From 2b1b517f206962b33e98241d152d2100c5eee3ce Mon Sep 17 00:00:00 2001
From: Michael Casey <michael@casey.com.au>
Date: Tue, 28 Jan 2025 22:04:39 +1000
Subject: [PATCH] New Script: Pocket ID (#1779)

* Add pocket-id scripts

* replace whiptail with read

* remove git dependency

* Add missing sed

* fix indentation

* remove assert replace after source update
---
 ct/pocketid.sh              |  95 ++++++++++++++++++++++++++
 install/pocketid-install.sh | 130 ++++++++++++++++++++++++++++++++++++
 json/pocketid.json          |  43 ++++++++++++
 3 files changed, 268 insertions(+)
 create mode 100755 ct/pocketid.sh
 create mode 100644 install/pocketid-install.sh
 create mode 100644 json/pocketid.json

diff --git a/ct/pocketid.sh b/ct/pocketid.sh
new file mode 100755
index 00000000..5e717f6f
--- /dev/null
+++ b/ct/pocketid.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: Snarkenfaugister
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/stonith404/pocket-id
+
+# App Default Values
+APP="PocketID"
+TAGS="identity-provider"
+var_cpu="2"
+var_ram="2048"
+var_disk="4"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+# App Output & Base Settings
+header_info "$APP"
+base_settings
+
+# Core
+variables
+color
+catch_errors
+
+function update_script() {
+    header_info
+    check_container_storage
+    check_container_resources
+
+    if [[ ! -d /opt/pocket-id ]]; then
+        msg_error "No ${APP} Installation Found!"
+        exit
+    fi
+
+    RELEASE=$(curl -fsSL https://api.github.com/repos/stonith404/pocket-id/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+    if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+        msg_info "Updating $APP"
+
+        msg_info "Stopping $APP"
+        systemctl stop pocketid-backend.service
+        systemctl stop pocketid-frontend.service
+        systemctl stop caddy.service
+        msg_ok "Stopped $APP"
+
+        msg_info "Updating $APP to v${RELEASE}"
+        cd /opt
+        cp -r /opt/pocket-id/backend/data /opt/data
+        cp /opt/pocket-id/backend/.env /opt/backend.env
+        cp /opt/pocket-id/frontend/.env /opt/frontend.env
+        rm -r /opt/pocket-id
+        wget -q "https://github.com/stonith404/pocket-id/archive/refs/tags/v${RELEASE}.zip"
+        unzip -q v${RELEASE}.zip
+        mv pocket-id-${RELEASE} /opt/pocket-id
+        mv /opt/data /opt/pocket-id/backend/data
+        mv /opt/backend.env /opt/pocket-id/backend/.env 
+        mv /opt/frontend.env /opt/pocket-id/frontend/.env 
+
+        cd /opt/pocket-id/backend/cmd
+        go build -o ../pocket-id-backend
+        cd ../../frontend
+        npm install
+        npm run build
+        msg_ok "Updated $APP to ${RELEASE}"
+
+        msg_info "Starting $APP"
+        systemctl start pocketid-backend.service
+        systemctl start pocketid-frontend.service
+        systemctl start caddy.service
+        sleep 2
+        msg_ok "Started $APP"
+
+        # Cleaning up
+        msg_info "Cleaning Up"
+        rm -f /opt/v${RELEASE}.zip
+        msg_ok "Cleanup Completed"
+
+        echo "${RELEASE}" >/opt/${APP}_version.txt
+        msg_ok "Update Successful"
+    else
+        msg_ok "No update required. ${APP} is already at ${RELEASE}"
+    fi
+    exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Configure your reverse proxy to point to:${BGN} ${IP}:80${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://{PUBLIC_URL}/login/setup${CL}"
diff --git a/install/pocketid-install.sh b/install/pocketid-install.sh
new file mode 100644
index 00000000..c330ad36
--- /dev/null
+++ b/install/pocketid-install.sh
@@ -0,0 +1,130 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: Snarkenfaugister
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/stonith404/pocket-id
+
+source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y \
+  curl \
+  sudo \
+  mc \
+  gpg \
+  caddy \
+  gcc
+msg_ok "Installed Dependencies"
+
+msg_info "Setting up Node.js Repository"
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" >/etc/apt/sources.list.d/nodesource.list
+msg_ok "Set up Node.js Repository"
+
+msg_info "Installing Node.js"
+$STD apt-get update
+$STD apt-get install -y nodejs
+msg_ok "Installed Node.js"
+
+msg_info "Installing Golang"
+cd /tmp
+set +o pipefail
+GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz")
+wget -q https://golang.org/dl/${GO_RELEASE}
+tar -xzf ${GO_RELEASE} -C /usr/local
+ln -s /usr/local/go/bin/go /usr/bin/go
+set -o pipefail
+msg_ok "Installed Golang"
+
+read -r -p "What public URL do you want to use (e.g. pocketid.mydomain.com)? " public_url
+msg_info "Setup Pocket ID"
+cd /opt
+RELEASE=$(curl -s https://api.github.com/repos/stonith404/pocket-id/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+wget -q "https://github.com/stonith404/pocket-id/archive/refs/tags/v${RELEASE}.zip"
+unzip -q v${RELEASE}.zip
+mv pocket-id-${RELEASE}/ /opt/pocket-id
+
+cd /opt/pocket-id/backend
+cp .env.example .env
+sed -i "s/PUBLIC_APP_URL=http:\/\/localhost/PUBLIC_APP_URL=https:\/\/${public_url}/" .env
+cd cmd
+CGO_ENABLED=1 
+GOOS=linux
+$STD go build -o ../pocket-id-backend
+
+cd ../../frontend
+cp .env.example .env
+sed -i "s/PUBLIC_APP_URL=http:\/\/localhost/PUBLIC_APP_URL=https:\/\/${public_url}/" .env
+$STD npm install
+$STD npm run build
+
+cd ..
+cp reverse-proxy/Caddyfile /etc/caddy/Caddyfile
+echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
+msg_ok "Setup Pocket ID"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/pocketid-backend.service
+[Unit]
+Description=Pocket ID Backend
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+WorkingDirectory=/opt/pocket-id/backend
+EnvironmentFile=/opt/pocket-id/backend/.env
+ExecStart=/opt/pocket-id/backend/pocket-id-backend
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF >/etc/systemd/system/pocketid-frontend.service
+[Unit]
+Description=Pocket ID Frontend
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+WorkingDirectory=/opt/pocket-id/frontend
+EnvironmentFile=/opt/pocket-id/frontend/.env
+ExecStart=/usr/bin/node build/index.js
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+msg_ok "Created Service"
+
+msg_info "Starting Services"
+systemctl enable -q --now pocketid-backend
+systemctl enable -q --now pocketid-frontend
+systemctl restart caddy
+msg_ok "Started Services"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+rm -f /opt/v${RELEASE}.zip
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"
+
+motd_ssh
+customize
diff --git a/json/pocketid.json b/json/pocketid.json
new file mode 100644
index 00000000..a10f0cba
--- /dev/null
+++ b/json/pocketid.json
@@ -0,0 +1,43 @@
+{
+  "name": "Pocket ID",
+  "slug": "pocketid",
+  "categories": [
+    6
+  ],
+  "date_created": "2025-01-27",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 80,
+  "documentation": "https://stonith404.github.io/pocket-id/introduction",
+  "website": "https://github.com/stonith404/pocket-id",
+  "logo": "https://github.com/stonith404/pocket-id/blob/main/docs/static/img/pocket-id.png",
+  "description": "Pocket ID is a simple OIDC provider that allows users to authenticate with their passkeys to your services.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/pocketid.sh",
+      "resources": {
+        "cpu": 2,
+        "ram": 2048,
+        "hdd": 4,
+        "os": "Debian",
+        "version": "12"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "Pocket ID requires https to work.",
+      "type": "warning"
+    },
+    {
+      "text": "Configuration Path: `/opt/pocket-id/backend/.env`, `/opt/pocket-id/frontend/.env`.",
+      "type": "info"
+    }
+  ]
+}