tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik-nix/flake.nix
WilliButz 0fc8ad1349
update: 2024.4.3 -> 2024.6.1 
Release notes: https://docs.goauthentik.io/docs/releases/2024.6

Includes a hacky workaround for a node dependency that is required to
build the `/website` subdirectory of the authentik repo, i.e. "docs".
That should not be required after the next major update, as the
dependency causing this is no longer used on authentik's main branch.

See components/docs.nix for more info.

Flake lock file updates:

• Updated input 'authentik-src':
    'github:goauthentik/authentik/5afceaa55f4d831db0cf9d80562e86eb43b622ec' (2024-06-26)
  → 'github:goauthentik/authentik/9075270b01e784d25f2ec08b82e73f1ce3086184' (2024-07-11)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
  → 'github:hercules-ci/flake-parts/c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9' (2024-06-30)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
  → 'https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
• Updated input 'napalm':
    'github:nix-community/napalm/edcb26c266ca37c9521f6a97f33234633cbec186' (2023-12-20)
  → 'github:nix-community/napalm/e1babff744cd278b56abe8478008b4a9e23036cf' (2024-06-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21)
  → 'github:NixOS/nixpkgs/feb2849fdeb70028c70d73b848214b00d324a497' (2024-07-29)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/e6b36523407ae6a7a4dfe29770c30b3a3563b43a' (2024-05-06)
  → 'github:nix-community/poetry2nix/4fd045cdb85f2a0173021a4717dc01d92d7ab2b2' (2024-06-28)
• Updated input 'poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/c6aaf729f34a36c445618580a9f95a48f5e4e03f' (2024-04-25)
  → 'github:numtide/treefmt-nix/68eb1dc333ce82d0ab0c0357363ea17c31ea1f81' (2024-06-16)
2024-07-12 12:24:51 +02:00

129 lines
4.4 KiB
Nix
Raw Blame History

{
description = "Nix package, NixOS module and VM integration test for authentik";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
# nixos-unstable required for go 1.22, until 24.05 release
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
poetry2nix = {
url = "github:nix-community/poetry2nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
napalm = {
url = "github:nix-community/napalm";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
authentik-src = { # change version string in outputs as well when updating
url = "github:goauthentik/authentik/version/2024.6.1";
flake = false;
};
};
outputs = inputs@{
self,
nixpkgs,
flake-parts,
poetry2nix,
napalm,
authentik-src,
...
}:
flake-parts.lib.mkFlake
{ inherit inputs; }
({ inputs, lib, withSystem, ... }:
let
authentik-version = "2024.6.1"; # to pass to the drvs of some components
in {
systems = [
"x86_64-linux"
"aarch64-linux" # not tested
];
flake = { self, ... }: {
nixosModules.default = { pkgs, ... }: {
imports = [ ./module.nix ];
services.authentik.authentikComponents = pkgs.lib.mkDefault (withSystem pkgs.stdenv.hostPlatform.system (
{ config, ... }:
{ inherit (config.packages) manage staticWorkdirDeps migrate pythonEnv frontend gopkgs docs; }
));
};
# returns a scope which includes the attrset `authentikComponents`
#
# the returned scope may be overridden using its `overrideScope` function to
# create a new scope with patched versions of individual authentik components
#
# see ./tests/override-scope.nix for a usage example
lib.mkAuthentikScope = let authentik-version' = authentik-version; in {
pkgs,
system ? pkgs.stdenv.hostPlatform.system,
authentik-version ? authentik-version',
mkPoetryEnv ? (import inputs.poetry2nix { inherit pkgs; }).mkPoetryEnv,
defaultPoetryOverrides ? (import inputs.poetry2nix { inherit pkgs; }).defaultPoetryOverrides,
authentikPoetryOverrides ? import ./poetry2nix-python-overrides.nix pkgs,
buildNapalmPackage ? napalm.legacyPackages.${system}.buildPackage
}:
import ./components {
inherit pkgs authentik-src authentik-version mkPoetryEnv defaultPoetryOverrides authentikPoetryOverrides buildNapalmPackage;
};
};
perSystem = { pkgs, system, self', ... }: let
inherit (self.lib.mkAuthentikScope { inherit pkgs; }) authentikComponents;
in {
packages = {
inherit (authentikComponents)
docs
frontend
pythonEnv
gopkgs
staticWorkdirDeps
migrate
manage;
terraform-provider-authentik = inputs.nixpkgs.legacyPackages.${system}.buildGo121Module rec {
pname = "terraform-provider-authentik";
version = "2024.4.1";
src = pkgs.fetchFromGitHub {
owner = "goauthentik";
repo = pname;
rev = "v${version}";
sha256 = "sha256-+9egBupMRqAICzmw83gH9jg2nr7rBsfA3b7jRogKuPc=";
};
doCheck = false; # tests are run against authentik -> vm test
vendorHash = "sha256-8MD4yy5F9svqtc/i+skCiPtiLnVN8lXW2nvIEH30n2E=";
postInstall = ''
path="$out/libexec/terraform-providers/registry.terraform.io/goauthentik/authentik/${version}/''${GOOS}_''${GOARCH}/"
mkdir -p "$path"
mv $out/bin/${pname} $path/${pname}_v${version}
rmdir $out/bin
'';
};
};
checks = {
default = self.checks.${system}.vmtest;
vmtest = (import tests/minimal-vmtest.nix {
inherit pkgs authentik-version;
inherit (self) nixosModules;
});
# override-scope = (import tests/override-scope.nix {
# inherit pkgs authentik-version;
# inherit (self) nixosModules;
# inherit (self.lib) mkAuthentikScope;
# });
};
};
});
}
Reference in a new issue View git blame Copy permalink