Merge 250ffddee7 into 5b38448107

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -31,13 +31,18 @@ Do not break established syntax in this file, as it is automatically updated by
 
 ### 🚀 Updated Scripts
 
-- Update Script: Remove Docker Compose Question [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#847](https://github.com/community-scripts/ProxmoxVE/pull/847))
 - Increase Size | Description & Download-URL of Debian VM [@MickLesk](https://github.com/MickLesk) ([#837](https://github.com/community-scripts/ProxmoxVE/pull/837))
+- Update Script: Remove Docker Compose Question [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#847](https://github.com/community-scripts/ProxmoxVE/pull/847))
 
 ### 🌐 Website
 
 - Bump nanoid from 3.3.7 to 3.3.8 in /frontend [@dependabot[bot]](https://github.com/dependabot[bot]) ([#845](https://github.com/community-scripts/ProxmoxVE/pull/845))
 
+### ❔ Unlabelled
+
+- Fix variable name for CT_TYPE override [@remz1337](https://github.com/remz1337) ([#855](https://github.com/community-scripts/ProxmoxVE/pull/855))
+- Keeps the same style after writing the SEARCH icon [@remz1337](https://github.com/remz1337) ([#851](https://github.com/community-scripts/ProxmoxVE/pull/851))
+
 ## 2024-12-13
 
 ### Changed

ct/authentik.sh

@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+function header_info {
+  clear
+  cat <<"EOF"
+    ___         __  __               __  _ __  
+   /   | __  __/ /_/ /_  ___  ____  / /_(_) /__
+  / /| |/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/
+ / ___ / /_/ / /_/ / / /  __/ / / / /_/ / ,<   
+/_/  |_\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_|  
+                                               
+EOF
+}
+header_info
+echo -e "Loading..."
+APP="authentik"
+var_disk="15"
+var_cpu="6"
+var_ram="8192"
+var_os="debian"
+var_version="12"
+variables
+color
+catch_errors
+
+function default_settings() {
+  CT_TYPE="1"
+  PW=""
+  CT_ID=$NEXTID
+  HN=$NSAPP
+  DISK_SIZE="$var_disk"
+  CORE_COUNT="$var_cpu"
+  RAM_SIZE="$var_ram"
+  BRG="vmbr0"
+  NET="dhcp"
+  GATE=""
+  APT_CACHER=""
+  APT_CACHER_IP=""
+  DISABLEIP6="no"
+  MTU=""
+  SD=""
+  NS=""
+  MAC=""
+  VLAN=""
+  SSH="no"
+  VERB="no"
+  echo_default
+}
+
+function update_script() {
+header_info
+check_container_storage
+check_container_resources
+if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No ${APP} Installation Found!"; exit; fi
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+  msg_info "Stopping ${APP}"
+  systemctl stop authentik-server
+  systemctl stop authentik-worker
+  msg_ok "Stopped ${APP}"
+
+  msg_info "Building ${APP} website"
+  mkdir -p /opt/authentik
+  wget -qO authentik.tar.gz "${RELEASE}"
+  tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+  rm -rf authentik.tar.gz
+  cd /opt/authentik/website
+  npm install &>/dev/null
+  npm run build-bundled &>/dev/null
+  cd /opt/authentik/web
+  npm install &>/dev/null
+  npm run build &>/dev/null
+  msg_ok "Built ${APP} website"
+
+  msg_info "Installing Python Dependencies"
+  cd /opt/authentik
+  poetry install --only=main --no-ansi --no-interaction --no-root &>/dev/null
+  poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt &>/dev/null
+  pip install --no-cache-dir -r requirements.txt &>/dev/null
+  pip install . &>/dev/null
+  msg_ok "Installed Python Dependencies"
+
+  msg_info "Updating ${APP} to v${RELEASE} (Patience)" 
+  cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+  bash /opt/authentik/lifecycle/ak migrate &>/dev/null
+  echo "${RELEASE}" >/opt/${APP}_version.txt
+  msg_ok "Updated ${APP} to v${RELEASE}"
+
+  msg_info "Starting ${APP}"
+  systemctl start authentik-server
+  systemctl start authentik-worker
+  msg_ok "Started ${APP}"
+else
+  msg_ok "No update required. ${APP} is already at v${RELEASE}"
+fi
+exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"

install/authentik-install.sh

@@ -0,0 +1,193 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: tteck (tteckster)
+# Co-Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y \
+  curl \
+  sudo \
+  mc \
+  gpg \
+  pkg-config \
+  libffi-dev \
+  build-essential \
+  libpq-dev \
+  libkrb5-dev \
+  libssl-dev \
+  libsqlite3-dev \
+  tk-dev \
+  libgdbm-dev \
+  libc6-dev \
+  libbz2-dev \
+  zlib1g-dev \
+  libxmlsec1 \
+  libxmlsec1-dev \
+  libxmlsec1-openssl \
+  libmaxminddb0 \
+  python3-pip \
+  git
+msg_ok "Installed Dependencies"
+
+msg_info "Installing yq"
+YQ_LATEST="$(wget -qO- "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')"
+$STD wget "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_linux_amd64" -qO /usr/bin/yq
+chmod +x /usr/bin/yq
+msg_ok "Installed yq"
+
+msg_info "Installing GeoIP"
+GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb
+$STD dpkg -i geoipupdate.deb
+cat <<EOF >/etc/GeoIP.conf
+#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
+#GEOIPUPDATE_VERBOSE="1"
+#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID"
+#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY"
+EOF
+msg_ok "Installed GeoIP"
+
+msg_info "Setting up Python 3"
+wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz
+tar -zxf Python.tgz
+cd Python-3.12.1
+$STD ./configure --enable-optimizations
+$STD make altinstall
+cd ~
+$STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1
+msg_ok "Setup Python 3"
+
+msg_info "Setting up Node.js Repository"
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" >/etc/apt/sources.list.d/nodesource.list
+msg_ok "Set up Node.js Repository"
+
+msg_info "Installing Node.js"
+$STD apt-get update
+$STD apt-get install -y nodejs
+msg_ok "Installed Node.js"
+
+msg_info "Installing Golang"
+set +o pipefail
+GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz")
+wget -q https://golang.org/dl/${GO_RELEASE}
+tar -xzf ${GO_RELEASE} -C /usr/local
+ln -s /usr/local/go/bin/go /usr/bin/go
+set -o pipefail
+msg_ok "Installed Golang"
+
+msg_info "Installing Redis"
+$STD apt-get install -y redis-server
+systemctl enable -q --now redis-server
+msg_ok "Installed Redis"
+
+msg_info "Installing PostgreSQL"
+$STD apt-get install -y postgresql postgresql-contrib
+DB_NAME="authentik"
+DB_USER="authentik"
+DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" 
+$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
+$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
+msg_ok "Installed PostgreSQL"
+
+msg_info "Installing authentik"
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+mkdir -p /opt/authentik
+wget -qO authentik.tar.gz "${RELEASE}"
+tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+cd /opt/authentik/website
+$STD npm install
+$STD npm run build-bundled
+cd /opt/authentik/web
+$STD npm install
+$STD npm run build
+echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
+cd /opt/authentik
+$STD go mod download
+$STD go build -o /go/authentik ./cmd/server
+$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/
+cd /opt/authentik
+$STD pip3 install --upgrade pip
+$STD pip3 install poetry poetry-plugin-export
+ln -s /usr/local/bin/poetry /usr/bin/poetry
+$STD poetry install --only=main --no-ansi --no-interaction --no-root
+$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt
+$STD pip install --no-cache-dir -r requirements.txt
+$STD pip install .
+mkdir -p /etc/authentik
+mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
+$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml
+$STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml
+$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml
+cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
+ln -s /usr/bin/python3 /usr/bin/python
+ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
+ln -s /usr/local/bin/celery /usr/bin/celery
+$STD bash /opt/authentik/lifecycle/ak migrate
+cd ~
+msg_ok "Installed authentik"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/authentik-server.service
+[Unit]
+Description = authentik Server
+
+[Service]
+ExecStart=/opt/authentik/authentik-server
+WorkingDirectory=/opt/authentik/
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF >/etc/systemd/system/authentik-worker.service
+[Unit]
+Description = authentik Worker
+
+[Service]
+Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings"
+ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events
+WorkingDirectory=/opt/authentik/authentik
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now authentik-server
+sleep 2
+systemctl enable -q --now authentik-worker
+msg_ok "Created Services"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+rm -rf Python-3.12.1
+rm -rf Python.tgz
+rm -rf go/
+rm -rf ${GO_RELEASE}
+rm geoipupdate.deb
+rm -rf authentik.tar.gz
+$STD apt-get -y remove yq
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"

json/authentik.json

@@ -0,0 +1,39 @@
+{
+    "name": "authentik",
+    "slug": "authentik",
+    "categories": [
+        11
+    ],
+    "date_created": "2024-11-06",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 9000,
+    "documentation": "https://docs.goauthentik.io/docs/",
+    "website": "https://goauthentik.io/",
+    "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png",
+    "description": "authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/authentik.sh",
+            "resources": {
+                "cpu": 6,
+                "ram": 8192,
+                "hdd": 12,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Initial configuration at http://<IP>:9000/if/flow/initial-setup/",
+            "type": "info"
+        }
+    ]
+}

misc/build.func

@@ -204,7 +204,7 @@ base_settings() {
   TAGS="community-script;"
   
   # Override default settings with variables from ct script
-  CT_TYPE=${var_privileged:-$CT_TYPE}
+  CT_TYPE=${var_unprivileged:-$CT_TYPE}
   DISK_SIZE=${var_disk:-$DISK_SIZE}
   CORE_COUNT=${var_cpu:-$CORE_COUNT}
   RAM_SIZE=${var_ram:-$RAM_SIZE}
@@ -611,7 +611,7 @@ install_script() {
         ;;
       2)
         header_info
-        echo -e "${DEFAULT}${BOLD}${BL}Using Default Settings (${SEARCH} Verbose)${CL}"
+        echo -e "${DEFAULT}${BOLD}${BL}Using Default Settings (${SEARCH}${BOLD}${BL} Verbose)${CL}"
         VERB="yes"
         base_settings "$VERB"  
         echo_default