Upstreaming this to nixpkgs?

[Janik-Haag]

What do you think about up streaming this to nixpkgs?

[WilliButz]

I'm not opposed to authentik being made available via nixpkgs and have no say in that being done.

However, a thing to consider is that this Nix-based packaging/deployment approach outside the officially supported modes (k8s & docker compose) is only a few weeks old and has to yet to prove itself (partially indicated by "WiP" in the readme).

Also, I personally won't be making an attempt at maintaining authentik in nixpkgs and much prefer to make use of poetry2nix + napalm (as is done here in the repo), providing it as a flake and being flexible with the choice of tooling for the python and especially the npm ecosystem. A secondary motivation is to keep the Nix-packaged version here as close to upstream authentik as possible, i.e without resorting to replacing node or python modules used by the authentik project with a slightly different node or python module version that is readily available from nodePackages or pythonPackages, which would cause a divergence from upstream authentik.

That being my personal view on the matter, I've already had colleagues tell me about their motivation for upstreaming this so that might happen at some point :)

[MarcelCoding]

https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/au/authentik It seems like on unstable there is now authentik.

[sokai]

… and (now) also in 24.05: https://github.com/NixOS/nixpkgs/tree/nixos-24.05/pkgs/by-name/au/authentik

[Janik-Haag]

This request is about the nixos module, not the package :D

[MarcelCoding]

But this module could now drop the custom derivations and start using the nixpks provided and therefore focusing on the module itself and eventually even upstreaming it.

The main concerns raised by @WilliButz have thus been resolved.

[WilliButz]

Similar to what @Janik-Haag stated, I see this as a request for providing the functionality of this flake in upstream nixpkgs, i.e. the combination of the individual authentik components and the module with an integration test that gives me some confidence that things work after updates. Pulling module+test and the packaged components apart as @MarcelCoding proposed is not something I'd like to do.

To me the main points of my initial statement are these:

(...) being flexible with the choice of tooling for the python and especially the npm ecosystem. (...)

(...) keep the Nix-packaged version here as close to upstream authentik as possible, i.e without resorting to replacing node or python modules used by the authentik project with a slightly different node or python module version that is readily available from nodePackages or pythonPackages, which would cause a divergence from upstream authentik.

So I'd like keep this open as long as there is no drop-in replacement for this flake in nixpkgs, so that users of this flake could just do some config changes and be done with it. I'm sure that this wouldn't require module or packaging compatibility, it should be reasonable to go via backup/restore.