Conversation
github-actions
bot
added
6.topic: nixos
gepbird
force-pushed
the
rauthy-init
branch
3 times, most recently
from
238d307 to
d526fa7
Compare
github-actions
bot
added
10.rebuild-darwin: 0
h7x4
added
8.has: module (new)
gepbird
force-pushed
the
rauthy-init
branch
5 times, most recently
from
a6dbb34 to
dd25f21
Compare
sanzoghenzo
left a comment
sanzoghenzo
left a comment
There was a problem hiding this comment.
Hi there, I'm really interested in this addition!
I'm offering my 2 cents here, basically I believe that the postgres can be left out in favor of the embedded hiqlite db.
I still have to test this, and I'm not that great at nix packaging, so feel free to ignore my review if I got it wrong 😉
| after = [ | ||
| "postgresql.service" | ||
| ]; |
There was a problem hiding this comment.
Should this be conditionally set only when settings.HIQLITE is false (default and recommended is true) and settings.DATABASE_URL points to a postgres database?
There was a problem hiding this comment.
Definitely, thanks for the reminder
nixos/tests/rauthy.nix
Outdated
| services.postgresql = { | ||
| enable = true; | ||
| ensureDatabases = [ "rauthy" ]; | ||
| ensureUsers = [ | ||
| { | ||
| name = "rauthy"; | ||
| ensureDBOwnership = true; | ||
| } | ||
| ]; | ||
| }; | ||
| }; |
There was a problem hiding this comment.
The default rauthy settings is to use Hiqlite, so this is useless unless we set the following
services.rauthy.settings = {
HIQLITE = false;
DATABASE_URL = "postgresql://rauthy@localhost:5432/rauthy";
};
There was a problem hiding this comment.
Yes, it should be conditional as well. Or maybe shouldn't even be included as you suggested in the comment, in case someone wants to use postgresql instead of hiqlite, they can do that by writing something similar to this
|
@sanzoghenzo thanks for your interest in rauthy! Unfortunately we tried other alternatives as we couldn't get rauthy working for our use case, but I may pick up this PR again. In the meantime feel free continue this or start your own :) I'd say the package is mostly solid, excluding the postgres/sqlx stuff there (using a newer rauthy version), and would be nice to upstream You can also disable some optimizations to make the build quicker (IIRC it took around half as long and used much less RAM), but this impacts the binary size a little and possibly the performance of the app, that's why I didn't include it in the PR. Build time won't matter that much when it will be built by Hydra. The patch: diff --git a/Cargo.toml b/Cargo.toml
index 20a700da..32ef9974 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,10 +13,11 @@ license = "Apache-2.0"
panic = "abort"
[profile.release]
-codegen-units = 1
-lto = true
+codegen-units = 16
+lto = false
strip = true
panic = "abort"
+opt-level = 2
[patch.crates-io]
#hiqlite = { git = "https://github.com/sebadob/hiqlite.git", branch = "optimized-migration-checks-in-writer", package = "hiqlite" } |
|
Thanks for the info, I'll see if I can get something working.
out of curiosity, what did you settle on? I'm trying it for my homelab, but I was thinking about using it at work (where we're running authentik, but I'm looking for an alternative because it's too much memory hungry for just a handful of logins a day,,,) |
Right now we are using pocket id, but it's not a drop-in replacement: #381867 |
wegank
added
the
2.status: merge conflict
nixpkgs-ci
bot
removed
the
2.status: merge conflict
Flake lock file updates:
• Updated input 'nixpkgs-patch-rauthy-init':
'NixOS/nixpkgs#371091'
→ 'NixOS/nixpkgs#371091'
gepbird
changed the title
Flake lock file updates:
• Updated input 'gep-dotfiles':
'github:gepbird/dotfiles/42ba5c4545d2fe429225215dc95b2bcf369d7bf3' (2025-08-31)
→ 'github:gepbird/dotfiles/c2cbf33231e0ea02109effa7945f824f86291f62' (2025-09-11)
• Updated input 'gep-dotfiles/flake-parts':
'github:hercules-ci/flake-parts/af66ad14b28a127c5c0f3bbb298218fc63528a18' (2025-08-06)
→ 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751' (2025-09-01)
• Updated input 'gep-dotfiles/nix-index-database':
'github:nix-community/nix-index-database/3fe768e1f058961095b4a0d7a2ba15dc9736bdc6' (2025-08-31)
→ 'github:nix-community/nix-index-database/9b144dc3ef6e42b888c4190e02746aab13b0e97f' (2025-09-07)
• Added input 'gep-dotfiles/nixpkgs-patch-rnote-0-13-0':
'NixOS/nixpkgs#440811'
• Updated input 'gep-dotfiles/nvim':
'github:gepbird/nvim/07f41f48e01600e5ed47a910a33534d5c709ab6a' (2025-08-30)
→ 'github:gepbird/nvim/e5c34da926a8aed8fabbe1d5c23e8b2de4608f94' (2025-09-06)
• Updated input 'gep-dotfiles/nvim/neovim-nightly':
'github:nix-community/neovim-nightly-overlay/3edf4118b2bb7182ceabbd9ce0a374c415e5a793' (2025-08-29)
→ 'github:nix-community/neovim-nightly-overlay/b447e494cafb7adaf396714a285245e4d1536a6a' (2025-09-06)
• Updated input 'gep-dotfiles/nvim/neovim-nightly/neovim-src':
'github:neovim/neovim/19f2e5c3eb4194a4b4255abb01991af63c1979b3' (2025-08-28)
→ 'github:neovim/neovim/069be911064d0e64f1efc13348dbb878afaf347f' (2025-09-05)
• Updated input 'gep-dotfiles/nvim/nixvim':
'github:nix-community/nixvim/b7e96214e8e7244eceae73c606dcd243f6d180a3' (2025-08-27)
→ 'github:nix-community/nixvim/7afdd40b96c9168aa4cb49b86fc67eccd441cae5' (2025-09-06)
• Updated input 'home-manager':
'github:nix-community/home-manager/f56bf065f9abedc7bc15e1f2454aa5c8edabaacf' (2025-09-05)
→ 'github:nix-community/home-manager/9eab59f3e71ea3a725e4817d8dcf0da0824ad19d' (2025-09-12)
• Updated input 'moe':
'github:ymstnt-com/moe/61d328888192e2fd6da574ba5fb7792694ccc883' (2025-08-05)
→ 'github:ymstnt-com/moe/fadbbe84dd275581b6941d403596b8e70e78d6ed' (2025-09-12)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1' (2025-09-02)
→ 'github:NixOS/nixpkgs/ab0f3607a6c7486ea22229b92ed2d355f1482ee0' (2025-09-10)
• Removed input 'nixpkgs-patch-pocket-id-1-10-0'
• Updated input 'nixpkgs-patch-rauthy-init':
'NixOS/nixpkgs#371091'
→ 'NixOS/nixpkgs#371091'
• Updated input 'nur':
'github:nix-community/NUR/03e674eeebcdd82b10241b7d331ff03b0794c858' (2025-09-11)
→ 'github:nix-community/NUR/4a083b46f2c333354531fad382d909d0f218fe3a' (2025-09-12)
• Updated input 'ymstnt-dotfiles':
'github:ymstnt/dotfiles/36dc3a4aa51c53809527f4e5376d43fdd51380ce' (2025-09-03)
→ 'github:ymstnt/dotfiles/5318b548df0e809ea935427bac7ab7861a6cc918' (2025-09-08)
Flake lock file updates:
• Updated input 'gep-dotfiles':
'github:gepbird/dotfiles/385ca45882935c2ffe60e934bd0a137969129428' (2025-09-26)
→ 'github:gepbird/dotfiles/42849d2caf2bd8572687cbe5b2e1fe46de3fa842' (2025-10-01)
• Updated input 'home-manager':
'github:nix-community/home-manager/a97df40c1966cc46b5f6817ac8d8e240da03de96' (2025-09-28)
→ 'github:nix-community/home-manager/004753ae6b04c4b18aa07192c1106800aaacf6c3' (2025-10-01)
• Updated input 'nixos-hardware':
'github:NixOS/nixos-hardware/170ff93c860b2a9868ed1e1102d4e52cb3d934e1' (2025-09-23)
→ 'github:NixOS/nixos-hardware/e087756cf4abbe1a34f3544c480fc1034d68742f' (2025-09-30)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/e643668fd71b949c53f8626614b21ff71a07379d' (2025-09-24)
→ 'github:NixOS/nixpkgs/7df7ff7d8e00218376575f0acdcc5d66741351ee' (2025-10-02)
• Removed input 'nixpkgs-patch-pocket-id-1-11-2'
• Updated input 'nixpkgs-patch-rauthy-init':
'NixOS/nixpkgs#371091'
→ 'NixOS/nixpkgs#371091'
• Updated input 'nixpkgs-patcher':
'github:gepbird/nixpkgs-patcher/ed4658540671be09f422232edd1ea9486da4ba3b' (2025-08-29)
→ 'github:gepbird/nixpkgs-patcher/f31d20c2169240388c1e400d536b30ce1ffba1c7' (2025-10-02)
• Updated input 'nur':
'github:nix-community/NUR/e88fd7766e9b1af996a438341cbbd51d6ca1c621' (2025-09-28)
→ 'github:nix-community/NUR/6dca1435284b181fe1f02a6fd2a3e1a0e48912a2' (2025-10-02)
• Updated input 'ymstnt-dotfiles':
'github:ymstnt/dotfiles/de93e6206f526edca1f89edaa0bed0e64e1d731a' (2025-09-24)
→ 'github:ymstnt/dotfiles/58c1b32a875e6049ef53bc01e51b978cda059392' (2025-10-02)
Flake lock file updates:
• Updated input 'nixpkgs-patch-rauthy-init':
'NixOS/nixpkgs#371091'
→ 'NixOS/nixpkgs#371091'
Flake lock file updates:
• Updated input 'gep-dotfiles':
'github:gepbird/dotfiles/cda5a6f4004ff74661ab1f1bc0fb22e93fd21145' (2025-10-09)
→ 'github:gepbird/dotfiles/f3bdc1ce8bcfe51d02f2f2ed83e4bd71773467b0' (2025-10-12)
• Updated input 'gep-dotfiles/nix-index-database':
'github:nix-community/nix-index-database/ec7a78cb0e098832d8acac091a4df393259c4839' (2025-09-28)
→ 'github:nix-community/nix-index-database/0ca69684091aa3a6b1fe994c4afeff305b15e915' (2025-10-05)
• Added input 'gep-dotfiles/nixpkgs-patch-gromit-mpx-fix-build':
'NixOS/nixpkgs#451113'
• Added input 'gep-dotfiles/nixpkgs-patch-qgnomeplatform-fix-build':
'NixOS/nixpkgs#449396'
• Removed input 'gep-dotfiles/nixpkgs-patch-vm-efi-fix'
• Updated input 'gep-dotfiles/nvim':
'github:gepbird/nvim/5c844f6516df198ed1562e400503a38d780abf24' (2025-10-02)
→ 'github:gepbird/nvim/6c944752c09f853324c6de4a93ff8309b3dfbb05' (2025-10-11)
• Updated input 'gep-dotfiles/nvim/neovim-nightly':
'github:nix-community/neovim-nightly-overlay/c208a2bebc96e5bc9db3780ef4d62511ebd83c51' (2025-10-02)
→ 'github:nix-community/neovim-nightly-overlay/d5ef90cf4577df3e3daef7e070d200cca64c889f' (2025-10-11)
• Updated input 'gep-dotfiles/nvim/neovim-nightly/neovim-src':
'github:neovim/neovim/43f7434bd5fa5d13a3aefe4bfaea2973bae7dda2' (2025-10-01)
→ 'github:neovim/neovim/fafc329bbd1e15f9ab595568e8cd8b10295113dd' (2025-10-10)
• Updated input 'gep-dotfiles/nvim/nixvim':
'github:nix-community/nixvim/eb54f65d9b24310a55de000e62ff6053aa8874ed' (2025-10-02)
→ 'github:nix-community/nixvim/c66070248254d4efb619c3423d71ab3592b31234' (2025-10-11)
• Updated input 'home-manager':
'github:nix-community/home-manager/d305eece827a3fe317a2d70138f53feccaf890a1' (2025-10-10)
→ 'github:nix-community/home-manager/722792af097dff5790f1a66d271a47759f477755' (2025-10-17)
• Updated input 'moe':
'github:ymstnt-com/moe/0927b4a2ef76c9510f33a62c47308064b35b9b2f' (2025-09-16)
→ 'github:ymstnt-com/moe/9a41dd75f746ec6817f9cce84230047fd4008b93' (2025-10-15)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/0b4defa2584313f3b781240b29d61f6f9f7e0df3' (2025-10-09)
→ 'github:NixOS/nixpkgs/544961dfcce86422ba200ed9a0b00dd4b1486ec5' (2025-10-15)
• Updated input 'nixpkgs-patch-rauthy-init':
'NixOS/nixpkgs#371091'
→ 'NixOS/nixpkgs#371091'
• Updated input 'nur':
'github:nix-community/NUR/22fdd29f961ea2a82464d618907fd5cdc2d4a457' (2025-10-11)
→ 'github:nix-community/NUR/f0a2d04fc5a1a97773cb1386e1f97865d6d389a2' (2025-10-17)
• Updated input 'ymstnt-dotfiles':
'github:ymstnt/dotfiles/a44b041fb28fd3724d8bae11f60b32a8b3e12748' (2025-10-12)
→ 'github:ymstnt/dotfiles/4b4d7a6175c18430e447b232224da97437a6f3cd' (2025-10-16)
nixpkgs-ci
bot
added
the
2.status: merge conflict
|
@gepbird Are you still interested in packaging this? I'd like to use it, but can't get the new version to build. |
I couldn't get 0.33 working either, but I'm not too interested in packaging this. Feel free to to open a PR when you know how to continue :) |
gepbird
changed the title
|
The package has been merged at #479769 :) For the remaining NixOS module, I don't plan to work on it but I'd be happy to review a PR. I rebased this to master to only add the module, just in case someone wants to continue it from here. Probably easier to start from scratch anyway. |
|
@gepbird, I will also be working on the module in the next few days. I will add you so that you can review it. |
6 participants
Rauthy is a lightweight and easy to use OpenID Connect Identity Provider.
TODO:
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.