authentik-nix/components/gopkgs.nix

{
  authentik-src,
  authentik-version,
  authentikComponents,
  buildGo125Module,
  lib,
  makeWrapper,
  guacamole-server,
  stdenv,
  patches,
  generatedGoClient,
}:

let
  guacamoleAvailable = lib.meta.availableOn stdenv.hostPlatform guacamole-server;

in
buildGo125Module {
  pname = "authentik-gopkgs";
  version = authentik-version;
  inherit patches;
  prePatch = ''
    sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' web/static.go
    sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' internal/web/static.go
    sed -i"" -e 's,./lifecycle/gunicorn.conf.py,${authentikComponents.staticWorkdirDeps}/lifecycle/gunicorn.conf.py,' internal/gounicorn/gounicorn.go
    cp --no-preserve=mode -vr ${generatedGoClient} gen-go-api
    echo "replace goauthentik.io/api/v3 => ./gen-go-api" >>go.mod
    go mod edit -require=goauthentik.io/api/v3@v3.0.0
  '' + lib.optionalString guacamoleAvailable ''
    substituteInPlace internal/outpost/rac/guacd.go \
      --replace-fail '/opt/guacamole/sbin/guacd' \
                     "${lib.getExe guacamole-server}"
  '';
  src = lib.cleanSourceWith {
    src = authentik-src;
    filter = (
      path: _:
      (builtins.any (x: x) (
        (map (infix: lib.hasInfix infix path) [
          "/authentik"
          "/cmd"
          "/internal"
        ])
        ++ (map (suffix: lib.hasSuffix suffix path) [
          "/web"
          "/web/static.go"
          "/web/robots.txt"
          "/web/security.txt"
          "go.mod"
          "go.sum"
          "schema.yml"
        ])
      ))
    );
  };
  outputs = [
    "out"
    "ldap"
    "proxy"
    "radius"
  ] ++ lib.optionals guacamoleAvailable [
    "rac"
  ];
  subPackages = [
    "cmd/ldap"
    "cmd/server"
    "cmd/proxy"
    "cmd/radius"
  ] ++ lib.optionals guacamoleAvailable [
    "cmd/rac"
  ];
  vendorHash = "sha256-meqQHr5U0/6nc8fv1b4SFo2ohFcwSeAmSB1eLKsO9nc=";
  nativeBuildInputs = [ makeWrapper ];
  doCheck = false;
  postInstall = ''
    wrapProgram $out/bin/server --prefix PATH : ${authentikComponents.pythonEnv}/bin
    wrapProgram $out/bin/server --prefix PYTHONPATH : ${authentikComponents.staticWorkdirDeps}

    mkdir -p $ldap/bin $proxy/bin $radius/bin
    mv $out/bin/ldap $ldap/bin/
    mv $out/bin/proxy $proxy/bin/
    mv $out/bin/radius $radius/bin/
  '' + lib.optionalString guacamoleAvailable ''
    mkdir -p $rac/bin
    mv $out/bin/rac $rac/bin/
  '';
}