2026-01-19 13:09:41 +01:00
4 changed files with 52 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -30,7 +30,9 @@
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
        "napalm": "napalm",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
        "pyproject-build-systems": "pyproject-build-systems",
        "pyproject-nix": "pyproject-nix",
        "systems": "systems_2",
@ -53,16 +55,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1765907481,
-        "narHash": "sha256-d0pPNE2T30COdFse0T15Mx8XW4BGg8hgPQvmW2dAV9s=",
+        "lastModified": 1768494865,
+        "narHash": "sha256-VeROJ72UbzKnEJz8pDXYDtbI/XV9KKGaBQ8N41uEaAA=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "0d617e4ad1eb9e4540ba5381e6ce06e971affc63",
+        "rev": "bcefa8b7a138850e9a50f8f124bd3e3853467da7",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2025.10.3",
+        "ref": "version-2025.10",
        "repo": "authentik",
        "type": "github"
      }
@ -374,16 +376,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1765779637,
-        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
+        "lastModified": 1768323494,
+        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
+        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -419,22 +421,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1768323494,
-        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "pyproject-build-systems": {
      "inputs": {
        "nixpkgs": [
@ -493,7 +479,7 @@
        "home-manager": "home-manager_2",
        "lix-module": "lix-module",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -38,6 +38,10 @@

    authentik-nix = {
      url = "github:nix-community/authentik-nix";
+
+      # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.authentik-src.url = "github:goauthentik/authentik/version-2025.10";
    };
  };

--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -71,7 +71,7 @@ let
      hostModule = cfg.module;
      unstable = cfg.unstable or false;
      extraModules = cfg.extraModules or [ ];
-      specialArgs = cfg.specialArgs or { };
+      specialArgs = { inherit authentik-nix; } // (cfg.specialArgs or { });
    }
  ) hostDefs;

--- a/modules/services/authentik.nix
+++ b/modules/services/authentik.nix
@ -2,6 +2,7 @@
  lib,
  config,
  pkgs,
+  authentik-nix,
  ...
 }:
 let
@ -90,20 +91,42 @@ in
  config = lib.mkMerge [
    (lib.mkIf cfg.enable {

-      services.authentik = {
-        enable = true;
-        environmentFile = cfg.envFile;
-        settings = {
-          email = cfg.email;
-          disable_startup_analytics = true;
-          avatars = "initials";
-        };
-        nginx = {
+      services.authentik =
+        # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86
+        let
+          customAuthentikScope = authentik-nix.lib.mkAuthentikScope {
+            inherit pkgs;
+          };
+
+          # Override the scope to change gopkgs
+          overriddenScope = customAuthentikScope.overrideScope (
+            final: prev: {
+              authentikComponents = prev.authentikComponents // {
+                gopkgs = prev.authentikComponents.gopkgs.override {
+                  buildGo124Module = pkgs.buildGo125Module;
+                };
+              };
+            }
+          );
+        in
+        {
          enable = true;
-          enableACME = false;
-          host = "${cfg.proxy.subdomain}.${cfg.proxy.domain}";
+
+          # Waiting for PR https://github.com/nix-community/authentik-nix/pull/86
+          inherit (overriddenScope) authentikComponents;
+
+          environmentFile = cfg.envFile;
+          settings = {
+            email = cfg.email;
+            disable_startup_analytics = true;
+            avatars = "initials";
+          };
+          nginx = {
+            enable = true;
+            enableACME = false;
+            host = "${cfg.proxy.subdomain}.${cfg.proxy.domain}";
+          };
        };
-      };

      # Add your package to system packages
      environment.systemPackages = [ rfc-7033 ];