eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/containers/authentik/api-go-vendor-hook.nix
Erich Blume efa9806bfa
All checks were successful
Build Container / detect (push) Successful in 3s
Details
Build Container (Nix) / detect (push) Successful in 1s
Details
Build Container / build (authentik) (push) Successful in 2s
Details
Build Container (Nix) / build (authentik) (push) Successful in 22s
Details
C2: Build authentik from source (Mikado chain) (#274) 
## Mikado Chain: build-authentik-from-source

Replace `pkgs.authentik` from nixpkgs with a custom Nix derivation built from source.
This removes the dependency on the nixpkgs packaging timeline and gives full version control.

Target version: **2025.12.4** (nixpkgs reference, upgrading from deployed 2025.10.1).

### Dependency Graph

```
build-authentik-from-source (goal)
├── authentik-go-server-derivation
│   ├── authentik-api-client-generation  ← IN PROGRESS
│   └── authentik-python-backend-derivation
├── authentik-web-ui-derivation
│   └── authentik-api-client-generation  ← IN PROGRESS
└── authentik-python-backend-derivation
```

### Ready Leaves
- `authentik-api-client-generation` — Go + TypeScript client generation from OpenAPI schema
- `authentik-python-backend-derivation` — Django backend with 60+ deps, 4 in-tree packages

### Architecture
Ported from [nixpkgs `pkgs/by-name/au/authentik/package.nix`](https://github.com/NixOS/nixpkgs/tree/master/pkgs/by-name/au/authentik):
- `source.nix` — shared version/source fetch
- `client-go.nix` — Go API client generation
- `client-ts.nix` — TypeScript API client generation
- `api-go-vendor-hook.nix` — Go vendor directory injection hook
- (more components to follow as leaves are closed)

### Related Cards
- [[build-authentik-from-source]] — Goal card
- [[authentik-api-client-generation]]
- [[authentik-python-backend-derivation]]
- [[authentik-web-ui-derivation]]
- [[authentik-go-server-derivation]]

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/274
2026-03-01 13:45:00 -08:00

28 lines
930 B
Nix
Raw Blame History

# Setup hook that injects generated Go API client into the vendor directory
# Replaces vendor/goauthentik.io/api/v3/ with freshly generated client-go output
# Skips during FOD (fixed-output derivation) builds to keep vendorHash stable
{ pkgs ? import <nixpkgs> { }, sources ? import ./sources.nix { inherit pkgs; } }:
let
client-go = import ./client-go.nix { inherit pkgs sources; };
in
pkgs.makeSetupHook
{
name = "authentik-api-go-vendor-hook";
}
(
pkgs.writeShellScript "authentik-api-go-vendor-hook" ''
authentikApiGoVendorHook() {
chmod -R +w vendor/goauthentik.io/api
rm -rf vendor/goauthentik.io/api/v3
cp -r ${client-go} vendor/goauthentik.io/api/v3
echo "Finished authentikApiGoVendorHook"
}
# don't run for FOD, e.g. the goModules build
if [ -z ''${outputHash-} ]; then
postConfigureHooks+=(authentikApiGoVendorHook)
fi
''
)
Reference in a new issue View git blame Copy permalink