new scripts for Authentik

remz1337 · remz1337 · commit 44e9a0d37a4a · 2024-11-16T15:46:33.000-05:00
diff --git a/ct/authentik.sh b/ct/authentik.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 tteck
+# Author: tteck (tteckster)
+# Co-Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+function header_info {
+  clear
+  cat <<"EOF"
+    ___         __  __               __  _ __  
+   /   | __  __/ /_/ /_  ___  ____  / /_(_) /__
+  / /| |/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/
+ / ___ / /_/ / /_/ / / /  __/ / / / /_/ / ,<   
+/_/  |_\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_|  
+                                               
+EOF
+}
+header_info
+echo -e "Loading..."
+APP="Authentik"
+var_disk="12"
+var_cpu="6"
+var_ram="8192"
+var_os="debian"
+var_version="12"
+variables
+color
+catch_errors
+
+function default_settings() {
+  CT_TYPE="1"
+  PW=""
+  CT_ID=$NEXTID
+  HN=$NSAPP
+  DISK_SIZE="$var_disk"
+  CORE_COUNT="$var_cpu"
+  RAM_SIZE="$var_ram"
+  BRG="vmbr0"
+  NET="dhcp"
+  GATE=""
+  APT_CACHER=""
+  APT_CACHER_IP=""
+  DISABLEIP6="no"
+  MTU=""
+  SD=""
+  NS=""
+  MAC=""
+  VLAN=""
+  SSH="no"
+  VERB="no"
+  echo_default
+}
+
+function update_script() {
+header_info
+check_container_storage
+check_container_resources
+if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then msg_error "No ${APP} Installation Found!"; exit; fi
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+  whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "SET RESOURCES" "Please set the resources in your ${APP} LXC to ${var_cpu}vCPU and ${var_ram}RAM for the build process before continuing" 10 75
+  msg_info "Stopping Authentik"
+  systemctl stop authentik-server
+  systemctl stop authentik-worker
+  msg_ok "Stopped Authentik"
+
+  msg_info "Building Authentik website"
+  mkdir -p /opt/authentik
+  wget -qO authentik.tar.gz "${RELEASE}"
+  tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+  rm -rf authentik.tar.gz
+  cd /opt/authentik/website
+  npm install >/dev/null 2>&1
+  npm run build-bundled >/dev/null 2>&1
+  cd /opt/authentik/web
+  npm install >/dev/null 2>&1
+  npm run build >/dev/null 2>&1
+  msg_ok "Built Authentik website"
+
+  msg_info "Installing Python Dependencies"
+  cd /opt/authentik
+  poetry install --only=main --no-ansi --no-interaction --no-root >/dev/null 2>&1
+  poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt >/dev/null 2>&1
+  pip install --no-cache-dir -r requirements.txt >/dev/null 2>&1
+  pip install . >/dev/null 2>&1
+  msg_ok "Installed Python Dependencies"
+
+  msg_info "Updating ${APP} to v${RELEASE} (Patience)" 
+  cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+  cd /opt/authentik
+  bash /opt/authentik/lifecycle/ak migrate >/dev/null 2>&1
+  echo "${RELEASE}" >/opt/${APP}_version.txt
+  msg_ok "Updated ${APP} to v${RELEASE}"
+
+  msg_info "Starting Authentik"
+  systemctl start authentik-server
+  systemctl start authentik-worker
+  msg_ok "Started Authentik"
+  echo -e "\n ⚠️  Ensure you set resources back to normal settings \n"
+else
+  msg_ok "No update required. ${APP} is already at ${RELEASE}"
+fi
+exit
+}
+
+start
+build_container
+description
+
+msg_info "Setting Container to Normal Resources"
+pct set $CTID -memory 1024
+pct set $CTID -cores 2
+msg_ok "Set Container to Normal Resources"
+msg_ok "Completed Successfully!\n"
+echo -e "${APP} should be reachable by going to the following URL.
+         ${BL}http://${IP}:9000/if/flow/initial-setup/${CL} \n"
diff --git a/install/authentik-install.sh b/install/authentik-install.sh
@@ -0,0 +1,185 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 tteck
+# Author: tteck (tteckster)
+# Co-Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y {curl,sudo,mc}
+$STD apt-get install -y gpg pkg-config libffi-dev
+$STD apt-get install -y --no-install-recommends build-essential libpq-dev libkrb5-dev
+$STD apt-get install -y libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev pkg-config libffi-dev zlib1g-dev libxmlsec1 libxmlsec1-dev libxmlsec1-openssl libmaxminddb0
+msg_ok "Installed Dependencies"
+
+msg_info "Installing yq"
+YQ_LATEST="$(wget -qO- "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')"
+$STD wget "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_linux_amd64" -qO /usr/bin/yq
+chmod +x /usr/bin/yq
+msg_ok "Installed yq"
+
+msg_info "Installing Python 3.12"
+wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz
+tar -zxf Python.tgz
+cd Python-3.12.1
+$STD ./configure --enable-optimizations
+$STD make altinstall
+$STD cd -
+$STD rm -rf Python-3.12.1
+$STD rm -rf Python.tgz
+$STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1
+msg_ok "Installed Python 3.12"
+
+NODE_VER="22"
+msg_info "Installing Node.js ${NODE_VER}"
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_VER}.x nodistro main" >/etc/apt/sources.list.d/nodesource.list
+$STD apt-get update
+$STD apt-get install -y nodejs
+msg_ok "Installed Node.js ${NODE_VER}"
+
+msg_info "Building Authentik website"
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+mkdir -p /opt/authentik
+$STD wget -qO authentik.tar.gz "${RELEASE}"
+tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+rm -rf authentik.tar.gz
+cd /opt/authentik/website
+$STD npm install
+$STD npm run build-bundled
+cd /opt/authentik/web
+$STD npm install
+$STD npm run build
+echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
+msg_ok "Built Authentik website"
+
+msg_info "Installing Golang"
+cd ~
+set +o pipefail
+GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz")
+$STD wget -q https://golang.org/dl/${GO_RELEASE}
+tar -xzf ${GO_RELEASE} -C /usr/local
+$STD ln -s /usr/local/go/bin/go /usr/bin/go
+rm -rf go/
+rm -rf ${GO_RELEASE}
+set -o pipefail
+msg_ok "Installed Golang"
+
+msg_info "Building Go Proxy"
+cd /opt/authentik
+$STD go mod download
+$STD go build -o /go/authentik ./cmd/server
+$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/
+msg_ok "Built Go Proxy"
+
+msg_info "Installing GeoIP"
+cd ~
+GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+$STD wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb
+$STD dpkg -i geoipupdate.deb
+rm geoipupdate.deb
+cat <<EOF >/etc/GeoIP.conf
+#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
+#GEOIPUPDATE_VERBOSE="1"
+#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID"
+#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY"
+EOF
+msg_ok "Installed GeoIP"
+
+msg_info "Installing Python Dependencies"
+cd /opt/authentik
+$STD apt install -y python3-pip
+$STD apt install -y git
+$STD pip3 install --upgrade pip
+$STD pip3 install poetry poetry-plugin-export
+$STD ln -s /usr/local/bin/poetry /usr/bin/poetry
+$STD poetry install --only=main --no-ansi --no-interaction --no-root
+$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt
+$STD pip install --no-cache-dir -r requirements.txt
+$STD pip install .
+msg_ok "Installed Python Dependencies"
+
+msg_info "Installing Redis"
+$STD apt install -y redis-server
+systemctl enable -q --now redis-server
+msg_ok "Installed Redis"
+
+msg_info "Installing PostgreSQL"
+$STD apt install -y postgresql postgresql-contrib
+DB_NAME="authentik"
+DB_USER="authentik"
+DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" 
+$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
+$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
+msg_ok "Installed PostgreSQL"
+
+msg_info "Installing Authentik"
+mkdir -p /etc/authentik
+cp /opt/authentik/authentik/lib/default.yml /opt/authentik/authentik/lib/default.yml.BAK
+mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
+$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml
+$STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml
+$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml
+cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
+$STD apt install -y python-is-python3
+$STD ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
+$STD ln -s /usr/local/bin/celery /usr/bin/celery
+cd /opt/authentik
+$STD bash /opt/authentik/lifecycle/ak migrate
+msg_ok "Installed Authentik"
+
+msg_info "Configuring Services"
+cat <<EOF >/etc/systemd/system/authentik-server.service
+[Unit]
+Description = Authentik Server
+[Service]
+ExecStart=/opt/authentik/authentik-server
+WorkingDirectory=/opt/authentik/
+#User=authentik
+#Group=authentik
+Restart=always
+RestartSec=5
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now authentik-server
+sleep 2
+cat <<EOF >/etc/systemd/system/authentik-worker.service
+[Unit]
+Description = Authentik Worker
+[Service]
+Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings"
+ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events
+WorkingDirectory=/opt/authentik/authentik
+#User=authentik
+#Group=authentik
+Restart=always
+RestartSec=5
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now authentik-worker
+sleep 5
+msg_ok "Configured Services"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"
diff --git a/json/authentik.json b/json/authentik.json
@@ -0,0 +1,39 @@
+{
+    "name": "Authentik",
+    "slug": "authentik",
+    "categories": [
+        11
+    ],
+    "date_created": "2024-11-06",
+    "type": "ct",
+    "updateable": false,
+    "privileged": false,
+    "interface_port": "9000",
+    "documentation": null,
+    "website": "https://goauthentik.io/",
+    "logo": "https://github.com/goauthentik/authentik/blob/main/website/static/img/icon.png",
+    "description": "Authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/authentik.sh",
+            "resources": {
+                "cpu": "6",
+                "ram": "8192",
+                "hdd": "12",
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Initial configuration at http://<IP>:9000/if/flow/initial-setup/",
+            "type": "warning"
+        }
+    ]
+}
