tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik-nix/flake.nix
WilliButz a1630aaf9f
update: 2024.6.4 -> 2024.8.1 
Release notes: https://docs.goauthentik.io/docs/releases/2024.8

Still includes the same hacky workaround for one of the dependencies
that was introduced in the 2024.6.1 update. See components/docs.nix for
more information.

Also, as upstream package-lock.json files do not include source hashes
and urls for a lot of dependencies, building authentik from source is
only possible after they've been resolved. This makes it kind of a
gamble to try and reproduce a build with the same set of dependencies
that the devs use. This is why the two relevant lock files are vendored
here now. See upstream issues for more information:
- https://github.com/goauthentik/authentik/issues/6180
- https://github.com/goauthentik/authentik/issues/11169
and the npm issue for the underlying reason:
https://github.com/npm/cli/issues/4263

Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
  → 'github:hercules-ci/flake-parts/567b938d64d4b4112ee253b9274472dc3a346eb6' (2024-09-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
  → 'https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz?narHash=sha256-Ss8QWLXdr2JCBPcYChJhz4xJm%2Bh/xjl4G0c0XlP6a74%3D' (2024-09-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
  → 'github:NixOS/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
• Updated input 'poetry2nix':
    'github:nix-community/poetry2nix/884b66152b0c625b8220b570a31dc7acc36749a3' (2024-08-21)
  → 'github:nix-community/poetry2nix/a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2' (2024-09-05)
2024-09-07 22:07:37 +02:00

129 lines
4.4 KiB
Nix
Raw Blame History

{
description = "Nix package, NixOS module and VM integration test for authentik";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
# nixos-unstable required for go 1.22, until 24.05 release
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
poetry2nix = {
url = "github:nix-community/poetry2nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
napalm = {
url = "github:nix-community/napalm";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
authentik-src = { # change version string in outputs as well when updating
url = "github:goauthentik/authentik/version/2024.8.1";
flake = false;
};
};
outputs = inputs@{
self,
nixpkgs,
flake-parts,
poetry2nix,
napalm,
authentik-src,
...
}:
flake-parts.lib.mkFlake
{ inherit inputs; }
({ inputs, lib, withSystem, ... }:
let
authentik-version = "2024.8.1"; # to pass to the drvs of some components
in {
systems = [
"x86_64-linux"
"aarch64-linux" # not tested
];
flake = { self, ... }: {
nixosModules.default = { pkgs, ... }: {
imports = [ ./module.nix ];
services.authentik.authentikComponents = pkgs.lib.mkDefault (withSystem pkgs.stdenv.hostPlatform.system (
{ config, ... }:
{ inherit (config.packages) manage staticWorkdirDeps migrate pythonEnv frontend gopkgs docs; }
));
};
# returns a scope which includes the attrset `authentikComponents`
#
# the returned scope may be overridden using its `overrideScope` function to
# create a new scope with patched versions of individual authentik components
#
# see ./tests/override-scope.nix for a usage example
lib.mkAuthentikScope = let authentik-version' = authentik-version; in {
pkgs,
system ? pkgs.stdenv.hostPlatform.system,
authentik-version ? authentik-version',
mkPoetryEnv ? (import inputs.poetry2nix { inherit pkgs; }).mkPoetryEnv,
defaultPoetryOverrides ? (import inputs.poetry2nix { inherit pkgs; }).defaultPoetryOverrides,
authentikPoetryOverrides ? import ./poetry2nix-python-overrides.nix pkgs,
buildNapalmPackage ? napalm.legacyPackages.${system}.buildPackage
}:
import ./components {
inherit pkgs authentik-src authentik-version mkPoetryEnv defaultPoetryOverrides authentikPoetryOverrides buildNapalmPackage;
};
};
perSystem = { pkgs, system, self', ... }: let
inherit (self.lib.mkAuthentikScope { inherit pkgs; }) authentikComponents;
in {
packages = {
inherit (authentikComponents)
docs
frontend
pythonEnv
gopkgs
staticWorkdirDeps
migrate
manage;
terraform-provider-authentik = inputs.nixpkgs.legacyPackages.${system}.buildGo121Module rec {
pname = "terraform-provider-authentik";
version = "2024.6.0";
src = pkgs.fetchFromGitHub {
owner = "goauthentik";
repo = pname;
rev = "v${version}";
sha256 = "sha256-LsMpkJms/zmjRH+Fc8dcKC1wNkO5+dIRNfKOff9PNhE=";
};
doCheck = false; # tests are run against authentik -> vm test
vendorHash = "sha256-mlsEdgK+NIf/sae/kIB1FpworX57Y7FPmRRc3ZdPnf8=";
postInstall = ''
path="$out/libexec/terraform-providers/registry.terraform.io/goauthentik/authentik/${version}/''${GOOS}_''${GOARCH}/"
mkdir -p "$path"
mv $out/bin/${pname} $path/${pname}_v${version}
rmdir $out/bin
'';
};
};
checks = {
default = self.checks.${system}.vmtest;
vmtest = (import tests/minimal-vmtest.nix {
inherit pkgs authentik-version;
inherit (self) nixosModules;
});
# override-scope = (import tests/override-scope.nix {
# inherit pkgs authentik-version;
# inherit (self) nixosModules;
# inherit (self.lib) mkAuthentikScope;
# });
};
};
});
}
Reference in a new issue View git blame Copy permalink