eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Fix blueprint loading: create /blueprints symlink dir in container
All checks were successful
Build Container / build (push) Successful in 2s
Details
Build Container (Nix) / build (push) Successful in 1m9s
Details

Browse source 
The nixpkgs authentik-django package hardcodes blueprints_dir to its
Nix store path, making custom blueprints mounted at /blueprints/custom
invisible to the discovery system. Add extraCommands to create a
/blueprints directory with symlinks to the built-in blueprint dirs,
and set AUTHENTIK_BLUEPRINTS_DIR=/blueprints so authentik scans the
unified directory.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-02-20 12:09:12 -08:00
commit b99c655c47
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
containers/authentik/default.nix
View file

@ -15,11 +15,24 @@ pkgs.dockerTools.buildLayeredImage {
pkgs.tzdata
];
# Create /blueprints with symlinks to built-in blueprint dirs from the Nix store.
# The nixpkgs authentik-django package hardcodes blueprints_dir to its Nix store path,
# making custom blueprints mounted at /blueprints/custom invisible. This creates a
# stable /blueprints root that includes both built-in and custom blueprint directories.
extraCommands = ''
mkdir -p blueprints
for item in nix/store/*authentik-django*/blueprints/*; do
name=$(basename "$item")
ln -s "/$item" "blueprints/$name"
done
'';
config = {
Entrypoint = [ "${pkgs.authentik}/bin/ak" ];
Env = [
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
"TZDIR=${pkgs.tzdata}/share/zoneinfo"
"AUTHENTIK_BLUEPRINTS_DIR=/blueprints"
];
ExposedPorts = {
"9000/tcp" = { };