Merge 6d650b679d into 8c1b48453c

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -16,6 +16,14 @@ All LXC instances created using this repository come pre-installed with Midnight
 > [!IMPORTANT]
 Do not break established syntax in this file, as it is automatically updated by a Github Workflow
 
+## 2024-12-13
+
+### Changed
+
+### 🚀 Updated Scripts
+
+- Fix config bug in Alpine Vaultwarden [@havardthom](https://github.com/havardthom) ([#775](https://github.com/community-scripts/ProxmoxVE/pull/775))
+
 ## 2024-12-12
 
 ### Changed

ct/authentik.sh

@@ -0,0 +1,110 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+function header_info {
+  clear
+  cat <<"EOF"
+    ___         __  __               __  _ __  
+   /   | __  __/ /_/ /_  ___  ____  / /_(_) /__
+  / /| |/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/
+ / ___ / /_/ / /_/ / / /  __/ / / / /_/ / ,<   
+/_/  |_\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_|  
+                                               
+EOF
+}
+header_info
+echo -e "Loading..."
+APP="authentik"
+var_disk="12"
+var_cpu="6"
+var_ram="8192"
+var_os="debian"
+var_version="12"
+variables
+color
+catch_errors
+
+function default_settings() {
+  CT_TYPE="1"
+  PW=""
+  CT_ID=$NEXTID
+  HN=$NSAPP
+  DISK_SIZE="$var_disk"
+  CORE_COUNT="$var_cpu"
+  RAM_SIZE="$var_ram"
+  BRG="vmbr0"
+  NET="dhcp"
+  GATE=""
+  APT_CACHER=""
+  APT_CACHER_IP=""
+  DISABLEIP6="no"
+  MTU=""
+  SD=""
+  NS=""
+  MAC=""
+  VLAN=""
+  SSH="no"
+  VERB="no"
+  echo_default
+}
+
+function update_script() {
+header_info
+check_container_storage
+check_container_resources
+if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No ${APP} Installation Found!"; exit; fi
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+  msg_info "Stopping ${APP}"
+  systemctl stop authentik-server
+  systemctl stop authentik-worker
+  msg_ok "Stopped ${APP}"
+
+  msg_info "Building ${APP} website"
+  mkdir -p /opt/authentik
+  wget -qO authentik.tar.gz "${RELEASE}"
+  tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+  rm -rf authentik.tar.gz
+  cd /opt/authentik/website
+  npm install &>/dev/null
+  npm run build-bundled &>/dev/null
+  cd /opt/authentik/web
+  npm install &>/dev/null
+  npm run build &>/dev/null
+  msg_ok "Built ${APP} website"
+
+  msg_info "Installing Python Dependencies"
+  cd /opt/authentik
+  poetry install --only=main --no-ansi --no-interaction --no-root &>/dev/null
+  poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt &>/dev/null
+  pip install --no-cache-dir -r requirements.txt &>/dev/null
+  pip install . &>/dev/null
+  msg_ok "Installed Python Dependencies"
+
+  msg_info "Updating ${APP} to v${RELEASE} (Patience)" 
+  cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+  bash /opt/authentik/lifecycle/ak migrate &>/dev/null
+  echo "${RELEASE}" >/opt/${APP}_version.txt
+  msg_ok "Updated ${APP} to v${RELEASE}"
+
+  msg_info "Starting ${APP}"
+  systemctl start authentik-server
+  systemctl start authentik-worker
+  msg_ok "Started ${APP}"
+else
+  msg_ok "No update required. ${APP} is already at v${RELEASE}"
+fi
+exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${APP} should be reachable by going to the following URL.
+         ${BL}http://${IP}:9000/if/flow/initial-setup/${CL} \n"

install/alpine-vaultwarden-install.sh

@@ -25,7 +25,9 @@ msg_ok "Installed Dependencies"
 
 msg_info "Installing Alpine-Vaultwarden"
 $STD apk add vaultwarden
-sed -i -e 's/# export ADMIN_TOKEN=.*/export ADMIN_TOKEN='\'''\''/' -e '/^# export ROCKET_ADDRESS=0\.0\.0\.0/s/^# //' -e 's|export WEB_VAULT_ENABLED=.*|export WEB_VAULT_ENABLED=true|' /etc/conf.d/vaultwarden
+sed -i -e 's|export WEB_VAULT_ENABLED=.*|export WEB_VAULT_ENABLED=true|' /etc/conf.d/vaultwarden
+echo -e "export ADMIN_TOKEN=''" >>/etc/conf.d/vaultwarden
+echo -e "export ROCKET_ADDRESS=0.0.0.0" >>/etc/conf.d/vaultwarden
 msg_ok "Installed Alpine-Vaultwarden"
 
 msg_info "Installing Web-Vault"

install/authentik-install.sh

@@ -0,0 +1,201 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: tteck (tteckster)
+# Co-Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y --no-install-recommends \
+  curl \
+  sudo \
+  mc \
+  gpg \
+  pkg-config \
+  libffi-dev \
+  build-essential \
+  libpq-dev \
+  libkrb5-dev \
+  libssl-dev \
+  libsqlite3-dev \
+  tk-dev \
+  libgdbm-dev \
+  libc6-dev \
+  libbz2-dev \
+  zlib1g-dev \
+  libxmlsec1 \
+  libxmlsec1-dev \
+  libxmlsec1-openssl \
+  libmaxminddb0 \
+  python3-pip \
+  git
+msg_ok "Installed Dependencies"
+
+msg_info "Installing yq"
+YQ_LATEST="$(wget -qO- "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')"
+$STD wget "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_linux_amd64" -qO /usr/bin/yq
+chmod +x /usr/bin/yq
+msg_ok "Installed yq"
+
+msg_info "Installing Python 3.12"
+wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz
+tar -zxf Python.tgz
+cd Python-3.12.1
+$STD ./configure --enable-optimizations
+$STD make altinstall
+cd ~
+rm -rf Python-3.12.1
+rm -rf Python.tgz
+$STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1
+msg_ok "Installed Python 3.12"
+
+msg_info "Setting up Node.js Repository"
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" >/etc/apt/sources.list.d/nodesource.list
+msg_ok "Set up Node.js Repository"
+
+msg_info "Installing Node.js"
+$STD apt-get update
+$STD apt-get install -y nodejs
+msg_ok "Installed Node.js"
+
+msg_info "Installing Golang"
+set +o pipefail
+GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz")
+wget -q https://golang.org/dl/${GO_RELEASE}
+tar -xzf ${GO_RELEASE} -C /usr/local
+ln -s /usr/local/go/bin/go /usr/bin/go
+rm -rf go/
+rm -rf ${GO_RELEASE}
+set -o pipefail
+msg_ok "Installed Golang"
+
+msg_info "Building authentik website"
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+mkdir -p /opt/authentik
+wget -qO authentik.tar.gz "${RELEASE}"
+tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+rm -rf authentik.tar.gz
+cd /opt/authentik/website
+$STD npm install
+$STD npm run build-bundled
+cd /opt/authentik/web
+$STD npm install
+$STD npm run build
+echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
+msg_ok "Built authentik website"
+
+msg_info "Building Go Proxy"
+cd /opt/authentik
+$STD go mod download
+$STD go build -o /go/authentik ./cmd/server
+$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/
+msg_ok "Built Go Proxy"
+
+msg_info "Installing GeoIP"
+cd ~
+GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb
+$STD dpkg -i geoipupdate.deb
+rm geoipupdate.deb
+cat <<EOF >/etc/GeoIP.conf
+#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
+#GEOIPUPDATE_VERBOSE="1"
+#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID"
+#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY"
+EOF
+msg_ok "Installed GeoIP"
+
+msg_info "Installing Python Dependencies"
+cd /opt/authentik
+$STD pip3 install --upgrade pip
+$STD pip3 install poetry poetry-plugin-export
+ln -s /usr/local/bin/poetry /usr/bin/poetry
+$STD poetry install --only=main --no-ansi --no-interaction --no-root
+$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt
+$STD pip install --no-cache-dir -r requirements.txt
+$STD pip install .
+msg_ok "Installed Python Dependencies"
+
+msg_info "Installing Redis"
+$STD apt-get install -y redis-server
+systemctl enable -q --now redis-server
+msg_ok "Installed Redis"
+
+msg_info "Installing PostgreSQL"
+$STD apt-get install -y postgresql postgresql-contrib
+DB_NAME="authentik"
+DB_USER="authentik"
+DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" 
+$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
+$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
+msg_ok "Installed PostgreSQL"
+
+msg_info "Installing authentik"
+mkdir -p /etc/authentik
+mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
+$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml
+$STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml
+$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml
+cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
+ln -s /usr/bin/python3 /usr/bin/python
+ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
+ln -s /usr/local/bin/celery /usr/bin/celery
+$STD bash /opt/authentik/lifecycle/ak migrate
+msg_ok "Installed authentik"
+
+msg_info "Configuring Services"
+cat <<EOF >/etc/systemd/system/authentik-server.service
+[Unit]
+Description = authentik Server
+
+[Service]
+ExecStart=/opt/authentik/authentik-server
+WorkingDirectory=/opt/authentik/
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now authentik-server
+sleep 2
+cat <<EOF >/etc/systemd/system/authentik-worker.service
+[Unit]
+Description = authentik Worker
+
+[Service]
+Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings"
+ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events
+WorkingDirectory=/opt/authentik/authentik
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now authentik-worker
+msg_ok "Configured Services"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y remove yq
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"

json/authentik.json

@@ -0,0 +1,39 @@
+{
+    "name": "authentik",
+    "slug": "authentik",
+    "categories": [
+        11
+    ],
+    "date_created": "2024-11-06",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 9000,
+    "documentation": "https://docs.goauthentik.io/docs/",
+    "website": "https://goauthentik.io/",
+    "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png",
+    "description": "authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/authentik.sh",
+            "resources": {
+                "cpu": 6,
+                "ram": 8192,
+                "hdd": 12,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Initial configuration at http://<IP>:9000/if/flow/initial-setup/",
+            "type": "info"
+        }
+    ]
+}

json/vaultwarden.json

@@ -47,7 +47,7 @@
             "type": "warning"
         },
         {
-            "text": "Build Settings for normal LXC: 6GB RAM - 6GB Storage - 4vCPU",
+            "text": "To set the Admin Token, run the command below (or type update) in the LXC Console.",
             "type": "info"
         }
     ]