There aren't any tests, but it's hanging in this phase for a while since
it compiles Go code to see if there are any tests in the modules.
authentik-gopkgs> Running phase: checkPhase
authentik-gopkgs> ? goauthentik.io/cmd/ldap [no test files]
authentik-gopkgs> ? goauthentik.io/cmd/server [no test files]
authentik-gopkgs> ? goauthentik.io/cmd/proxy [no test files]
authentik-gopkgs> ? goauthentik.io/cmd/radius [no test files]
Was changed within upstream commit abc0c2d2a2a0bfb0214798ed6bca9d59359b39f8.
The sole reason this worked was that `settings.storage.media.file.path`
pointed to `./media`, relative to `/var/lib/authentik`.
Update our config accordingly.
The new migration in tenant_files.py references a MEDIA_ROOT directory
based on its own path, which in our case is in the read-only /nix/store.
We need it to refer to the actual authentik state directory instead,
which defaults to /var/lib/authentik/media in module.nix
The media upload feature is build around being deployed in a container
and only enables uploads when `/media` is a mountpoint. This isn't the
case on nixos and as such media uploads are disable.
In order to enable this, we need to patch authentik so that the
`can_save_media` capability is enabled.
* provides a new function `lib.mkAuthentikScope` as a flake output to
create a custom scope with overrides outside of this flake
* adds a slightly altered version of existing vm test to demonstrate the
usage of `mkAuthentikScope` for overriding individual authentik
components in tests/override-scope.nix
Before this change it was very inconvenient to override specific
dependencies, e.g. patching something in pythonEnv and having its
dependents use that patched version.
This is just a step towards better overridability for the individual
authentik components, because patched versions of components still need
to be manually passed to their dependents. An overlay-like approach
would be even better.
