From b99c655c478281955c441b8b010526d11f3111fc Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Fri, 20 Feb 2026 12:09:12 -0800 Subject: [PATCH] Fix blueprint loading: create /blueprints symlink dir in container The nixpkgs authentik-django package hardcodes blueprints_dir to its Nix store path, making custom blueprints mounted at /blueprints/custom invisible to the discovery system. Add extraCommands to create a /blueprints directory with symlinks to the built-in blueprint dirs, and set AUTHENTIK_BLUEPRINTS_DIR=/blueprints so authentik scans the unified directory. Co-Authored-By: Claude Opus 4.6 --- containers/authentik/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/containers/authentik/default.nix b/containers/authentik/default.nix index c950d08..9733f7f 100644 --- a/containers/authentik/default.nix +++ b/containers/authentik/default.nix @@ -15,11 +15,24 @@ pkgs.dockerTools.buildLayeredImage { pkgs.tzdata ]; + # Create /blueprints with symlinks to built-in blueprint dirs from the Nix store. + # The nixpkgs authentik-django package hardcodes blueprints_dir to its Nix store path, + # making custom blueprints mounted at /blueprints/custom invisible. This creates a + # stable /blueprints root that includes both built-in and custom blueprint directories. + extraCommands = '' + mkdir -p blueprints + for item in nix/store/*authentik-django*/blueprints/*; do + name=$(basename "$item") + ln -s "/$item" "blueprints/$name" + done + ''; + config = { Entrypoint = [ "${pkgs.authentik}/bin/ak" ]; Env = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "TZDIR=${pkgs.tzdata}/share/zoneinfo" + "AUTHENTIK_BLUEPRINTS_DIR=/blueprints" ]; ExposedPorts = { "9000/tcp" = { };