diff --git a/ct/authentik.sh b/ct/authentik.sh new file mode 100644 index 00000000..a2316765 --- /dev/null +++ b/ct/authentik.sh @@ -0,0 +1,110 @@ +#!/usr/bin/env bash +source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2024 community-scripts ORG +# Author: remz1337 +# License: MIT +# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +function header_info { + clear + cat <<"EOF" + ___ __ __ __ _ __ + / | __ __/ /_/ /_ ___ ____ / /_(_) /__ + / /| |/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/ + / ___ / /_/ / /_/ / / / __/ / / / /_/ / ,< +/_/ |_\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_| + +EOF +} +header_info +echo -e "Loading..." +APP="authentik" +var_disk="12" +var_cpu="6" +var_ram="8192" +var_os="debian" +var_version="12" +variables +color +catch_errors + +function default_settings() { + CT_TYPE="1" + PW="" + CT_ID=$NEXTID + HN=$NSAPP + DISK_SIZE="$var_disk" + CORE_COUNT="$var_cpu" + RAM_SIZE="$var_ram" + BRG="vmbr0" + NET="dhcp" + GATE="" + APT_CACHER="" + APT_CACHER_IP="" + DISABLEIP6="no" + MTU="" + SD="" + NS="" + MAC="" + VLAN="" + SSH="no" + VERB="no" + echo_default +} + +function update_script() { +header_info +check_container_storage +check_container_resources +if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No ${APP} Installation Found!"; exit; fi +RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') +if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then + msg_info "Stopping ${APP}" + systemctl stop authentik-server + systemctl stop authentik-worker + msg_ok "Stopped ${APP}" + + msg_info "Building ${APP} website" + mkdir -p /opt/authentik + wget -qO authentik.tar.gz "${RELEASE}" + tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite + rm -rf authentik.tar.gz + cd /opt/authentik/website + npm install &>/dev/null + npm run build-bundled &>/dev/null + cd /opt/authentik/web + npm install &>/dev/null + npm run build &>/dev/null + msg_ok "Built ${APP} website" + + msg_info "Installing Python Dependencies" + cd /opt/authentik + poetry install --only=main --no-ansi --no-interaction --no-root &>/dev/null + poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt &>/dev/null + pip install --no-cache-dir -r requirements.txt &>/dev/null + pip install . &>/dev/null + msg_ok "Installed Python Dependencies" + + msg_info "Updating ${APP} to v${RELEASE} (Patience)" + cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints + bash /opt/authentik/lifecycle/ak migrate &>/dev/null + echo "${RELEASE}" >/opt/${APP}_version.txt + msg_ok "Updated ${APP} to v${RELEASE}" + + msg_info "Starting ${APP}" + systemctl start authentik-server + systemctl start authentik-worker + msg_ok "Started ${APP}" +else + msg_ok "No update required. ${APP} is already at v${RELEASE}" +fi +exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${APP} should be reachable by going to the following URL. + ${BL}http://${IP}:9000/if/flow/initial-setup/${CL} \n" \ No newline at end of file diff --git a/install/authentik-install.sh b/install/authentik-install.sh new file mode 100644 index 00000000..4b1ea355 --- /dev/null +++ b/install/authentik-install.sh @@ -0,0 +1,201 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 community-scripts ORG +# Author: tteck (tteckster) +# Co-Author: remz1337 +# License: MIT +# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y --no-install-recommends \ + curl \ + sudo \ + mc \ + gpg \ + pkg-config \ + libffi-dev \ + build-essential \ + libpq-dev \ + libkrb5-dev \ + libssl-dev \ + libsqlite3-dev \ + tk-dev \ + libgdbm-dev \ + libc6-dev \ + libbz2-dev \ + zlib1g-dev \ + libxmlsec1 \ + libxmlsec1-dev \ + libxmlsec1-openssl \ + libmaxminddb0 \ + python3-pip \ + git +msg_ok "Installed Dependencies" + +msg_info "Installing yq" +YQ_LATEST="$(wget -qO- "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')" +$STD wget "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_linux_amd64" -qO /usr/bin/yq +chmod +x /usr/bin/yq +msg_ok "Installed yq" + +msg_info "Installing Python 3.12" +wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz +tar -zxf Python.tgz +cd Python-3.12.1 +$STD ./configure --enable-optimizations +$STD make altinstall +cd ~ +rm -rf Python-3.12.1 +rm -rf Python.tgz +$STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1 +msg_ok "Installed Python 3.12" + +msg_info "Setting up Node.js Repository" +mkdir -p /etc/apt/keyrings +curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg +echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" >/etc/apt/sources.list.d/nodesource.list +msg_ok "Set up Node.js Repository" + +msg_info "Installing Node.js" +$STD apt-get update +$STD apt-get install -y nodejs +msg_ok "Installed Node.js" + +msg_info "Installing Golang" +set +o pipefail +GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz") +wget -q https://golang.org/dl/${GO_RELEASE} +tar -xzf ${GO_RELEASE} -C /usr/local +ln -s /usr/local/go/bin/go /usr/bin/go +rm -rf go/ +rm -rf ${GO_RELEASE} +set -o pipefail +msg_ok "Installed Golang" + +msg_info "Building authentik website" +RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}') +mkdir -p /opt/authentik +wget -qO authentik.tar.gz "${RELEASE}" +tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite +rm -rf authentik.tar.gz +cd /opt/authentik/website +$STD npm install +$STD npm run build-bundled +cd /opt/authentik/web +$STD npm install +$STD npm run build +echo "${RELEASE}" >/opt/${APPLICATION}_version.txt +msg_ok "Built authentik website" + +msg_info "Building Go Proxy" +cd /opt/authentik +$STD go mod download +$STD go build -o /go/authentik ./cmd/server +$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/ +msg_ok "Built Go Proxy" + +msg_info "Installing GeoIP" +cd ~ +GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') +wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb +$STD dpkg -i geoipupdate.deb +rm geoipupdate.deb +cat </etc/GeoIP.conf +#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" +#GEOIPUPDATE_VERBOSE="1" +#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID" +#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY" +EOF +msg_ok "Installed GeoIP" + +msg_info "Installing Python Dependencies" +cd /opt/authentik +$STD pip3 install --upgrade pip +$STD pip3 install poetry poetry-plugin-export +ln -s /usr/local/bin/poetry /usr/bin/poetry +$STD poetry install --only=main --no-ansi --no-interaction --no-root +$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt +$STD pip install --no-cache-dir -r requirements.txt +$STD pip install . +msg_ok "Installed Python Dependencies" + +msg_info "Installing Redis" +$STD apt-get install -y redis-server +systemctl enable -q --now redis-server +msg_ok "Installed Redis" + +msg_info "Installing PostgreSQL" +$STD apt-get install -y postgresql postgresql-contrib +DB_NAME="authentik" +DB_USER="authentik" +DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" +$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" +$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;" +$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;" +msg_ok "Installed PostgreSQL" + +msg_info "Installing authentik" +mkdir -p /etc/authentik +mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml +$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml +$STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml +$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml +cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints +$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml +ln -s /usr/bin/python3 /usr/bin/python +ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn +ln -s /usr/local/bin/celery /usr/bin/celery +$STD bash /opt/authentik/lifecycle/ak migrate +msg_ok "Installed authentik" + +msg_info "Configuring Services" +cat </etc/systemd/system/authentik-server.service +[Unit] +Description = authentik Server + +[Service] +ExecStart=/opt/authentik/authentik-server +WorkingDirectory=/opt/authentik/ +Restart=always +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now authentik-server +sleep 2 +cat </etc/systemd/system/authentik-worker.service +[Unit] +Description = authentik Worker + +[Service] +Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings" +ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events +WorkingDirectory=/opt/authentik/authentik +Restart=always +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now authentik-worker +msg_ok "Configured Services" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get -y remove yq +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" \ No newline at end of file diff --git a/json/authentik.json b/json/authentik.json new file mode 100644 index 00000000..87103bb9 --- /dev/null +++ b/json/authentik.json @@ -0,0 +1,39 @@ +{ + "name": "authentik", + "slug": "authentik", + "categories": [ + 11 + ], + "date_created": "2024-11-06", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 9000, + "documentation": "https://docs.goauthentik.io/docs/", + "website": "https://goauthentik.io/", + "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png", + "description": "authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.", + "install_methods": [ + { + "type": "default", + "script": "ct/authentik.sh", + "resources": { + "cpu": 6, + "ram": 8192, + "hdd": 12, + "os": "debian", + "version": "12" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "Initial configuration at http://:9000/if/flow/initial-setup/", + "type": "info" + } + ] +} \ No newline at end of file