From fda45818c6d064a41406bed5b528169c101b86f2 Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Fri, 16 Jan 2026 23:01:31 +0100 Subject: [PATCH 1/3] chore: update flake inputs 2026-01-16 --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index 5ad6b10..73c5147 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1763643080, - "narHash": "sha256-jlYmjrTw3g5iOYDZBGb5Plw6IyRa+WY60e3GzU19bkk=", + "lastModified": 1768220016, + "narHash": "sha256-jIYGoq90mDkeVEM9r9CHa/3H1ByYp7ZkE0IRf+haysE=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "4a670757083d94a9dceb4929eb88eb9995bc1363", + "rev": "94c544f6cd51735728391c8e9463efc893ddf26b", "type": "github" }, "original": { @@ -53,16 +53,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1763564826, - "narHash": "sha256-xBnAfoAOUslOrxNzY5kV0h67qWMXKZnPC/wgRGXZleQ=", + "lastModified": 1765907481, + "narHash": "sha256-d0pPNE2T30COdFse0T15Mx8XW4BGg8hgPQvmW2dAV9s=", "owner": "goauthentik", "repo": "authentik", - "rev": "2fedc3d0a0ba91c16bb71bd4b2432108ca02e890", + "rev": "0d617e4ad1eb9e4540ba5381e6ce06e971affc63", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.10.2", + "ref": "version/2025.10.3", "repo": "authentik", "type": "github" } @@ -116,11 +116,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1765121682, + "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -260,11 +260,11 @@ ] }, "locked": { - "lastModified": 1765384171, - "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=", + "lastModified": 1767910483, + "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", "owner": "nix-community", "repo": "home-manager", - "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8", + "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", "type": "github" }, "original": { @@ -358,11 +358,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764440730, - "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", + "lastModified": 1768584846, + "narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", + "rev": "cce68f4a54fa4e3d633358364477f5cc1d782440", "type": "github" }, "original": { @@ -374,11 +374,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -390,11 +390,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -421,11 +421,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765311797, - "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=", + "lastModified": 1768323494, + "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b", + "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", "type": "github" }, "original": { @@ -451,11 +451,11 @@ ] }, "locked": { - "lastModified": 1761781027, - "narHash": "sha256-YDvxPAm2WnxrznRqWwHLjryBGG5Ey1ATEJXrON+TWt8=", + "lastModified": 1763662255, + "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "795a980d25301e5133eca37adae37283ec3c8e66", + "rev": "042904167604c681a090c07eb6967b4dd4dae88c", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1763435975, - "narHash": "sha256-SKdpcVuJKMNEXloIpLXY+jDI42+6Ew21vdkl894DxHo=", + "lastModified": 1764134915, + "narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "7d3d8848358ccbd415afe2139f12b9e1508d3ace", + "rev": "2c8df1383b32e5443c921f61224b198a2282a657", "type": "github" }, "original": { @@ -570,11 +570,11 @@ ] }, "locked": { - "lastModified": 1763421857, - "narHash": "sha256-8JurcmEzAkrpm+eUDm8W/+KkU/w/viAeyJhJlIX2qOQ=", + "lastModified": 1765631794, + "narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "c9752c6c5915eece99505612d8f7805185cff990", + "rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8", "type": "github" }, "original": { -- 2.51.2 From 625c0e0367f45037c9b224c13eb1ae74ed0ffa9c Mon Sep 17 00:00:00 2001 From: pazpi Date: Mon, 19 Jan 2026 12:39:51 +0100 Subject: [PATCH 2/3] Fix caddy hash --- modules/networking/caddy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/networking/caddy.nix b/modules/networking/caddy.nix index 3023480..127a9d3 100644 --- a/modules/networking/caddy.nix +++ b/modules/networking/caddy.nix @@ -112,7 +112,7 @@ in enable = true; package = pkgs.caddy.withPlugins { - hash = "sha256-VAMqT7uv42W1vUfP8c+J7pXRkh7narsa0lnxPt3Sf2c="; + hash = "sha256-q/ges8rSHltoZMS3fMaCSHa4xhsMeXKbp+0mqD2QezU="; plugins = [ "github.com/caddy-dns/cloudflare@v0.2.2-0.20250724223520-f589a18c0f5d" "github.com/mholt/caddy-dynamicdns@v0.0.0-20250430031602-b846b9e8fb83" -- 2.51.2 From edf5f148f6a4a829a8d3a8632c9e2ef0768553b9 Mon Sep 17 00:00:00 2001 From: pazpi Date: Mon, 19 Jan 2026 13:05:07 +0100 Subject: [PATCH 3/3] Temp fix for Authentik Waiting for PR https://github.com/nix-community/authentik-nix/pull/86 --- flake.lock | 38 +++++++++------------------ flake.nix | 4 +++ hosts/default.nix | 2 +- modules/services/authentik.nix | 47 +++++++++++++++++++++++++--------- 4 files changed, 52 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 73c5147..61afb81 100644 --- a/flake.lock +++ b/flake.lock @@ -30,7 +30,9 @@ "flake-parts": "flake-parts", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "pyproject-build-systems": "pyproject-build-systems", "pyproject-nix": "pyproject-nix", "systems": "systems_2", @@ -53,16 +55,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1765907481, - "narHash": "sha256-d0pPNE2T30COdFse0T15Mx8XW4BGg8hgPQvmW2dAV9s=", + "lastModified": 1768494865, + "narHash": "sha256-VeROJ72UbzKnEJz8pDXYDtbI/XV9KKGaBQ8N41uEaAA=", "owner": "goauthentik", "repo": "authentik", - "rev": "0d617e4ad1eb9e4540ba5381e6ce06e971affc63", + "rev": "bcefa8b7a138850e9a50f8f124bd3e3853467da7", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.10.3", + "ref": "version-2025.10", "repo": "authentik", "type": "github" } @@ -374,16 +376,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1768323494, + "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -419,22 +421,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1768323494, - "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, "pyproject-build-systems": { "inputs": { "nixpkgs": [ @@ -493,7 +479,7 @@ "home-manager": "home-manager_2", "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable" } }, diff --git a/flake.nix b/flake.nix index 26c2de2..a52a2f3 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,10 @@ authentik-nix = { url = "github:nix-community/authentik-nix"; + + # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86 + inputs.nixpkgs.follows = "nixpkgs"; + inputs.authentik-src.url = "github:goauthentik/authentik/version-2025.10"; }; }; diff --git a/hosts/default.nix b/hosts/default.nix index 3268e99..026e252 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -71,7 +71,7 @@ let hostModule = cfg.module; unstable = cfg.unstable or false; extraModules = cfg.extraModules or [ ]; - specialArgs = cfg.specialArgs or { }; + specialArgs = { inherit authentik-nix; } // (cfg.specialArgs or { }); } ) hostDefs; diff --git a/modules/services/authentik.nix b/modules/services/authentik.nix index e5a41fa..572bf6d 100644 --- a/modules/services/authentik.nix +++ b/modules/services/authentik.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + authentik-nix, ... }: let @@ -90,20 +91,42 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { - services.authentik = { - enable = true; - environmentFile = cfg.envFile; - settings = { - email = cfg.email; - disable_startup_analytics = true; - avatars = "initials"; - }; - nginx = { + services.authentik = + # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86 + let + customAuthentikScope = authentik-nix.lib.mkAuthentikScope { + inherit pkgs; + }; + + # Override the scope to change gopkgs + overriddenScope = customAuthentikScope.overrideScope ( + final: prev: { + authentikComponents = prev.authentikComponents // { + gopkgs = prev.authentikComponents.gopkgs.override { + buildGo124Module = pkgs.buildGo125Module; + }; + }; + } + ); + in + { enable = true; - enableACME = false; - host = "${cfg.proxy.subdomain}.${cfg.proxy.domain}"; + + # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86 + inherit (overriddenScope) authentikComponents; + + environmentFile = cfg.envFile; + settings = { + email = cfg.email; + disable_startup_analytics = true; + avatars = "initials"; + }; + nginx = { + enable = true; + enableACME = false; + host = "${cfg.proxy.subdomain}.${cfg.proxy.domain}"; + }; }; - }; # Add your package to system packages environment.systemPackages = [ rfc-7033 ]; -- 2.51.2