search

nix-community / authentik-nix

Nix flake with package, NixOS module and basic VM test for authentik. Trying to provide an alternative deployment mode to the officially supported docker-compose approach. Not affiliated with or officially supported by the authentik project [maintainer=@willibutz]
MIT License
82 stars 18 forks source link

Upstreaming this to nixpkgs? #1

Open Janik-Haag opened 1 year ago

Janik-Haag commented 1 year ago

What do you think about up streaming this to nixpkgs?

WilliButz commented 1 year ago

I'm not opposed to authentik being made available via nixpkgs and have no say in that being done.

However, a thing to consider is that this Nix-based packaging/deployment approach outside the officially supported modes (k8s & docker compose) is only a few weeks old and has to yet to prove itself (partially indicated by "WiP" in the readme).

Also, I personally won't be making an attempt at maintaining authentik in nixpkgs and much prefer to make use of poetry2nix + napalm (as is done here in the repo), providing it as a flake and being flexible with the choice of tooling for the python and especially the npm ecosystem. A secondary motivation is to keep the Nix-packaged version here as close to upstream authentik as possible, i.e without resorting to replacing node or python modules used by the authentik project with a slightly different node or python module version that is readily available from nodePackages or pythonPackages, which would cause a divergence from upstream authentik.

That being my personal view on the matter, I've already had colleagues tell me about their motivation for upstreaming this so that might happen at some point :)

MarcelCoding commented 6 months ago

https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/au/authentik It seems like on unstable there is now authentik.

sokai commented 5 months ago

… and (now) also in 24.05: https://github.com/NixOS/nixpkgs/tree/nixos-24.05/pkgs/by-name/au/authentik

Janik-Haag commented 5 months ago

This request is about the nixos module, not the package :D

MarcelCoding commented 5 months ago

But this module could now drop the custom derivations and start using the nixpks provided and therefore focusing on the module itself and eventually even upstreaming it.

The main concerns raised by @WilliButz have thus been resolved.

WilliButz commented 4 months ago

Similar to what @Janik-Haag stated, I see this as a request for providing the functionality of this flake in upstream nixpkgs, i.e. the combination of the individual authentik components and the module with an integration test that gives me some confidence that things work after updates. Pulling module+test and the packaged components apart as @MarcelCoding proposed is not something I'd like to do.

To me the main points of my initial statement are these:

(...) being flexible with the choice of tooling for the python and especially the npm ecosystem. (...)

(...) keep the Nix-packaged version here as close to upstream authentik as possible, i.e without resorting to replacing node or python modules used by the authentik project with a slightly different node or python module version that is readily available from nodePackages or pythonPackages, which would cause a divergence from upstream authentik.

So I'd like keep this open as long as there is no drop-in replacement for this flake in nixpkgs, so that users of this flake could just do some config changes and be done with it. I'm sure that this wouldn't require module or packaging compatibility, it should be reasonable to go via backup/restore.