diff --git a/containers/authentik/default.nix b/containers/authentik/default.nix
index c950d08..9733f7f 100644
--- a/containers/authentik/default.nix
+++ b/containers/authentik/default.nix
@@ -15,11 +15,24 @@ pkgs.dockerTools.buildLayeredImage {
     pkgs.tzdata
   ];
 
+  # Create /blueprints with symlinks to built-in blueprint dirs from the Nix store.
+  # The nixpkgs authentik-django package hardcodes blueprints_dir to its Nix store path,
+  # making custom blueprints mounted at /blueprints/custom invisible. This creates a
+  # stable /blueprints root that includes both built-in and custom blueprint directories.
+  extraCommands = ''
+    mkdir -p blueprints
+    for item in nix/store/*authentik-django*/blueprints/*; do
+      name=$(basename "$item")
+      ln -s "/$item" "blueprints/$name"
+    done
+  '';
+
   config = {
     Entrypoint = [ "${pkgs.authentik}/bin/ak" ];
     Env = [
       "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
       "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+      "AUTHENTIK_BLUEPRINTS_DIR=/blueprints"
     ];
     ExposedPorts = {
       "9000/tcp" = { };