Fix blueprint loading: create /blueprints symlink dir in container

The nixpkgs authentik-django package hardcodes blueprints_dir to its Nix store path, making custom blueprints mounted at /blueprints/custom invisible to the discovery system. Add extraCommands to create a /blueprints directory with symlinks to the built-in blueprint dirs, and set AUTHENTIK_BLUEPRINTS_DIR=/blueprints so authentik scans the unified directory. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 12:56:00 -08:00 · 2026-02-20 12:09:12 -08:00 · 2026-02-20 12:09:12 -08:00
commit b99c655c47
1 changed files with 13 additions and 0 deletions
--- a/containers/authentik/default.nix
+++ b/containers/authentik/default.nix
@ -15,11 +15,24 @@ pkgs.dockerTools.buildLayeredImage {
    pkgs.tzdata
  ];

+  # Create /blueprints with symlinks to built-in blueprint dirs from the Nix store.
+  # The nixpkgs authentik-django package hardcodes blueprints_dir to its Nix store path,
+  # making custom blueprints mounted at /blueprints/custom invisible. This creates a
+  # stable /blueprints root that includes both built-in and custom blueprint directories.
+  extraCommands = ''
+    mkdir -p blueprints
+    for item in nix/store/*authentik-django*/blueprints/*; do
+      name=$(basename "$item")
+      ln -s "/$item" "blueprints/$name"
+    done
+  '';
+
  config = {
    Entrypoint = [ "${pkgs.authentik}/bin/ak" ];
    Env = [
      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
      "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+      "AUTHENTIK_BLUEPRINTS_DIR=/blueprints"
    ];
    ExposedPorts = {
      "9000/tcp" = { };