From 44e9a0d37a4a161355e485c61d2991c7539bc6d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sat, 16 Nov 2024 15:46:33 -0500 Subject: [PATCH 01/39] new scripts for Authentik --- ct/authentik.sh | 118 ++++++++++++++++++++++ install/authentik-install.sh | 185 +++++++++++++++++++++++++++++++++++ json/authentik.json | 39 ++++++++ 3 files changed, 342 insertions(+) create mode 100644 ct/authentik.sh create mode 100644 install/authentik-install.sh create mode 100644 json/authentik.json diff --git a/ct/authentik.sh b/ct/authentik.sh new file mode 100644 index 00000000..321bde30 --- /dev/null +++ b/ct/authentik.sh @@ -0,0 +1,118 @@ +#!/usr/bin/env bash +source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2024 tteck +# Author: tteck (tteckster) +# Co-Author: remz1337 +# License: MIT +# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +function header_info { + clear + cat <<"EOF" + ___ __ __ __ _ __ + / | __ __/ /_/ /_ ___ ____ / /_(_) /__ + / /| |/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/ + / ___ / /_/ / /_/ / / / __/ / / / /_/ / ,< +/_/ |_\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_| + +EOF +} +header_info +echo -e "Loading..." +APP="Authentik" +var_disk="12" +var_cpu="6" +var_ram="8192" +var_os="debian" +var_version="12" +variables +color +catch_errors + +function default_settings() { + CT_TYPE="1" + PW="" + CT_ID=$NEXTID + HN=$NSAPP + DISK_SIZE="$var_disk" + CORE_COUNT="$var_cpu" + RAM_SIZE="$var_ram" + BRG="vmbr0" + NET="dhcp" + GATE="" + APT_CACHER="" + APT_CACHER_IP="" + DISABLEIP6="no" + MTU="" + SD="" + NS="" + MAC="" + VLAN="" + SSH="no" + VERB="no" + echo_default +} + +function update_script() { +header_info +check_container_storage +check_container_resources +if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No ${APP} Installation Found!"; exit; fi +RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') +if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then + whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "SET RESOURCES" "Please set the resources in your ${APP} LXC to ${var_cpu}vCPU and ${var_ram}RAM for the build process before continuing" 10 75 + msg_info "Stopping Authentik" + systemctl stop authentik-server + systemctl stop authentik-worker + msg_ok "Stopped Authentik" + + msg_info "Building Authentik website" + mkdir -p /opt/authentik + wget -qO authentik.tar.gz "${RELEASE}" + tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite + rm -rf authentik.tar.gz + cd /opt/authentik/website + npm install >/dev/null 2>&1 + npm run build-bundled >/dev/null 2>&1 + cd /opt/authentik/web + npm install >/dev/null 2>&1 + npm run build >/dev/null 2>&1 + msg_ok "Built Authentik website" + + msg_info "Installing Python Dependencies" + cd /opt/authentik + poetry install --only=main --no-ansi --no-interaction --no-root >/dev/null 2>&1 + poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt >/dev/null 2>&1 + pip install --no-cache-dir -r requirements.txt >/dev/null 2>&1 + pip install . >/dev/null 2>&1 + msg_ok "Installed Python Dependencies" + + msg_info "Updating ${APP} to v${RELEASE} (Patience)" + cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints + cd /opt/authentik + bash /opt/authentik/lifecycle/ak migrate >/dev/null 2>&1 + echo "${RELEASE}" >/opt/${APP}_version.txt + msg_ok "Updated ${APP} to v${RELEASE}" + + msg_info "Starting Authentik" + systemctl start authentik-server + systemctl start authentik-worker + msg_ok "Started Authentik" + echo -e "\n ⚠️ Ensure you set resources back to normal settings \n" +else + msg_ok "No update required. ${APP} is already at ${RELEASE}" +fi +exit +} + +start +build_container +description + +msg_info "Setting Container to Normal Resources" +pct set $CTID -memory 1024 +pct set $CTID -cores 2 +msg_ok "Set Container to Normal Resources" +msg_ok "Completed Successfully!\n" +echo -e "${APP} should be reachable by going to the following URL. + ${BL}http://${IP}:9000/if/flow/initial-setup/${CL} \n" \ No newline at end of file diff --git a/install/authentik-install.sh b/install/authentik-install.sh new file mode 100644 index 00000000..e887b57e --- /dev/null +++ b/install/authentik-install.sh @@ -0,0 +1,185 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck (tteckster) +# Co-Author: remz1337 +# License: MIT +# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y {curl,sudo,mc} +$STD apt-get install -y gpg pkg-config libffi-dev +$STD apt-get install -y --no-install-recommends build-essential libpq-dev libkrb5-dev +$STD apt-get install -y libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev pkg-config libffi-dev zlib1g-dev libxmlsec1 libxmlsec1-dev libxmlsec1-openssl libmaxminddb0 +msg_ok "Installed Dependencies" + +msg_info "Installing yq" +YQ_LATEST="$(wget -qO- "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')" +$STD wget "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_linux_amd64" -qO /usr/bin/yq +chmod +x /usr/bin/yq +msg_ok "Installed yq" + +msg_info "Installing Python 3.12" +wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz +tar -zxf Python.tgz +cd Python-3.12.1 +$STD ./configure --enable-optimizations +$STD make altinstall +$STD cd - +$STD rm -rf Python-3.12.1 +$STD rm -rf Python.tgz +$STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 +msg_ok "Installed Python 3.12" + +NODE_VER="22" +msg_info "Installing Node.js ${NODE_VER}" +mkdir -p /etc/apt/keyrings +curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg +echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_VER}.x nodistro main" >/etc/apt/sources.list.d/nodesource.list +$STD apt-get update +$STD apt-get install -y nodejs +msg_ok "Installed Node.js ${NODE_VER}" + +msg_info "Building Authentik website" +RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') +mkdir -p /opt/authentik +$STD wget -qO authentik.tar.gz "${RELEASE}" +tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite +rm -rf authentik.tar.gz +cd /opt/authentik/website +$STD npm install +$STD npm run build-bundled +cd /opt/authentik/web +$STD npm install +$STD npm run build +echo "${RELEASE}" >/opt/${APPLICATION}_version.txt +msg_ok "Built Authentik website" + +msg_info "Installing Golang" +cd ~ +set +o pipefail +GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") +$STD wget -q https://golang.org/dl/${GO_RELEASE} +tar -xzf ${GO_RELEASE} -C /usr/local +$STD ln -s /usr/local/go/bin/go /usr/bin/go +rm -rf go/ +rm -rf ${GO_RELEASE} +set -o pipefail +msg_ok "Installed Golang" + +msg_info "Building Go Proxy" +cd /opt/authentik +$STD go mod download +$STD go build -o /go/authentik ./cmd/server +$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/ +msg_ok "Built Go Proxy" + +msg_info "Installing GeoIP" +cd ~ +GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') +$STD wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb +$STD dpkg -i geoipupdate.deb +rm geoipupdate.deb +cat </etc/GeoIP.conf +#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" +#GEOIPUPDATE_VERBOSE="1" +#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID" +#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY" +EOF +msg_ok "Installed GeoIP" + +msg_info "Installing Python Dependencies" +cd /opt/authentik +$STD apt install -y python3-pip +$STD apt install -y git +$STD pip3 install --upgrade pip +$STD pip3 install poetry poetry-plugin-export +$STD ln -s /usr/local/bin/poetry /usr/bin/poetry +$STD poetry install --only=main --no-ansi --no-interaction --no-root +$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt +$STD pip install --no-cache-dir -r requirements.txt +$STD pip install . +msg_ok "Installed Python Dependencies" + +msg_info "Installing Redis" +$STD apt install -y redis-server +systemctl enable -q --now redis-server +msg_ok "Installed Redis" + +msg_info "Installing PostgreSQL" +$STD apt install -y postgresql postgresql-contrib +DB_NAME="authentik" +DB_USER="authentik" +DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" +$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" +$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;" +$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;" +msg_ok "Installed PostgreSQL" + +msg_info "Installing Authentik" +mkdir -p /etc/authentik +cp /opt/authentik/authentik/lib/default.yml /opt/authentik/authentik/lib/default.yml.BAK +mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml +$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml +$STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml +$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml +cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints +$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml +$STD apt install -y python-is-python3 +$STD ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn +$STD ln -s /usr/local/bin/celery /usr/bin/celery +cd /opt/authentik +$STD bash /opt/authentik/lifecycle/ak migrate +msg_ok "Installed Authentik" + +msg_info "Configuring Services" +cat </etc/systemd/system/authentik-server.service +[Unit] +Description = Authentik Server +[Service] +ExecStart=/opt/authentik/authentik-server +WorkingDirectory=/opt/authentik/ +#User=authentik +#Group=authentik +Restart=always +RestartSec=5 +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now authentik-server +sleep 2 +cat </etc/systemd/system/authentik-worker.service +[Unit] +Description = Authentik Worker +[Service] +Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings" +ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events +WorkingDirectory=/opt/authentik/authentik +#User=authentik +#Group=authentik +Restart=always +RestartSec=5 +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now authentik-worker +sleep 5 +msg_ok "Configured Services" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" \ No newline at end of file diff --git a/json/authentik.json b/json/authentik.json new file mode 100644 index 00000000..f3cd8938 --- /dev/null +++ b/json/authentik.json @@ -0,0 +1,39 @@ +{ + "name": "Authentik", + "slug": "authentik", + "categories": [ + 11 + ], + "date_created": "2024-11-06", + "type": "ct", + "updateable": false, + "privileged": false, + "interface_port": "9000", + "documentation": null, + "website": "https://goauthentik.io/", + "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png", + "description": "Authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.", + "install_methods": [ + { + "type": "default", + "script": "ct/authentik.sh", + "resources": { + "cpu": "6", + "ram": "8192", + "hdd": "12", + "os": "debian", + "version": "12" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "Initial configuration at http://:9000/if/flow/initial-setup/", + "type": "warning" + } + ] +} \ No newline at end of file From 94eb8dc31698d9b2e60aaf145404de06476e93b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 17 Nov 2024 14:26:34 -0500 Subject: [PATCH 02/39] Minor clean up based on initial PR review --- ct/authentik.sh | 10 ++------ install/authentik-install.sh | 49 ++++++++++++++++++++++++------------ 2 files changed, 35 insertions(+), 24 deletions(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 321bde30..3dde4f00 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) -# Copyright (c) 2021-2024 tteck -# Author: tteck (tteckster) -# Co-Author: remz1337 +# Copyright (c) 2021-2024 community-scripts ORG +# Author: remz1337 # License: MIT # https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE @@ -98,7 +97,6 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} systemctl start authentik-server systemctl start authentik-worker msg_ok "Started Authentik" - echo -e "\n ⚠️ Ensure you set resources back to normal settings \n" else msg_ok "No update required. ${APP} is already at ${RELEASE}" fi @@ -109,10 +107,6 @@ start build_container description -msg_info "Setting Container to Normal Resources" -pct set $CTID -memory 1024 -pct set $CTID -cores 2 -msg_ok "Set Container to Normal Resources" msg_ok "Completed Successfully!\n" echo -e "${APP} should be reachable by going to the following URL. ${BL}http://${IP}:9000/if/flow/initial-setup/${CL} \n" \ No newline at end of file diff --git a/install/authentik-install.sh b/install/authentik-install.sh index e887b57e..44558b52 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -15,10 +15,27 @@ network_check update_os msg_info "Installing Dependencies (Patience)" -$STD apt-get install -y {curl,sudo,mc} -$STD apt-get install -y gpg pkg-config libffi-dev -$STD apt-get install -y --no-install-recommends build-essential libpq-dev libkrb5-dev -$STD apt-get install -y libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev pkg-config libffi-dev zlib1g-dev libxmlsec1 libxmlsec1-dev libxmlsec1-openssl libmaxminddb0 +$STD apt-get install -y --no-install-recommends \ + curl \ + sudo \ + mc \ + gpg \ + pkg-config \ + libffi-dev \ + build-essential \ + libpq-dev \ + libkrb5-dev \ + libssl-dev \ + libsqlite3-dev \ + tk-dev \ + libgdbm-dev \ + libc6-dev \ + libbz2-dev \ + zlib1g-dev \ + libxmlsec1 \ + libxmlsec1-dev \ + libxmlsec1-openssl \ + libmaxminddb0 msg_ok "Installed Dependencies" msg_info "Installing yq" @@ -48,6 +65,18 @@ $STD apt-get update $STD apt-get install -y nodejs msg_ok "Installed Node.js ${NODE_VER}" +msg_info "Installing Golang" +cd ~ +set +o pipefail +GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") +$STD wget -q https://golang.org/dl/${GO_RELEASE} +tar -xzf ${GO_RELEASE} -C /usr/local +$STD ln -s /usr/local/go/bin/go /usr/bin/go +rm -rf go/ +rm -rf ${GO_RELEASE} +set -o pipefail +msg_ok "Installed Golang" + msg_info "Building Authentik website" RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') mkdir -p /opt/authentik @@ -63,18 +92,6 @@ $STD npm run build echo "${RELEASE}" >/opt/${APPLICATION}_version.txt msg_ok "Built Authentik website" -msg_info "Installing Golang" -cd ~ -set +o pipefail -GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") -$STD wget -q https://golang.org/dl/${GO_RELEASE} -tar -xzf ${GO_RELEASE} -C /usr/local -$STD ln -s /usr/local/go/bin/go /usr/bin/go -rm -rf go/ -rm -rf ${GO_RELEASE} -set -o pipefail -msg_ok "Installed Golang" - msg_info "Building Go Proxy" cd /opt/authentik $STD go mod download From 4783cd104706ef62b108051312a0025321a79713 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:48:18 -0500 Subject: [PATCH 03/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 3dde4f00..84eb76b7 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -60,7 +60,7 @@ if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No $ RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "SET RESOURCES" "Please set the resources in your ${APP} LXC to ${var_cpu}vCPU and ${var_ram}RAM for the build process before continuing" 10 75 - msg_info "Stopping Authentik" + msg_info "Stopping ${APP}" systemctl stop authentik-server systemctl stop authentik-worker msg_ok "Stopped Authentik" From 02ac69e8fa9105f4b6d6237ebc4e4de94e33df95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:48:28 -0500 Subject: [PATCH 04/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 84eb76b7..9a906347 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -63,7 +63,7 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} msg_info "Stopping ${APP}" systemctl stop authentik-server systemctl stop authentik-worker - msg_ok "Stopped Authentik" + msg_ok "Stopped ${APP}" msg_info "Building Authentik website" mkdir -p /opt/authentik From 726a30a18fd25378274a29818ee8fc8810e759bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:48:34 -0500 Subject: [PATCH 05/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 9a906347..2d0ca407 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -76,7 +76,7 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} cd /opt/authentik/web npm install >/dev/null 2>&1 npm run build >/dev/null 2>&1 - msg_ok "Built Authentik website" + msg_ok "Built ${APP} website" msg_info "Installing Python Dependencies" cd /opt/authentik From 175aa8fb9fa55279c88beaf11dee85bf5a8aeaa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:48:40 -0500 Subject: [PATCH 06/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 2d0ca407..4f8ac6a9 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -65,7 +65,7 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} systemctl stop authentik-worker msg_ok "Stopped ${APP}" - msg_info "Building Authentik website" + msg_info "Building ${APP} website" mkdir -p /opt/authentik wget -qO authentik.tar.gz "${RELEASE}" tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite From e641ef650c8db5cd64594b8520a1fb238ed47a74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:48:46 -0500 Subject: [PATCH 07/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 44558b52..4463f3d2 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -186,6 +186,7 @@ WorkingDirectory=/opt/authentik/authentik #Group=authentik Restart=always RestartSec=5 + [Install] WantedBy=multi-user.target EOF From 1bf86dbb4de3ca633ca64ecac753d3941cfd21d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:48:52 -0500 Subject: [PATCH 08/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 4463f3d2..1e0f98ae 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -191,7 +191,6 @@ RestartSec=5 WantedBy=multi-user.target EOF systemctl enable -q --now authentik-worker -sleep 5 msg_ok "Configured Services" motd_ssh From f1eebcaa4b14feff5beeaa5eb871570f68686cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:49:01 -0500 Subject: [PATCH 09/39] Update json/authentik.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- json/authentik.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/json/authentik.json b/json/authentik.json index f3cd8938..691cbf6a 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -9,7 +9,7 @@ "updateable": false, "privileged": false, "interface_port": "9000", - "documentation": null, + "documentation": "https://docs.goauthentik.io/docs/", "website": "https://goauthentik.io/", "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png", "description": "Authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.", From bce51bfb3c04c769454c731bc44a79cadf851127 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:49:10 -0500 Subject: [PATCH 10/39] Update json/authentik.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- json/authentik.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/json/authentik.json b/json/authentik.json index 691cbf6a..75eaebec 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -33,7 +33,7 @@ "notes": [ { "text": "Initial configuration at http://:9000/if/flow/initial-setup/", - "type": "warning" + "type": "info" } ] } \ No newline at end of file From a8a20bca7b4c069ecc76d513a2db0bab0b3df2fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 24 Nov 2024 12:52:05 -0500 Subject: [PATCH 11/39] Minor fixes from havard's review --- ct/authentik.sh | 1 - json/authentik.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 4f8ac6a9..b6a57dfa 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -59,7 +59,6 @@ check_container_resources if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No ${APP} Installation Found!"; exit; fi RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then - whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "SET RESOURCES" "Please set the resources in your ${APP} LXC to ${var_cpu}vCPU and ${var_ram}RAM for the build process before continuing" 10 75 msg_info "Stopping ${APP}" systemctl stop authentik-server systemctl stop authentik-worker diff --git a/json/authentik.json b/json/authentik.json index 75eaebec..9983a31a 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -6,7 +6,7 @@ ], "date_created": "2024-11-06", "type": "ct", - "updateable": false, + "updateable": true, "privileged": false, "interface_port": "9000", "documentation": "https://docs.goauthentik.io/docs/", From ab5aa646349bd2d10c8e0061e130ad3cdcb000f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:46:41 -0500 Subject: [PATCH 12/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index b6a57dfa..e14bf00b 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -87,7 +87,6 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} msg_info "Updating ${APP} to v${RELEASE} (Patience)" cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints - cd /opt/authentik bash /opt/authentik/lifecycle/ak migrate >/dev/null 2>&1 echo "${RELEASE}" >/opt/${APP}_version.txt msg_ok "Updated ${APP} to v${RELEASE}" From bf625c540a7618a86a463cf5fc9e7d8f843e2949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:47:01 -0500 Subject: [PATCH 13/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index e14bf00b..2d07ea5b 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -91,7 +91,7 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} echo "${RELEASE}" >/opt/${APP}_version.txt msg_ok "Updated ${APP} to v${RELEASE}" - msg_info "Starting Authentik" + msg_info "Starting ${APP}" systemctl start authentik-server systemctl start authentik-worker msg_ok "Started Authentik" From 4bbcb6f6a2ce004839fbe0ea6fe44e5e93336111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:47:14 -0500 Subject: [PATCH 14/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index 2d07ea5b..b03fb820 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -94,7 +94,7 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} msg_info "Starting ${APP}" systemctl start authentik-server systemctl start authentik-worker - msg_ok "Started Authentik" + msg_ok "Started ${APP}" else msg_ok "No update required. ${APP} is already at ${RELEASE}" fi From 11828a655acb8e1a0581e5d55d8ede1a5f797485 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:47:47 -0500 Subject: [PATCH 15/39] Update ct/authentik.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- ct/authentik.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index b03fb820..c9d6afcf 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -96,7 +96,7 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} systemctl start authentik-worker msg_ok "Started ${APP}" else - msg_ok "No update required. ${APP} is already at ${RELEASE}" + msg_ok "No update required. ${APP} is already at v${RELEASE}" fi exit } From b1336ebd4486a513df7d278ff130fc06d615b634 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:48:20 -0500 Subject: [PATCH 16/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 1e0f98ae..596c7eac 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (c) 2021-2024 tteck +# Copyright (c) 2021-2024 community-scripts ORG # Author: tteck (tteckster) # Co-Author: remz1337 # License: MIT From fc65cd1406d2b0d94b91b6faa6d96053304c5b50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:48:36 -0500 Subject: [PATCH 17/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 596c7eac..ee6564b6 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -50,7 +50,7 @@ tar -zxf Python.tgz cd Python-3.12.1 $STD ./configure --enable-optimizations $STD make altinstall -$STD cd - +cd ~ $STD rm -rf Python-3.12.1 $STD rm -rf Python.tgz $STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 From 1f050739291eddd240835cc0b51aab01d7f6a050 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:48:52 -0500 Subject: [PATCH 18/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index ee6564b6..2e659050 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -51,7 +51,7 @@ cd Python-3.12.1 $STD ./configure --enable-optimizations $STD make altinstall cd ~ -$STD rm -rf Python-3.12.1 +rm -rf Python-3.12.1 $STD rm -rf Python.tgz $STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 msg_ok "Installed Python 3.12" From 8a0e0dbc11bd0882871d95aec128600ec46e2cda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:49:03 -0500 Subject: [PATCH 19/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 2e659050..3d03918d 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -52,7 +52,7 @@ $STD ./configure --enable-optimizations $STD make altinstall cd ~ rm -rf Python-3.12.1 -$STD rm -rf Python.tgz +rm -rf Python.tgz $STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 msg_ok "Installed Python 3.12" From 89dd4399717f76878f3de9f527c8e10fa1882533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:49:17 -0500 Subject: [PATCH 20/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 3d03918d..797f41ad 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -66,7 +66,6 @@ $STD apt-get install -y nodejs msg_ok "Installed Node.js ${NODE_VER}" msg_info "Installing Golang" -cd ~ set +o pipefail GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") $STD wget -q https://golang.org/dl/${GO_RELEASE} From d1d4f4a1eefa552e175d6b80ae15ceee751cdde8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:49:41 -0500 Subject: [PATCH 21/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 797f41ad..4bc980d6 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -68,7 +68,7 @@ msg_ok "Installed Node.js ${NODE_VER}" msg_info "Installing Golang" set +o pipefail GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") -$STD wget -q https://golang.org/dl/${GO_RELEASE} +wget -q https://golang.org/dl/${GO_RELEASE} tar -xzf ${GO_RELEASE} -C /usr/local $STD ln -s /usr/local/go/bin/go /usr/bin/go rm -rf go/ From 78d5a4bcd38e812c455eb5bf990f1281ed1a1669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:49:58 -0500 Subject: [PATCH 22/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 4bc980d6..0a5af0a0 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -70,7 +70,7 @@ set +o pipefail GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") wget -q https://golang.org/dl/${GO_RELEASE} tar -xzf ${GO_RELEASE} -C /usr/local -$STD ln -s /usr/local/go/bin/go /usr/bin/go +ln -s /usr/local/go/bin/go /usr/bin/go rm -rf go/ rm -rf ${GO_RELEASE} set -o pipefail From d79ea8a6bfa958df211a349485bef481778d5933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:50:10 -0500 Subject: [PATCH 23/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 0a5af0a0..9816b4db 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -79,7 +79,7 @@ msg_ok "Installed Golang" msg_info "Building Authentik website" RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') mkdir -p /opt/authentik -$STD wget -qO authentik.tar.gz "${RELEASE}" +wget -qO authentik.tar.gz "${RELEASE}" tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite rm -rf authentik.tar.gz cd /opt/authentik/website From 793e28202ffc4fc0f52dd460ab5c19aed35d791c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:50:22 -0500 Subject: [PATCH 24/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 9816b4db..685496f1 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -101,7 +101,7 @@ msg_ok "Built Go Proxy" msg_info "Installing GeoIP" cd ~ GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') -$STD wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb +wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb $STD dpkg -i geoipupdate.deb rm geoipupdate.deb cat </etc/GeoIP.conf From 10f99a9809444c3bae172211586faf1bbff813f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:50:46 -0500 Subject: [PATCH 25/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 685496f1..b8df7e3e 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -118,7 +118,7 @@ $STD apt install -y python3-pip $STD apt install -y git $STD pip3 install --upgrade pip $STD pip3 install poetry poetry-plugin-export -$STD ln -s /usr/local/bin/poetry /usr/bin/poetry +ln -s /usr/local/bin/poetry /usr/bin/poetry $STD poetry install --only=main --no-ansi --no-interaction --no-root $STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt $STD pip install --no-cache-dir -r requirements.txt From c46887c0af150b0a9e3310cc4b5288f2e2b0e90a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:50:58 -0500 Subject: [PATCH 26/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index b8df7e3e..098303ec 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -126,7 +126,7 @@ $STD pip install . msg_ok "Installed Python Dependencies" msg_info "Installing Redis" -$STD apt install -y redis-server +$STD apt-get install -y redis-server systemctl enable -q --now redis-server msg_ok "Installed Redis" From 711a0ada002f4e1993650bb99adadfa860ea8d57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:51:11 -0500 Subject: [PATCH 27/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 098303ec..9206de3c 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -131,7 +131,7 @@ systemctl enable -q --now redis-server msg_ok "Installed Redis" msg_info "Installing PostgreSQL" -$STD apt install -y postgresql postgresql-contrib +$STD apt-get install -y postgresql postgresql-contrib DB_NAME="authentik" DB_USER="authentik" DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" From b2f6cb2e5052bbe243f992f635c68a303453b796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:53:58 -0500 Subject: [PATCH 28/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 9206de3c..05755c81 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -152,7 +152,7 @@ $STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/auth cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints $STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml $STD apt install -y python-is-python3 -$STD ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn +ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn $STD ln -s /usr/local/bin/celery /usr/bin/celery cd /opt/authentik $STD bash /opt/authentik/lifecycle/ak migrate From 4f29f7486579f9d75d86fb421be560bd8602ea17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:54:27 -0500 Subject: [PATCH 29/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 05755c81..beb37835 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -153,7 +153,7 @@ cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints $STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml $STD apt install -y python-is-python3 ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn -$STD ln -s /usr/local/bin/celery /usr/bin/celery +ln -s /usr/local/bin/celery /usr/bin/celery cd /opt/authentik $STD bash /opt/authentik/lifecycle/ak migrate msg_ok "Installed Authentik" From 068f296d7448083433596f3cffe7682404993fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:54:45 -0500 Subject: [PATCH 30/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index beb37835..59ab4be7 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -154,7 +154,6 @@ $STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/conf $STD apt install -y python-is-python3 ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn ln -s /usr/local/bin/celery /usr/bin/celery -cd /opt/authentik $STD bash /opt/authentik/lifecycle/ak migrate msg_ok "Installed Authentik" From 9d648c79848e89f1294f3b429699fc4aefd6fd00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:55:01 -0500 Subject: [PATCH 31/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 59ab4be7..28ba7573 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -161,6 +161,7 @@ msg_info "Configuring Services" cat </etc/systemd/system/authentik-server.service [Unit] Description = Authentik Server + [Service] ExecStart=/opt/authentik/authentik-server WorkingDirectory=/opt/authentik/ From b684b6f3581345914530c6950e6e1a904dc91887 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:55:18 -0500 Subject: [PATCH 32/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 28ba7573..a984bc06 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -169,6 +169,7 @@ WorkingDirectory=/opt/authentik/ #Group=authentik Restart=always RestartSec=5 + [Install] WantedBy=multi-user.target EOF From 9140c1e76d3e2fb326ba414069c9ec3a61dd01ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 15:55:36 -0500 Subject: [PATCH 33/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index a984bc06..bc3df313 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -178,6 +178,7 @@ sleep 2 cat </etc/systemd/system/authentik-worker.service [Unit] Description = Authentik Worker + [Service] Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings" ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events From 98296a2cdc23e6544d5d3ecdc4c192c2dd55abb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 16:16:13 -0500 Subject: [PATCH 34/39] More fixes addressing havard's review --- ct/authentik.sh | 20 ++++++++++---------- install/authentik-install.sh | 26 +++++++++++--------------- json/authentik.json | 4 ++-- 3 files changed, 23 insertions(+), 27 deletions(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index c9d6afcf..a2316765 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -18,7 +18,7 @@ EOF } header_info echo -e "Loading..." -APP="Authentik" +APP="authentik" var_disk="12" var_cpu="6" var_ram="8192" @@ -70,24 +70,24 @@ if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP} tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite rm -rf authentik.tar.gz cd /opt/authentik/website - npm install >/dev/null 2>&1 - npm run build-bundled >/dev/null 2>&1 + npm install &>/dev/null + npm run build-bundled &>/dev/null cd /opt/authentik/web - npm install >/dev/null 2>&1 - npm run build >/dev/null 2>&1 + npm install &>/dev/null + npm run build &>/dev/null msg_ok "Built ${APP} website" msg_info "Installing Python Dependencies" cd /opt/authentik - poetry install --only=main --no-ansi --no-interaction --no-root >/dev/null 2>&1 - poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt >/dev/null 2>&1 - pip install --no-cache-dir -r requirements.txt >/dev/null 2>&1 - pip install . >/dev/null 2>&1 + poetry install --only=main --no-ansi --no-interaction --no-root &>/dev/null + poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt &>/dev/null + pip install --no-cache-dir -r requirements.txt &>/dev/null + pip install . &>/dev/null msg_ok "Installed Python Dependencies" msg_info "Updating ${APP} to v${RELEASE} (Patience)" cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints - bash /opt/authentik/lifecycle/ak migrate >/dev/null 2>&1 + bash /opt/authentik/lifecycle/ak migrate &>/dev/null echo "${RELEASE}" >/opt/${APP}_version.txt msg_ok "Updated ${APP} to v${RELEASE}" diff --git a/install/authentik-install.sh b/install/authentik-install.sh index bc3df313..cd9000e1 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -35,7 +35,9 @@ $STD apt-get install -y --no-install-recommends \ libxmlsec1 \ libxmlsec1-dev \ libxmlsec1-openssl \ - libmaxminddb0 + libmaxminddb0 \ + python3-pip \ + git msg_ok "Installed Dependencies" msg_info "Installing yq" @@ -76,7 +78,7 @@ rm -rf ${GO_RELEASE} set -o pipefail msg_ok "Installed Golang" -msg_info "Building Authentik website" +msg_info "Building authentik website" RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') mkdir -p /opt/authentik wget -qO authentik.tar.gz "${RELEASE}" @@ -89,7 +91,7 @@ cd /opt/authentik/web $STD npm install $STD npm run build echo "${RELEASE}" >/opt/${APPLICATION}_version.txt -msg_ok "Built Authentik website" +msg_ok "Built authentik website" msg_info "Building Go Proxy" cd /opt/authentik @@ -114,8 +116,6 @@ msg_ok "Installed GeoIP" msg_info "Installing Python Dependencies" cd /opt/authentik -$STD apt install -y python3-pip -$STD apt install -y git $STD pip3 install --upgrade pip $STD pip3 install poetry poetry-plugin-export ln -s /usr/local/bin/poetry /usr/bin/poetry @@ -142,31 +142,28 @@ $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;" $STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;" msg_ok "Installed PostgreSQL" -msg_info "Installing Authentik" +msg_info "Installing authentik" mkdir -p /etc/authentik -cp /opt/authentik/authentik/lib/default.yml /opt/authentik/authentik/lib/default.yml.BAK mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml $STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml $STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml $STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints $STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml -$STD apt install -y python-is-python3 +ln -s /usr/bin/python3 /usr/bin/python ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn ln -s /usr/local/bin/celery /usr/bin/celery $STD bash /opt/authentik/lifecycle/ak migrate -msg_ok "Installed Authentik" +msg_ok "Installed authentik" msg_info "Configuring Services" cat </etc/systemd/system/authentik-server.service [Unit] -Description = Authentik Server +Description = authentik Server [Service] ExecStart=/opt/authentik/authentik-server WorkingDirectory=/opt/authentik/ -#User=authentik -#Group=authentik Restart=always RestartSec=5 @@ -177,14 +174,12 @@ systemctl enable -q --now authentik-server sleep 2 cat </etc/systemd/system/authentik-worker.service [Unit] -Description = Authentik Worker +Description = authentik Worker [Service] Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings" ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events WorkingDirectory=/opt/authentik/authentik -#User=authentik -#Group=authentik Restart=always RestartSec=5 @@ -198,6 +193,7 @@ motd_ssh customize msg_info "Cleaning up" +$STD apt-get -y remove yq $STD apt-get -y autoremove $STD apt-get -y autoclean msg_ok "Cleaned" \ No newline at end of file diff --git a/json/authentik.json b/json/authentik.json index 9983a31a..2e436f5e 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -1,5 +1,5 @@ { - "name": "Authentik", + "name": "authentik", "slug": "authentik", "categories": [ 11 @@ -12,7 +12,7 @@ "documentation": "https://docs.goauthentik.io/docs/", "website": "https://goauthentik.io/", "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png", - "description": "Authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.", + "description": "authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.", "install_methods": [ { "type": "default", From b6fcf867719e604a6fd1d9760f766003d5a205ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Sun, 8 Dec 2024 16:18:03 -0500 Subject: [PATCH 35/39] Update install/authentik-install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Håvard Gjøby Thom <34199185+havardthom@users.noreply.github.com> --- install/authentik-install.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index cd9000e1..3b6d1484 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -59,7 +59,16 @@ $STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/pytho msg_ok "Installed Python 3.12" NODE_VER="22" -msg_info "Installing Node.js ${NODE_VER}" +msg_info "Setting up Node.js Repository" +mkdir -p /etc/apt/keyrings +curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg +echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" >/etc/apt/sources.list.d/nodesource.list +msg_ok "Set up Node.js Repository" + +msg_info "Installing Node.js" +$STD apt-get update +$STD apt-get install -y nodejs +msg_ok "Installed Node.js" mkdir -p /etc/apt/keyrings curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_VER}.x nodistro main" >/etc/apt/sources.list.d/nodesource.list From 7492d57617f1e80de1e271d4bed165de7ac36c80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Mon, 9 Dec 2024 12:22:35 -0500 Subject: [PATCH 36/39] Cleanup duplicate NodeJS installation commands --- install/authentik-install.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 3b6d1484..4b1ea355 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -58,7 +58,6 @@ rm -rf Python.tgz $STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 msg_ok "Installed Python 3.12" -NODE_VER="22" msg_info "Setting up Node.js Repository" mkdir -p /etc/apt/keyrings curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg @@ -69,12 +68,6 @@ msg_info "Installing Node.js" $STD apt-get update $STD apt-get install -y nodejs msg_ok "Installed Node.js" -mkdir -p /etc/apt/keyrings -curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg -echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_VER}.x nodistro main" >/etc/apt/sources.list.d/nodesource.list -$STD apt-get update -$STD apt-get install -y nodejs -msg_ok "Installed Node.js ${NODE_VER}" msg_info "Installing Golang" set +o pipefail From eca4ad0d1eee2c1d173d7462b6b3c60801373bc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Tue, 10 Dec 2024 11:09:26 -0500 Subject: [PATCH 37/39] Change port value type to numeric --- json/authentik.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/json/authentik.json b/json/authentik.json index 2e436f5e..8b091892 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -8,7 +8,7 @@ "type": "ct", "updateable": true, "privileged": false, - "interface_port": "9000", + "interface_port": 9000, "documentation": "https://docs.goauthentik.io/docs/", "website": "https://goauthentik.io/", "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png", From 6d650b679dfdf8c9d3c7b4661c786db1c6cc5f9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Tue, 10 Dec 2024 11:13:36 -0500 Subject: [PATCH 38/39] Change resources values type to numeric --- json/authentik.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/json/authentik.json b/json/authentik.json index 8b091892..87103bb9 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -18,9 +18,9 @@ "type": "default", "script": "ct/authentik.sh", "resources": { - "cpu": "6", - "ram": "8192", - "hdd": "12", + "cpu": 6, + "ram": 8192, + "hdd": 12, "os": "debian", "version": "12" } From 250ffddee776758f6d21eedf14ae7f757bc3b1cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20B=C3=A9dard-Couture?= Date: Fri, 13 Dec 2024 16:41:20 -0500 Subject: [PATCH 39/39] Addressing latest feedback from PR review --- ct/authentik.sh | 6 +- install/authentik-install.sh | 108 ++++++++++++++++------------------- 2 files changed, 52 insertions(+), 62 deletions(-) diff --git a/ct/authentik.sh b/ct/authentik.sh index a2316765..14e3cea4 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -19,7 +19,7 @@ EOF header_info echo -e "Loading..." APP="authentik" -var_disk="12" +var_disk="15" var_cpu="6" var_ram="8192" var_os="debian" @@ -105,6 +105,4 @@ start build_container description -msg_ok "Completed Successfully!\n" -echo -e "${APP} should be reachable by going to the following URL. - ${BL}http://${IP}:9000/if/flow/initial-setup/${CL} \n" \ No newline at end of file +msg_ok "Completed Successfully!\n" \ No newline at end of file diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 4b1ea355..526832d1 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -15,7 +15,7 @@ network_check update_os msg_info "Installing Dependencies (Patience)" -$STD apt-get install -y --no-install-recommends \ +$STD apt-get install -y \ curl \ sudo \ mc \ @@ -46,17 +46,27 @@ $STD wget "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_lin chmod +x /usr/bin/yq msg_ok "Installed yq" -msg_info "Installing Python 3.12" +msg_info "Installing GeoIP" +GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') +wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb +$STD dpkg -i geoipupdate.deb +cat </etc/GeoIP.conf +#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" +#GEOIPUPDATE_VERBOSE="1" +#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID" +#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY" +EOF +msg_ok "Installed GeoIP" + +msg_info "Setting up Python 3" wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz tar -zxf Python.tgz cd Python-3.12.1 $STD ./configure --enable-optimizations $STD make altinstall cd ~ -rm -rf Python-3.12.1 -rm -rf Python.tgz $STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 -msg_ok "Installed Python 3.12" +msg_ok "Setup Python 3" msg_info "Setting up Node.js Repository" mkdir -p /etc/apt/keyrings @@ -75,58 +85,9 @@ GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz" wget -q https://golang.org/dl/${GO_RELEASE} tar -xzf ${GO_RELEASE} -C /usr/local ln -s /usr/local/go/bin/go /usr/bin/go -rm -rf go/ -rm -rf ${GO_RELEASE} set -o pipefail msg_ok "Installed Golang" -msg_info "Building authentik website" -RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') -mkdir -p /opt/authentik -wget -qO authentik.tar.gz "${RELEASE}" -tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite -rm -rf authentik.tar.gz -cd /opt/authentik/website -$STD npm install -$STD npm run build-bundled -cd /opt/authentik/web -$STD npm install -$STD npm run build -echo "${RELEASE}" >/opt/${APPLICATION}_version.txt -msg_ok "Built authentik website" - -msg_info "Building Go Proxy" -cd /opt/authentik -$STD go mod download -$STD go build -o /go/authentik ./cmd/server -$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/ -msg_ok "Built Go Proxy" - -msg_info "Installing GeoIP" -cd ~ -GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') -wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb -$STD dpkg -i geoipupdate.deb -rm geoipupdate.deb -cat </etc/GeoIP.conf -#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" -#GEOIPUPDATE_VERBOSE="1" -#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID" -#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY" -EOF -msg_ok "Installed GeoIP" - -msg_info "Installing Python Dependencies" -cd /opt/authentik -$STD pip3 install --upgrade pip -$STD pip3 install poetry poetry-plugin-export -ln -s /usr/local/bin/poetry /usr/bin/poetry -$STD poetry install --only=main --no-ansi --no-interaction --no-root -$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt -$STD pip install --no-cache-dir -r requirements.txt -$STD pip install . -msg_ok "Installed Python Dependencies" - msg_info "Installing Redis" $STD apt-get install -y redis-server systemctl enable -q --now redis-server @@ -145,6 +106,29 @@ $STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;" msg_ok "Installed PostgreSQL" msg_info "Installing authentik" +RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') +mkdir -p /opt/authentik +wget -qO authentik.tar.gz "${RELEASE}" +tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite +cd /opt/authentik/website +$STD npm install +$STD npm run build-bundled +cd /opt/authentik/web +$STD npm install +$STD npm run build +echo "${RELEASE}" >/opt/${APPLICATION}_version.txt +cd /opt/authentik +$STD go mod download +$STD go build -o /go/authentik ./cmd/server +$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/ +cd /opt/authentik +$STD pip3 install --upgrade pip +$STD pip3 install poetry poetry-plugin-export +ln -s /usr/local/bin/poetry /usr/bin/poetry +$STD poetry install --only=main --no-ansi --no-interaction --no-root +$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt +$STD pip install --no-cache-dir -r requirements.txt +$STD pip install . mkdir -p /etc/authentik mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml $STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml @@ -156,9 +140,10 @@ ln -s /usr/bin/python3 /usr/bin/python ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn ln -s /usr/local/bin/celery /usr/bin/celery $STD bash /opt/authentik/lifecycle/ak migrate +cd ~ msg_ok "Installed authentik" -msg_info "Configuring Services" +msg_info "Creating Services" cat </etc/systemd/system/authentik-server.service [Unit] Description = authentik Server @@ -172,8 +157,7 @@ RestartSec=5 [Install] WantedBy=multi-user.target EOF -systemctl enable -q --now authentik-server -sleep 2 + cat </etc/systemd/system/authentik-worker.service [Unit] Description = authentik Worker @@ -188,13 +172,21 @@ RestartSec=5 [Install] WantedBy=multi-user.target EOF +systemctl enable -q --now authentik-server +sleep 2 systemctl enable -q --now authentik-worker -msg_ok "Configured Services" +msg_ok "Created Services" motd_ssh customize msg_info "Cleaning up" +rm -rf Python-3.12.1 +rm -rf Python.tgz +rm -rf go/ +rm -rf ${GO_RELEASE} +rm geoipupdate.deb +rm -rf authentik.tar.gz $STD apt-get -y remove yq $STD apt-get -y autoremove $STD apt-get -y autoclean