tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik-nix/flake.nix
WilliButz 6df56466f9
factor out components with callPackage to allow for easier overrides 
Before this change it was very inconvenient to override specific
dependencies, e.g. patching something in pythonEnv and having its
dependents use that patched version.
This is just a step towards better overridability for the individual
authentik components, because patched versions of components still need
to be manually passed to their dependents. An overlay-like approach
would be even better.
2023-12-14 15:04:04 +01:00

128 lines
4.6 KiB
Nix
Raw Blame History

{
description = "Nix package, NixOS module and VM integration test for authentik";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
# nixos-unstable required for go 1.21 until 23.11 release
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
# explicitly required for go 1.18 (terraform-provider)
nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05";
poetry2nix = {
url = "github:nix-community/poetry2nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
napalm = {
url = "github:nix-community/napalm";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
authentik-src = { # change version string in outputs as well when updating
url = "github:goauthentik/authentik/version/2023.10.4";
flake = false;
};
};
outputs = inputs@{
self,
nixpkgs,
nixpkgs-23-05,
flake-parts,
poetry2nix,
napalm,
authentik-src,
...
}:
flake-parts.lib.mkFlake
{ inherit inputs; }
({ inputs, lib, withSystem, ... }:
let
authentik-version = "2023.10.4"; # to pass to the drvs of some components
in {
systems = [
"x86_64-linux"
"aarch64-linux" # not tested
];
flake = {
nixosModules.default = { pkgs, ... }: {
imports = [ ./module.nix ];
services.authentik.authentikComponents = pkgs.lib.mkDefault (withSystem pkgs.stdenv.hostPlatform.system (
{ config, ... }:
{ inherit (config.packages) celery staticWorkdirDeps migrate pythonEnv frontend gopkgs docs; }
));
};
};
perSystem = { pkgs, system, self', ... }: let
inherit (import inputs.poetry2nix { inherit pkgs; })
mkPoetryEnv
defaultPoetryOverrides;
authentikComponents = {
inherit (self'.packages) celery staticWorkdirDeps migrate pythonEnv frontend gopkgs docs; };
authentikPoetryOverrides = import ./poetry2nix-python-overrides.nix pkgs;
in {
packages = {
docs = pkgs.callPackage components/docs.nix {
buildNapalmPackage = napalm.legacyPackages.${system}.buildPackage;
inherit authentik-src authentik-version;
};
frontend = pkgs.callPackage components/frontend.nix {
buildNapalmPackage = napalm.legacyPackages.${system}.buildPackage;
inherit authentik-src authentik-version authentikComponents;
};
pythonEnv = pkgs.callPackage components/pythonEnv.nix {
inherit authentik-src mkPoetryEnv defaultPoetryOverrides authentikPoetryOverrides;
};
# server + outposts
gopkgs = pkgs.callPackage components/gopkgs.nix {
inherit authentik-src authentik-version authentikComponents;
};
staticWorkdirDeps = pkgs.callPackage components/staticWorkdirDeps.nix {
inherit authentik-src authentikComponents;
};
migrate = pkgs.callPackage components/migrate.nix {
inherit authentik-src authentikComponents;
};
# worker
celery = pkgs.callPackage components/celery.nix {
inherit authentikComponents;
};
# terraform provider
terraform-provider-authentik = inputs.nixpkgs-23-05.legacyPackages.${system}.buildGo118Module rec {
pname = "terraform-provider-authentik";
version = "2023.10.0";
src = pkgs.fetchFromGitHub {
owner = "goauthentik";
repo = pname;
rev = "v${version}";
sha256 = "sha256-eyWpssvYe3KKr2vfMRBfE4W1xrZZFeP55VmAQoitamc=";
};
doCheck = false; # tests are run against authentik -> vm test
vendorSha256 = "sha256-aDExL3uFLhCqFibrepb2zVOJ7aW5CWjuqtx73w7p1qc=";
postInstall = ''
path="$out/libexec/terraform-providers/registry.terraform.io/goauthentik/authentik/${version}/''${GOOS}_''${GOARCH}/"
mkdir -p "$path"
mv $out/bin/${pname} $path/${pname}_v${version}
rmdir $out/bin
'';
};
};
checks = {
default = self.checks.${system}.vmtest;
vmtest = (import tests/minimal-vmtest.nix {
inherit pkgs authentik-version;
inherit (self) nixosModules;
});
};
};
});
}
Reference in a new issue View git blame Copy permalink