tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik-nix/flake.nix
Maximilian Bosch 6dc84faaec
update: 2025.6.4 -> 2025.8.1 
See https://next.goauthentik.io/releases/2025.8/
ChangeLog: https://next.goauthentik.io/releases/2025.8/#fixed-in-202581

The following things changed:

* We're blocked on going to NodeJS 24.x (which is the version upstream
  uses) because it breaks with napalm[1].

* The worker has been switched from celery to dramatiq. An automatic
  migration of the tasks doesn't exist, the operator must make sure to
  stop the server and let the queue drain[2].

  While this eliminates the need of Redis for Celery, the tests fails
  without Redis. After inspecting the code, it looks like it's still
  needed for e.g. session management.

[1] https://github.com/npm/cli/issues/8541
[2] https://next.goauthentik.io/releases/2025.8/#fixed-in-202581
2025-08-30 12:34:10 +02:00

203 lines
6.4 KiB
Nix
Raw Blame History

{
description = "Nix package, NixOS module and VM integration test for authentik";
inputs = {
systems.url = "github:nix-systems/default-linux";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
flake-parts.url = "github:hercules-ci/flake-parts";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
pyproject-nix = {
url = "github:pyproject-nix/pyproject.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
uv2nix = {
url = "github:pyproject-nix/uv2nix";
inputs.pyproject-nix.follows = "pyproject-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
pyproject-build-systems = {
url = "github:pyproject-nix/build-system-pkgs";
inputs.pyproject-nix.follows = "pyproject-nix";
inputs.uv2nix.follows = "uv2nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
napalm = {
url = "github:willibutz/napalm/avoid-foldl-stack-overflow";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
authentik-src = {
# change version string in outputs as well when updating
url = "github:goauthentik/authentik/version/2025.8.1";
flake = false;
};
};
outputs =
inputs@{
self,
flake-parts,
napalm,
authentik-src,
uv2nix,
pyproject-build-systems,
pyproject-nix,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } (
{
inputs,
lib,
withSystem,
...
}:
let
authentik-version = "2025.8.1"; # to pass to the drvs of some components
in
{
systems = import inputs.systems;
flake =
{ self, ... }:
{
nixosModules.default =
{ pkgs, ... }:
{
imports = [ ./module.nix ];
services.authentik.authentikComponents = pkgs.lib.mkDefault (
withSystem pkgs.stdenv.hostPlatform.system (
{ config, ... }:
{
inherit (config.packages)
manage
staticWorkdirDeps
migrate
pythonEnv
frontend
gopkgs
docs
;
}
)
);
};
# returns a scope which includes the attrset `authentikComponents`
#
# the returned scope may be overridden using its `overrideScope` function to
# create a new scope with patched versions of individual authentik components
#
# see ./tests/override-scope.nix for a usage example
lib.mkAuthentikScope =
let
authentik-version' = authentik-version;
in
{
pkgs,
system ? pkgs.stdenv.hostPlatform.system,
python ? pkgs.python313,
authentik-version ? authentik-version',
buildNapalmPackage ? napalm.legacyPackages.${system}.buildPackage,
}:
pkgs.lib.makeScope pkgs.newScope (final: {
authentikComponents = {
docs = final.callPackage ./components/docs.nix { };
frontend = final.callPackage ./components/frontend.nix { };
pythonEnv = final.callPackage ./components/pythonEnv.nix { };
# server + outposts
gopkgs = final.callPackage ./components/gopkgs.nix { };
staticWorkdirDeps = final.callPackage ./components/staticWorkdirDeps.nix { };
migrate = final.callPackage ./components/migrate.nix { };
# worker
manage = final.callPackage ./components/manage.nix { };
};
# for uv2nix
pythonOverlay = final.callPackage ./components/python-overrides.nix { };
inherit
authentik-src
authentik-version
buildNapalmPackage
uv2nix
pyproject-build-systems
pyproject-nix
python
;
});
};
perSystem =
{
pkgs,
system,
self',
...
}:
let
inherit (self.lib.mkAuthentikScope { inherit pkgs; }) authentikComponents;
in
{
packages = {
inherit (authentikComponents)
docs
frontend
pythonEnv
gopkgs
staticWorkdirDeps
migrate
manage
;
terraform-provider-authentik = inputs.nixpkgs.legacyPackages.${system}.buildGo124Module rec {
pname = "terraform-provider-authentik";
version = "2025.6.0";
src = pkgs.fetchFromGitHub {
owner = "goauthentik";
repo = pname;
rev = "v${version}";
sha256 = "sha256-sg+LHI+QUlv+0HAB0UoXUiF5ZjLuROs/vE+yHUtO9bo=";
};
doCheck = false; # tests are run against authentik -> vm test
vendorHash = "sha256-nyEcdPRurKEHkE7iBxauN4ik6DTmLikEr2f0RjIrhDE=";
postInstall = ''
path="$out/libexec/terraform-providers/registry.terraform.io/goauthentik/authentik/${version}/''${GOOS}_''${GOARCH}/"
mkdir -p "$path"
mv $out/bin/${pname} $path/${pname}_v${version}
rmdir $out/bin
'';
};
};
checks = {
default = self.checks.${system}.vmtest;
vmtest = (
import tests/minimal-vmtest.nix {
inherit pkgs authentik-version;
inherit (self) nixosModules;
}
);
override-scope = (
import tests/override-scope.nix {
inherit pkgs authentik-version;
inherit (self) nixosModules;
inherit (self.lib) mkAuthentikScope;
}
);
};
};
}
);
}
Reference in a new issue View git blame Copy permalink