ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
pkgs/servers/authelia/default.nix Normal file
View File

@@ -0,0 +1,112 @@
{
lib,
stdenv,
nodejs,
pnpm,
fetchFromGitHub,
buildGoModule,
installShellFiles,
callPackage,
nixosTests,
authelia-web ? callPackage ./web.nix { inherit nodejs pnpm fetchFromGitHub; },
}:
let
inherit (import ./sources.nix { inherit fetchFromGitHub; })
pname
version
src
vendorHash
;
web = authelia-web;
in
buildGoModule rec {
inherit
pname
version
src
vendorHash
;
nativeBuildInputs = [ installShellFiles ];
## FIXME: add swagger-ui https://github.com/authelia/authelia/blob/master/cmd/authelia-scripts/cmd/build.go#L148
postPatch = ''
cp -r api internal/server/public_html
cp -r ${web}/share/authelia-web/* internal/server/public_html
'';
subPackages = [ "cmd/authelia" ];
ldflags =
let
p = "github.com/authelia/authelia/v${lib.versions.major version}/internal/utils";
in
[
"-s"
"-w"
"-X ${p}.BuildTag=v${version}"
"-X '${p}.BuildState=tagged clean'"
"-X ${p}.BuildBranch=v${version}"
"-X ${p}.BuildExtra=nixpkgs"
];
# It is required to set this to avoid a change in the
# handling of sync map in go 1.24+
# Upstream issue: https://github.com/authelia/authelia/issues/8980
env.GOEXPERIMENT = "nosynchashtriemap";
# several tests with networking and several that want chromium
doCheck = false;
postInstall = ''
mkdir -p $out/etc/authelia
cp config.template.yml $out/etc/authelia
''
+ lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd authelia \
--bash <($out/bin/authelia completion bash) \
--fish <($out/bin/authelia completion fish) \
--zsh <($out/bin/authelia completion zsh)
'';
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
$out/bin/authelia --help
$out/bin/authelia --version | grep "v${version}"
$out/bin/authelia build-info | grep 'v${version}\|nixpkgs'
runHook postInstallCheck
'';
passthru = {
# if overriding replace the postPatch to put your web UI output in internal/server/public_html
inherit web;
updateScript = ./update.sh;
tests = { inherit (nixosTests) authelia; };
};
meta = with lib; {
homepage = "https://www.authelia.com/";
changelog = "https://github.com/authelia/authelia/releases/tag/v${version}";
description = "Single Sign-On Multi-Factor portal for web apps";
longDescription = ''
Authelia is an open-source authentication and authorization server
providing two-factor authentication and single sign-on (SSO) for your
applications via a web portal. It acts as a companion for reverse proxies
like nginx, Traefik, caddy or HAProxy to let them know whether requests
should either be allowed or redirected to Authelia's portal for
authentication.
'';
license = licenses.asl20;
maintainers = with maintainers; [
jk
dit7ya
nicomem
];
mainProgram = "authelia";
};
}

14
pkgs/servers/authelia/sources.nix Normal file
View File

@@ -0,0 +1,14 @@
{ fetchFromGitHub }:
rec {
pname = "authelia";
version = "4.39.10";
src = fetchFromGitHub {
owner = "authelia";
repo = "authelia";
rev = "v${version}";
hash = "sha256-v6KxDfl/dG4FEC/6V2io5jYlS6FY/WemnZJ7tpikpyM=";
};
vendorHash = "sha256-Gvk5AX0kyIYyFmgvb/TGCIEycTjtdxNLHk9sbrU5Ybw=";
pnpmDepsHash = "sha256-0evGB5UYphBCrVN3/hJfNXJvDGSz77Cm/s7XW7JNU/o=";
}

70
pkgs/servers/authelia/update.sh Executable file
View File

@@ -0,0 +1,70 @@
#! /usr/bin/env nix-shell
#! nix-shell -I nixpkgs=./. -i bash -p coreutils gnused curl nix jq nodejs
set -euo pipefail
DRV_DIR="$(dirname "${BASH_SOURCE[0]}")"
DRV_DIR=$(realpath "$DRV_DIR")
NIXPKGS_ROOT="$DRV_DIR/../../.."
NIXPKGS_ROOT=$(realpath "$NIXPKGS_ROOT")
instantiateClean() {
nix-instantiate --eval --strict -E "with import ./. {}; $1" | cut -d\" -f2
}
fetchNewHash() {
set +eo pipefail
HASH="$(nix-build -A "$1" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')"
set -eo pipefail
if [ -z "$HASH" ]; then
echo "Could not generate hash" >&2
exit 1
else
echo "$HASH"
fi
}
replace() {
sed -i "s@$1@$2@g" "$3"
}
# provide a github token so you don't get rate limited
# if you use gh cli you can use:
# `export GITHUB_TOKEN="$(cat ~/.config/gh/config.yml | yq '.hosts."github.com".oauth_token' -r)"`
# or just set your token by hand:
# `read -s -p "Enter your token: " GITHUB_TOKEN; export GITHUB_TOKEN`
# (we use read so it doesn't show in our shell history and in secret mode so the token you paste isn't visible)
if [ -z "${GITHUB_TOKEN:-}" ]; then
echo "no GITHUB_TOKEN provided - you could meet API request limiting" >&2
fi
OLD_VERSION=$(instantiateClean "authelia.version")
LATEST_TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} --silent https://api.github.com/repos/authelia/authelia/releases/latest | jq -r '.tag_name')
NEW_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//')
if [[ "$OLD_VERSION" == "$NEW_VERSION" ]]; then
echo "already up to date"
exit
fi
TMP_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
echo "New version $NEW_VERSION"
replace "$OLD_VERSION" "$NEW_VERSION" "$DRV_DIR/sources.nix"
OLD_SRC_HASH="$(instantiateClean authelia.src.outputHash)"
echo "Old src hash $OLD_SRC_HASH"
replace "$OLD_SRC_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix"
NEW_SRC_HASH="$(fetchNewHash authelia.src)"
echo "New src hash $NEW_SRC_HASH"
replace "$TMP_HASH" "$NEW_SRC_HASH" "$DRV_DIR/sources.nix"
OLD_PNPM_DEPS_HASH="$(instantiateClean authelia.web.pnpmDeps.outputHash)"
echo "Old pnpm deps hash $OLD_PNPM_DEPS_HASH"
replace "$OLD_PNPM_DEPS_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix"
NEW_PNPM_DEPS_HASH="$(fetchNewHash authelia.web)"
echo "New pnpm deps hash $NEW_PNPM_DEPS_HASH"
replace "$TMP_HASH" "$NEW_PNPM_DEPS_HASH" "$DRV_DIR/sources.nix"
OLD_GO_VENDOR_HASH="$(instantiateClean authelia.vendorHash)"
echo "Old go vendor hash $OLD_GO_VENDOR_HASH"
replace "$OLD_GO_VENDOR_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix"
NEW_GO_VENDOR_HASH="$(fetchNewHash authelia.goModules)"
echo "New go vendor hash $NEW_GO_VENDOR_HASH"
replace "$TMP_HASH" "$NEW_GO_VENDOR_HASH" "$DRV_DIR/sources.nix"

55
pkgs/servers/authelia/web.nix Normal file
View File

@@ -0,0 +1,55 @@
{
stdenv,
nodejs,
pnpm,
fetchFromGitHub,
}:
let
inherit (import ./sources.nix { inherit fetchFromGitHub; })
pname
version
src
pnpmDepsHash
;
in
stdenv.mkDerivation (finalAttrs: {
pname = "${pname}-web";
inherit src version;
sourceRoot = "${finalAttrs.src.name}/web";
nativeBuildInputs = [
nodejs
pnpm.configHook
];
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs)
pname
version
src
sourceRoot
;
fetcherVersion = 1;
hash = pnpmDepsHash;
};
postPatch = ''
substituteInPlace ./vite.config.ts \
--replace 'outDir: "../internal/server/public_html"' 'outDir: "dist"'
'';
postBuild = ''
pnpm run build
'';
installPhase = ''
runHook preInstall
mkdir -p $out/share
mv dist $out/share/authelia-web
runHook postInstall
'';
})