From b05858c6e9d7b55fd17310299cd35b7c65d7bc8d Mon Sep 17 00:00:00 2001 From: Dave Yap Date: Mon, 10 Feb 2025 16:29:38 +0800 Subject: [PATCH] New Script: Zitadel (#2141) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Create zitadel-install.sh * Create zitadel.json * Create zitadel.sh * Update zitadel.sh Edit reference back to upstream build.func * Update zitadel.json Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel.sh * Update zitadel-install.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel-install.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> * Update zitadel.sh Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com> * Update zitadel.json Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com> * Use declared variables in config files * Remove other architectures * Update to fit changes requested Include mc for install; removal of variable ARCH and put into direct links; correct the default resources required * Update zitadel.sh Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com> * Update zitadel-install.sh Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com> * Update zitadel-install.sh Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com> * Made changes to fit suggestions * Update zitadel-install.sh correct version output * Update zitadel-install.sh * Update path for version.txt * Set update part default to our project defaults * Update zitadel.sh, Remove v befor ${RELEASE} * Update zitadel-install.sh --------- Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com> Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com> --- ct/zitadel.sh | 70 +++++++++++++++++ install/zitadel-install.sh | 155 +++++++++++++++++++++++++++++++++++++ json/zitadel.json | 43 ++++++++++ 3 files changed, 268 insertions(+) create mode 100644 ct/zitadel.sh create mode 100644 install/zitadel-install.sh create mode 100644 json/zitadel.json diff --git a/ct/zitadel.sh b/ct/zitadel.sh new file mode 100644 index 00000000..f4fc322f --- /dev/null +++ b/ct/zitadel.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2025 community-scripts ORG +# Author: dave-yap (dave-yap) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://zitadel.com/ + +# App Default Values +APP="Zitadel" +var_tags="identity-provider" +var_cpu="1" +var_ram="1024" +var_disk="8" +var_os="debian" +var_version="12" +var_unprivileged="1" + +# App Output & Base Settings +header_info "$APP" +base_settings + +# Core +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -f /etc/systemd/system/zitadel.service ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') + if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt | grep -oP '\d+\.\d+\.\d+')" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then + msg_info "Stopping $APP" + systemctl stop zitadel + msg_ok "Stopped $APP" + + msg_info "Updating $APP to ${RELEASE}" + cd /tmp + wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz + mv zitadel-linux-amd64/zitadel /usr/local/bin + zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml --init-projections=true &>/dev/null + echo "${RELEASE}" >/opt/${APP}_version.txt + msg_ok "Updated $APP to ${RELEASE}" + + msg_info "Starting $APP" + systemctl start zitadel + msg_ok "Started $APP" + + msg_info "Cleaning Up" + rm -rf /tmp/zitadel-linux-amd64 + msg_ok "Cleanup Completed" + msg_ok "Update Successful" + else + msg_ok "No update required. ${APP} is already at ${RELEASE}" + fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}" diff --git a/install/zitadel-install.sh b/install/zitadel-install.sh new file mode 100644 index 00000000..6ee097ca --- /dev/null +++ b/install/zitadel-install.sh @@ -0,0 +1,155 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: dave-yap +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y \ + curl \ + sudo \ + mc \ + ca-certificates \ + wget +msg_ok "Installed Dependecies" + +msg_info "Installing Postgresql" +$STD apt-get install -y postgresql postgresql-common +DB_NAME="zitadel" +DB_USER="zitadel" +DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) +DB_ADMIN_USER="root" +DB_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) +systemctl start postgresql +$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;" +{ + echo "Application Credentials" + echo "DB_NAME: $DB_NAME" + echo "DB_USER: $DB_USER" + echo "DB_PASS: $DB_PASS" + echo "DB_ADMIN_USER: $DB_ADMIN_USER" + echo "DB_ADMIN_PASS: $DB_ADMIN_PASS" +} >> ~/zitadel.creds +msg_ok "Installed PostgreSQL" + +msg_info "Installing Zitadel" +RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') +wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz +mv zitadel-linux-amd64/zitadel /usr/local/bin +echo "${RELEASE}" >"/opt/zitadel_version.txt" +msg_ok "Installed Zitadel" + +msg_info "Setting up Zitadel Environments" +mkdir -p /opt/zitadel +echo "/opt/zitadel/config.yaml" > "/opt/zitadel/.config" +head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') > "/opt/zitadel/.masterkey" +{ + echo "Config location: $(cat "/opt/zitadel/.config")" + echo "Masterkey: $(cat "/opt/zitadel/.masterkey")" +} >> ~/zitadel.creds +cat </opt/zitadel/config.yaml +Port: 8080 +ExternalPort: 8080 +ExternalDomain: localhost +ExternalSecure: false +TLS: + Enabled: false + KeyPath: "" + Key: "" + CertPath: "" + Cert: "" + +Database: + postgres: + Host: localhost + Port: 5432 + Database: ${DB_NAME} + User: + Username: ${DB_USER} + Password: ${DB_PASS} + SSL: + Mode: disable + RootCert: "" + Cert: "" + Key: "" + Admin: + Username: ${DB_ADMIN_USER} + Password: ${DB_ADMIN_PASS} + SSL: + Mode: disable + RootCert: "" + Cert: "" + Key: "" +EOF +msg_ok "Installed Zitadel Enviroments" + +msg_info "Creating Services" +cat </etc/systemd/system/zitadel.service +[Unit] +Description=ZITADEL Identiy Server +After=network.target postgresql.service +Wants=postgresql.service + +[Service] +Type=simple +User=zitadel +Group=zitadel +ExecStart=/usr/local/bin/zitadel start --masterkeyFile "/opt/zitadel/.masterkey" --config "/opt/zitadel/config.yaml" +Restart=always +RestartSec=5 +TimeoutStartSec=0 + +# Security Hardening options +ProtectSystem=full +ProtectHome=true +PrivateTmp=true +NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q zitadel.service +msg_ok "Created Services" + +msg_info "Zitadel initial setup" +zitadel start-from-init --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null & +sleep 60 +kill $(lsof -i | awk '/zitadel/ {print $2}' | head -n1) +useradd zitadel +echo -e "$(zitadel -v | grep -oP 'v\d+\.\d+\.\d+')" > /opt/Zitadel_version.txt +msg_ok "Zitadel initialized" + +msg_info "Set ExternalDomain to current IP and restart Zitadel" +IP=$(ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1) +sed -i "0,/localhost/s/localhost/${IP}/" /opt/zitadel/config.yaml +systemctl stop -q zitadel.service +zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null +systemctl restart -q zitadel.service +msg_ok "Zitadel restarted with ExternalDomain set to current IP" + +msg_info "Create zitadel-rerun.sh" +cat <~/zitadel-rerun.sh +systemctl stop zitadel.service +timeout --kill-after=5s 15s zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml +systemctl restart zitadel.service +EOF +msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml" + +motd_ssh +customize + +msg_info "Cleaning up" +rm -rf ~/zitadel-linux-amd64 +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" diff --git a/json/zitadel.json b/json/zitadel.json new file mode 100644 index 00000000..b2cec903 --- /dev/null +++ b/json/zitadel.json @@ -0,0 +1,43 @@ +{ + "name": "Zitadel", + "slug": "Zitadel", + "categories": [ + 6 + ], + "date_created": "2025-02-07", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 8080, + "documentation": "https://zitadel.com/docs/guides/overview", + "website": "https://zitadel.com", + "logo": "https://zitadel.com/zitadel-logo-dark.svg", + "description": "Zitadel is an open-source identity and access management (IAM) solution designed to provide secure authentication, authorization, and user management for modern applications and services. Built with a focus on flexibility, scalability, and security, Zitadel offers a comprehensive set of features for developers and organizations looking to implement robust identity management.", + "install_methods": [ + { + "type": "default", + "script": "ct/zitadel.sh", + "resources": { + "cpu": 1, + "ram": 1024, + "hdd": 8, + "os": "debian", + "version": "12" + } + } + ], + "default_credentials": { + "username": "zitadel-admin@zitadel.localhost", + "password": "Password1!" + }, + "notes": [ + { + "text": "Application credentials: `cat ~/zitadel.creds`", + "type": "info" + }, + { + "text": "Change the ExternalDomain value in `/opt/zitadel/config.yaml` to your domain/hostname/IP and run `bash zitadel-rerun.sh`", + "type": "info" + } + ] +} \ No newline at end of file