Erich Blume 8116d6294a Complete build-authentik-container leaf node

Image registry.ops.eblu.me/blumeops/authentik:v1.0.0-nix built
via Nix on ringtail and verified in zot registry.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-20 10:12:50 -08:00

1.3 KiB

Raw Blame History

title

modified

Build Authentik Container Image

Build and publish a Nix-based container image for Authentik to the local registry.

Context

Discovered while attempting deploy-authentik: the deployment references registry.ops.eblu.me/blumeops/authentik:v1.0.0-nix which doesn't exist. Authentik's nixpkgs package (pkgs.authentik) provides the ak wrapper which orchestrates a Go server binary and Python Django worker.

What to Do

Verify containers/authentik/default.nix builds on ringtail (the Nix builder runs there)
The ak entrypoint needs bash (included via bashInteractive) and orchestrates both server and worker subcommands
Tag and release: mise run container-tag-and-release authentik v1.0.0
Verify the -nix tagged image appears in the registry

What We Learned

The entrypoint is ak (bash wrapper), not authentik (Go binary)
ak server runs the Go HTTP server, ak worker runs the Python Django worker
pkgs.authentik bundles Go binary, Python environment, and static assets via wrapProgram
nixpkgs has v2025.10.1, upstream latest is 2025.12.4 — acceptable for initial deployment
Container needs bashInteractive since ak is a bash script

deploy-authentik — Parent goal

1.3 KiB Raw Blame History

Build Authentik Container Image

Context

What to Do

What We Learned

Related

1.3 KiB

Raw Blame History