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5' (2025-10-27)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04' (2025-10-20)
→ 'github:hercules-ci/flake-parts/52a2caecc898d0b46b2b905f058ccc5081f842da' (2025-11-12)
• Updated input 'flake-parts/nixpkgs-lib':
'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6' (2025-08-10)
→ 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc' (2025-10-29)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/01f116e4df6a15f4ccdffb1bcd41096869fb385c' (2025-10-22)
→ 'github:NixOS/nixpkgs/89c2b2330e733d6cdb5eae7b899326930c2c0648' (2025-11-17)
• Updated input 'pyproject-build-systems':
'github:pyproject-nix/build-system-pkgs/dbfc0483b5952c6b86e36f8b3afeb9dde30ea4b5' (2025-09-29)
→ 'github:pyproject-nix/build-system-pkgs/795a980d25301e5133eca37adae37283ec3c8e66' (2025-10-29)
• Updated input 'pyproject-nix':
'github:pyproject-nix/pyproject.nix/84c4ea102127c77058ea1ed7be7300261fafc7d2' (2025-10-14)
→ 'github:pyproject-nix/pyproject.nix/7d3d8848358ccbd415afe2139f12b9e1508d3ace' (2025-11-18)
• Updated input 'uv2nix':
'github:pyproject-nix/uv2nix/e6e728d9719e989c93e65145fe3f9e0c65a021a2' (2025-10-22)
→ 'github:pyproject-nix/uv2nix/c9752c6c5915eece99505612d8f7805185cff990' (2025-11-17)
2025-11-20 13:51:20 +01:00
Maximilian Bosch
a5c8611fda
update: 2025.10.1 -> 2025.10.2
...
Changes: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.2
Fixes CVE-2025-64521[1] & CVE-2025-64708[2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-64521
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-64708
2025-11-20 13:49:22 +01:00
Maximilian Bosch
c14192ad67
Merge pull request #80 from Ma27/default-pg-host
...
module: set postgresql.host to /run/postgresql
2025-11-09 16:17:37 +01:00
Maximilian Bosch
21cafb4b85
module: set postgresql.host to /run/postgresql
...
Closes #79
So apparently the Python-based server knew to use `/run/postgresql` if
`host` is empty, but the Go driver tripped over it. Use this explicitly
to fix both cases.
2025-11-09 13:37:45 +01:00
Maximilian Bosch
bbd5f56c4b
Merge pull request #78 from Ma27/authentik-2025.10
...
update: 2025.8.4 -> 2025.10.0
2025-11-04 11:44:08 +01:00
Maximilian Bosch
bb1a7604fc
terraform-provider-authentik: 2025.8.0 -> 2025.10.0
2025-11-04 11:18:38 +01:00
Maximilian Bosch
62cb06d2ef
update: 2025.8.4 -> 2025.10.1
...
See https://version-2025-10.goauthentik.io/releases/2025.10/
2025-11-04 11:18:38 +01:00
Maximilian Bosch
ea1e06f9fe
Merge pull request #48 from dminuoso/add-rac-outpost
...
Add RAC outpost
2025-10-29 09:35:59 +01:00
Victor Nawothnig
e31ed431d7
Add RAC outpost
...
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
2025-10-27 15:20:28 +01:00
