pyrox.dev / nixpkgs
lol
fork atom

authentik,authentik.outposts.{ldap,radius,proxy}: 2025.4.1 -> 2024.6.3

Jan van Brügge fb8f3507 27d0e32c

+113 -28
unified split
+2 -2
pkgs/by-name/au/authentik/ldap.nix
··· 1 1 { 2 2 buildGoModule, 3 3 authentik, 4 + vendorHash, 4 5 }: 5 6 6 7 buildGoModule { 7 8 pname = "authentik-ldap-outpost"; 8 9 inherit (authentik) version src; 9 - 10 - vendorHash = "sha256-cEB22KFDONcJBq/FvLpYKN7Zd06mh8SACvCSuj5i4fI="; 10 + inherit vendorHash; 11 11 12 12 env.CGO_ENABLED = 0; 13 13
+8 -4
pkgs/by-name/au/authentik/outposts.nix
··· 1 - { callPackage }: 2 1 { 3 - ldap = callPackage ./ldap.nix { }; 4 - proxy = callPackage ./proxy.nix { }; 5 - radius = callPackage ./radius.nix { }; 2 + callPackage, 3 + authentik, 4 + vendorHash ? authentik.proxy.vendorHash, 5 + }: 6 + { 7 + ldap = callPackage ./ldap.nix { inherit vendorHash; }; 8 + proxy = callPackage ./proxy.nix { inherit vendorHash; }; 9 + radius = callPackage ./radius.nix { inherit vendorHash; }; 6 10 }
+99 -18
pkgs/by-name/au/authentik/package.nix
··· 4 4 callPackages, 5 5 cacert, 6 6 fetchFromGitHub, 7 - buildNpmPackage, 8 7 buildGoModule, 9 8 runCommand, 10 9 bash, ··· 16 15 }: 17 16 18 17 let 19 - version = "2025.4.1"; 18 + version = "2025.6.4"; 20 19 21 20 src = fetchFromGitHub { 22 21 owner = "goauthentik"; 23 22 repo = "authentik"; 24 23 rev = "version/${version}"; 25 - hash = "sha256-idShMSYIrf3ViG9VFNGNu6TSjBz3Q+GJMMeCzcJwfG4="; 24 + hash = "sha256-bs/ThY3YixwBObahcS7BrOWj0gsaUXI664ldUQlJul8="; 26 25 }; 27 26 28 27 meta = { ··· 30 29 changelog = "https://github.com/goauthentik/authentik/releases/tag/version%2F${version}"; 31 30 homepage = "https://goauthentik.io/"; 32 31 license = lib.licenses.mit; 33 - platforms = lib.platforms.linux; 34 - broken = stdenvNoCC.buildPlatform != stdenvNoCC.hostPlatform; 32 + platforms = [ "x86_64-linux" ]; 35 33 maintainers = with lib.maintainers; [ 36 34 jvanbruegge 37 35 risson ··· 45 43 46 44 sourceRoot = "${src.name}/website"; 47 45 48 - outputHash = "sha256-AnQpjCoCTzm28Wl/t3YHx0Kl0CuMHL2OgRjRB1Trrsw="; 46 + outputHash = "sha256-1qlJf4mVYM5znF3Ifi7CpGMfinUsb/YoXGeM6QLYMis="; 49 47 outputHashMode = "recursive"; 50 48 51 49 nativeBuildInputs = [ ··· 55 53 56 54 buildPhase = '' 57 55 npm ci --cache ./cache 56 + 58 57 rm -r ./cache node_modules/.package-lock.json 59 58 ''; 60 59 ··· 73 72 74 73 postPatch = '' 75 74 substituteInPlace package.json --replace-fail 'cross-env ' "" 75 + substituteInPlace ../packages/docusaurus-config/lib/common.js \ 76 + --replace-fail 'title: "authentik",' 'title: "authentik", future: { experimental_faster : { rspackBundler: false }},' 76 77 ''; 77 78 78 79 sourceRoot = "${src.name}/website"; ··· 82 83 83 84 cp -r ${website-deps} node_modules 84 85 chmod -R +w node_modules 86 + 85 87 pushd node_modules/.bin 86 88 patchShebangs $(readlink docusaurus) 87 89 popd 88 - cat node_modules/.bin/docusaurus 89 - npm run build-bundled 90 + npm run build:schema 91 + npm run build:api 92 + npm run build:docusaurus 90 93 91 94 runHook postBuild 92 95 ''; ··· 120 123 ''; 121 124 }; 122 125 123 - webui = buildNpmPackage { 126 + # prefetch-npm-deps does not save all dependencies even though the lockfile is fine 127 + webui-deps = stdenvNoCC.mkDerivation { 128 + pname = "authentik-webui-deps"; 129 + inherit src version meta; 130 + 131 + sourceRoot = "${src.name}/web"; 132 + 133 + outputHash = "sha256-m0vYUevOz6pof8XqiZHXzgPhkQLUUFOdblmfOjHJUJc="; 134 + outputHashMode = "recursive"; 135 + 136 + nativeBuildInputs = [ 137 + nodejs 138 + cacert 139 + ]; 140 + 141 + postPatch = '' 142 + substituteInPlace packages/core/version/node.js \ 143 + --replace-fail 'import PackageJSON from "../../../../package.json" with { type: "json" };' "" \ 144 + --replace-fail '(PackageJSON.version);' '"${version}";' 145 + ''; 146 + 147 + buildPhase = '' 148 + npm ci --cache ./cache 149 + 150 + rm -r node_modules/chromedriver node_modules/.bin/chromedriver 151 + 152 + rm -r ./cache node_modules/.package-lock.json 153 + rm node_modules/@goauthentik/{core,web-sfe,esbuild-plugin-live-reload} 154 + cp -r packages/core node_modules/@goauthentik/ 155 + cp -r packages/sfe node_modules/@goauthentik/web-sfe 156 + ''; 157 + 158 + installPhase = '' 159 + mv node_modules $out 160 + ''; 161 + 162 + dontPatchShebangs = true; 163 + }; 164 + 165 + webui = stdenvNoCC.mkDerivation { 124 166 pname = "authentik-webui"; 125 167 inherit version meta; 126 168 127 169 src = runCommand "authentik-webui-source" { } '' 128 - mkdir -p $out/web/node_modules/@goauthentik/ 170 + mkdir $out 129 171 cp -r ${src}/web $out/ 130 172 ln -s ${src}/package.json $out/ 131 - ln -s ${src}/website $out/ 173 + chmod -R +w $out/web 174 + ln -s ${src}/website $out/web/ 175 + cp -r ${webui-deps} $out/web/node_modules 176 + chmod -R +w $out/web/node_modules 132 177 ln -s ${clientapi} $out/web/node_modules/@goauthentik/api 133 178 ''; 134 - npmDepsHash = "sha256-i95sH+KUgAQ76cv1+7AE/UA6jsReQMttDGWClNE2Ol4="; 179 + 180 + nativeBuildInputs = [ 181 + nodejs 182 + ]; 135 183 136 184 postPatch = '' 137 185 cd web 186 + 187 + substituteInPlace packages/core/version/node.js \ 188 + --replace-fail 'import PackageJSON from "../../../../package.json" with { type: "json" };' "" \ 189 + --replace-fail '(PackageJSON.version);' '"${version}";' 190 + ''; 191 + 192 + buildPhase = '' 193 + runHook preBuild 194 + 195 + pushd node_modules/.bin 196 + patchShebangs $(readlink rollup) 197 + patchShebangs $(readlink wireit) 198 + patchShebangs $(readlink lit-localize) 199 + popd 200 + 201 + npm run build 202 + 203 + runHook postBuild 138 204 ''; 139 205 140 206 CHROMEDRIVER_FILEPATH = lib.getExe chromedriver; ··· 205 271 pythonImportsCheck = [ "rest_framework" ]; 206 272 }; 207 273 274 + tenant-schemas-celery = prev.tenant-schemas-celery.overrideAttrs (_: rec { 275 + version = "3.0.0"; 276 + 277 + src = fetchFromGitHub { 278 + owner = "maciej-gol"; 279 + repo = "tenant-schemas-celery"; 280 + tag = version; 281 + hash = "sha256-rGLrP8rE9SACMDVpNeBU85U/Sb2lNhsgEgHJhAsdKNM="; 282 + }; 283 + }); 284 + 208 285 authentik-django = prev.buildPythonPackage { 209 286 pname = "authentik-django"; 210 287 inherit version src meta; ··· 218 295 --replace-fail '/blueprints' "$out/blueprints" \ 219 296 --replace-fail './media' '/var/lib/authentik/media' 220 297 substituteInPlace pyproject.toml \ 221 - --replace-fail '"dumb-init",' "" \ 222 298 --replace-fail 'djangorestframework-guardian' 'djangorestframework-guardian2' 223 299 substituteInPlace authentik/stages/email/utils.py \ 224 300 --replace-fail 'web/' '${webui}/' ··· 229 305 prev.pythonRelaxDepsHook 230 306 ]; 231 307 232 - pythonRelaxDeps = [ 233 - "xmlsec" 234 - ]; 308 + pythonRemoveDeps = [ "dumb-init" ]; 309 + 310 + pythonRelaxDeps = true; 235 311 236 312 propagatedBuildInputs = 237 313 with final; ··· 339 415 340 416 env.CGO_ENABLED = 0; 341 417 342 - vendorHash = "sha256-cEB22KFDONcJBq/FvLpYKN7Zd06mh8SACvCSuj5i4fI="; 418 + vendorHash = "sha256-7oX7e7Ni5I6zblEQIeXjYOt4+QNSjH4Rpn7B5Cr5LMc="; 343 419 344 420 postInstall = '' 345 421 mv $out/bin/server $out/bin/authentik ··· 383 459 runHook postInstall 384 460 ''; 385 461 386 - passthru.outposts = callPackages ./outposts.nix { }; 462 + passthru = { 463 + inherit proxy; 464 + outposts = callPackages ./outposts.nix { 465 + inherit (proxy) vendorHash; 466 + }; 467 + }; 387 468 388 469 nativeBuildInputs = [ makeWrapper ]; 389 470
+2 -2
pkgs/by-name/au/authentik/proxy.nix
··· 1 1 { 2 2 buildGoModule, 3 3 authentik, 4 + vendorHash, 4 5 }: 5 6 6 7 buildGoModule { 7 8 pname = "authentik-proxy-outpost"; 8 9 inherit (authentik) version src; 9 - 10 - vendorHash = "sha256-cEB22KFDONcJBq/FvLpYKN7Zd06mh8SACvCSuj5i4fI="; 10 + inherit vendorHash; 11 11 12 12 env.CGO_ENABLED = 0; 13 13
+2 -2
pkgs/by-name/au/authentik/radius.nix
··· 1 1 { 2 2 buildGoModule, 3 3 authentik, 4 + vendorHash, 4 5 }: 5 6 6 7 buildGoModule { 7 8 pname = "authentik-radius-outpost"; 8 9 inherit (authentik) version src; 9 - 10 - vendorHash = "sha256-cEB22KFDONcJBq/FvLpYKN7Zd06mh8SACvCSuj5i4fI="; 10 + inherit vendorHash; 11 11 12 12 env.CGO_ENABLED = 0; 13 13