During initial attempt to build authentik-django on ringtail, discovered
that nixos-25.11's python314 package set has two compat gaps: astor 0.8.1
fails its test suite (uses ast.Num/ast.Str removed in 3.14), and django
defaults to 4.2.x (which doesn't support 3.14). New card documents the
issue and the fix (carry the same overrides nixpkgs uses upstream).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Discovered during implementation: the build-from-source derivations
need to fetch from forge mirrors for supply chain control, but
client-go and django-rest-framework repos aren't mirrored yet.
Also corrects target version to 2026.2.0 (latest stable) — the
whole point of building from source is to escape nixpkgs lag.
Changes:
- New card: mirror-authentik-build-deps
- authentik-api-client-generation now requires mirror-authentik-build-deps
- authentik-python-backend-derivation now requires mirror-authentik-build-deps
- Goal card updated with 2026.2.0 target version
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create goal card and 4 prerequisite cards for building authentik from a
custom Nix derivation instead of using pkgs.authentik from nixpkgs. This
removes the dependency on the nixpkgs packaging timeline and gives full
version control over authentik releases.
Chain: mikado/authentik-source-build
Leaf nodes: authentik-api-client-generation, authentik-python-backend-derivation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
