The store is world-readable, so secrets shouldn't end up there in the
first place. On top, `types.path` has the following behavior:
* `toString foo` returns the absolute path
* `${foo}` copies the path silently into the store and returns the
store-path.
This happens without any real feedback, so this can be caused by an
innocent looking change.
To address this problem, `pathsWith` was introduced into <nixpkgs/lib>
which allows absolute paths represented as string, but rejects things
pointing to the store and path literals which may be copied later on.
`wait_for_text()` takes a regex and it seems that sometimes OCR fails to
recognize the dots in the version string. To make this more resilient,
zero or one symbol is not matched between the numerical components of
the version string.
Fixes divergence between the two test scripts.
The test doesn't need to be executed by default. It is just a
demonstration on how to use a custom scope that can be created with
the function `mkAuthentikScope`, that is available through the `lib`
flake output.
* provides a new function `lib.mkAuthentikScope` as a flake output to
create a custom scope with overrides outside of this flake
* adds a slightly altered version of existing vm test to demonstrate the
usage of `mkAuthentikScope` for overriding individual authentik
components in tests/override-scope.nix
