blumeops/containers/authentik-redis/default.nix

# Nix-built Redis for Authentik
# Attached service: cache/broker (sessions, Celery task queue, caching)
# Uses Redis from nixpkgs, packaged with dockerTools.buildLayeredImage
#
# The version assertion ensures nix-build fails if a flake.lock update
# changes the Redis version — forcing an explicit version acknowledgment
# here and in service-versions.yaml (enforced by container-version-check).
{ pkgs ? import <nixpkgs> { } }:

let
  version = "8.2.3";
in

assert pkgs.redis.version == version;

pkgs.dockerTools.buildLayeredImage {
  name = "blumeops/authentik-redis";
  contents = [
    pkgs.redis
  ];

  config = {
    Entrypoint = [ "${pkgs.redis}/bin/redis-server" ];
    Cmd = [ "--protected-mode" "no" ];
    ExposedPorts = {
      "6379/tcp" = { };
    };
  };
}
Localize authentik-redis: nix-built container from nixpkgs Replace upstream docker.io/library/redis:7-alpine with a nix-built container using Redis 8.2.3 from nixpkgs. Introduces the attached service pattern: parent field in service-versions.yaml, naming convention (<parent>-<component>), and version assertion in default.nix to prevent silent version drift on flake.lock updates. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 13:16:22 -07:00			`# Nix-built Redis for Authentik`
			`# Attached service: cache/broker (sessions, Celery task queue, caching)`
			`# Uses Redis from nixpkgs, packaged with dockerTools.buildLayeredImage`
			`#`
			`# The version assertion ensures nix-build fails if a flake.lock update`
			`# changes the Redis version — forcing an explicit version acknowledgment`
			`# here and in service-versions.yaml (enforced by container-version-check).`
			`{ pkgs ? import <nixpkgs> { } }:`

			`let`
			`version = "8.2.3";`
			`in`

			`assert pkgs.redis.version == version;`

			`pkgs.dockerTools.buildLayeredImage {`
			`name = "blumeops/authentik-redis";`
			`contents = [`
			`pkgs.redis`
			`];`

			`config = {`
			`Entrypoint = [ "${pkgs.redis}/bin/redis-server" ];`
			`Cmd = [ "--protected-mode" "no" ];`
			`ExposedPorts = {`
			`"6379/tcp" = { };`
			`};`
			`};`
			`}`