Release notes: https://docs.goauthentik.io/docs/releases/2024.6
Includes a hacky workaround for a node dependency that is required to
build the `/website` subdirectory of the authentik repo, i.e. "docs".
That should not be required after the next major update, as the
dependency causing this is no longer used on authentik's main branch.
See components/docs.nix for more info.
Flake lock file updates:
• Updated input 'authentik-src':
'github:goauthentik/authentik/5afceaa55f4d831db0cf9d80562e86eb43b622ec' (2024-06-26)
→ 'github:goauthentik/authentik/9075270b01e784d25f2ec08b82e73f1ce3086184' (2024-07-11)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
→ 'github:hercules-ci/flake-parts/c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9' (2024-06-30)
• Updated input 'flake-parts/nixpkgs-lib':
'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
→ 'https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
• Updated input 'napalm':
'github:nix-community/napalm/edcb26c266ca37c9521f6a97f33234633cbec186' (2023-12-20)
→ 'github:nix-community/napalm/e1babff744cd278b56abe8478008b4a9e23036cf' (2024-06-09)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21)
→ 'github:NixOS/nixpkgs/feb2849fdeb70028c70d73b848214b00d324a497' (2024-07-29)
• Updated input 'poetry2nix':
'github:nix-community/poetry2nix/e6b36523407ae6a7a4dfe29770c30b3a3563b43a' (2024-05-06)
→ 'github:nix-community/poetry2nix/4fd045cdb85f2a0173021a4717dc01d92d7ab2b2' (2024-06-28)
• Updated input 'poetry2nix/treefmt-nix':
'github:numtide/treefmt-nix/c6aaf729f34a36c445618580a9f95a48f5e4e03f' (2024-04-25)
→ 'github:numtide/treefmt-nix/68eb1dc333ce82d0ab0c0357363ea17c31ea1f81' (2024-06-16)
There aren't any tests, but it's hanging in this phase for a while since
it compiles Go code to see if there are any tests in the modules.
authentik-gopkgs> Running phase: checkPhase
authentik-gopkgs> ? goauthentik.io/cmd/ldap [no test files]
authentik-gopkgs> ? goauthentik.io/cmd/server [no test files]
authentik-gopkgs> ? goauthentik.io/cmd/proxy [no test files]
authentik-gopkgs> ? goauthentik.io/cmd/radius [no test files]
Was changed within upstream commit abc0c2d2a2a0bfb0214798ed6bca9d59359b39f8.
The sole reason this worked was that `settings.storage.media.file.path`
pointed to `./media`, relative to `/var/lib/authentik`.
Update our config accordingly.
The new migration in tenant_files.py references a MEDIA_ROOT directory
based on its own path, which in our case is in the read-only /nix/store.
We need it to refer to the actual authentik state directory instead,
which defaults to /var/lib/authentik/media in module.nix
The media upload feature is build around being deployed in a container
and only enables uploads when `/media` is a mountpoint. This isn't the
case on nixos and as such media uploads are disable.
In order to enable this, we need to patch authentik so that the
`can_save_media` capability is enabled.
* provides a new function `lib.mkAuthentikScope` as a flake output to
create a custom scope with overrides outside of this flake
* adds a slightly altered version of existing vm test to demonstrate the
usage of `mkAuthentikScope` for overriding individual authentik
components in tests/override-scope.nix
Before this change it was very inconvenient to override specific
dependencies, e.g. patching something in pythonEnv and having its
dependents use that patched version.
This is just a step towards better overridability for the individual
authentik components, because patched versions of components still need
to be manually passed to their dependents. An overlay-like approach
would be even better.
