New Script: Zitadel (#2141)

* Create zitadel-install.sh

* Create zitadel.json

* Create zitadel.sh

* Update zitadel.sh

Edit reference back to upstream build.func

* Update zitadel.json

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel.sh

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel.sh

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel.sh

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel.sh

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel.sh

* Update zitadel-install.sh

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel-install.sh

Co-authored-by: Slaviša Arežina <[email protected]>

* Update zitadel.sh

Co-authored-by: bvdberg01 <[email protected]>

* Update zitadel.json

Co-authored-by: bvdberg01 <[email protected]>

* Use declared variables in config files

* Remove other architectures

* Update to fit changes requested

Include mc for install; removal of variable ARCH and put into direct links; correct the default resources required

* Update zitadel.sh

Co-authored-by: bvdberg01 <[email protected]>

* Update zitadel-install.sh

Co-authored-by: bvdberg01 <[email protected]>

* Update zitadel-install.sh

Co-authored-by: bvdberg01 <[email protected]>

* Made changes to fit suggestions

* Update zitadel-install.sh

correct version output

* Update zitadel-install.sh

* Update path for version.txt

* Set update part default to our project defaults

* Update zitadel.sh, Remove v befor ${RELEASE}

* Update zitadel-install.sh

---------

Co-authored-by: Slaviša Arežina <[email protected]>
Co-authored-by: bvdberg01 <[email protected]>
Co-authored-by: CanbiZ <[email protected]>
Co-authored-by: Michel Roegl-Brunner <[email protected]>

Author: 5 people

ct/zitadel.sh

@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: dave-yap (dave-yap)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://zitadel.com/
+
+# App Default Values
+APP="Zitadel"
+var_tags="identity-provider"
+var_cpu="1"
+var_ram="1024"
+var_disk="8"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+# App Output & Base Settings
+header_info "$APP"
+base_settings
+
+# Core
+variables
+color
+catch_errors
+
+function update_script() {
+    header_info
+    check_container_storage
+    check_container_resources
+    if [[ ! -f /etc/systemd/system/zitadel.service ]]; then
+        msg_error "No ${APP} Installation Found!"
+        exit
+    fi
+    RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r')
+    if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt | grep -oP '\d+\.\d+\.\d+')" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+        msg_info "Stopping $APP"
+        systemctl stop zitadel
+        msg_ok "Stopped $APP"
+        
+        msg_info "Updating $APP to ${RELEASE}"
+        cd /tmp
+        wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz
+        mv zitadel-linux-amd64/zitadel /usr/local/bin
+        zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml --init-projections=true &>/dev/null
+        echo "${RELEASE}" >/opt/${APP}_version.txt
+        msg_ok "Updated $APP to ${RELEASE}"
+
+        msg_info "Starting $APP"
+        systemctl start zitadel
+        msg_ok "Started $APP"
+
+        msg_info "Cleaning Up"
+        rm -rf /tmp/zitadel-linux-amd64
+        msg_ok "Cleanup Completed"
+        msg_ok "Update Successful"
+      else
+        msg_ok "No update required. ${APP} is already at ${RELEASE}"
+    fi
+    exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}"

install/zitadel-install.sh

@@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: dave-yap
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y \
+    curl \
+    sudo \
+    mc \
+    ca-certificates \
+    wget
+msg_ok "Installed Dependecies"
+
+msg_info "Installing Postgresql"
+$STD apt-get install -y postgresql postgresql-common
+DB_NAME="zitadel"
+DB_USER="zitadel"
+DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+DB_ADMIN_USER="root"
+DB_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+systemctl start postgresql
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
+{
+    echo "Application Credentials"
+    echo "DB_NAME: $DB_NAME"
+    echo "DB_USER: $DB_USER"
+    echo "DB_PASS: $DB_PASS"
+    echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+    echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+} >> ~/zitadel.creds
+msg_ok "Installed PostgreSQL"
+
+msg_info "Installing Zitadel"
+RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r')
+wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz
+mv zitadel-linux-amd64/zitadel /usr/local/bin
+echo "${RELEASE}" >"/opt/zitadel_version.txt"
+msg_ok "Installed Zitadel"
+
+msg_info "Setting up Zitadel Environments"
+mkdir -p /opt/zitadel
+echo "/opt/zitadel/config.yaml" > "/opt/zitadel/.config"
+head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') > "/opt/zitadel/.masterkey"
+{
+    echo "Config location: $(cat "/opt/zitadel/.config")"
+    echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
+} >> ~/zitadel.creds
+cat <<EOF >/opt/zitadel/config.yaml
+Port: 8080
+ExternalPort: 8080
+ExternalDomain: localhost
+ExternalSecure: false
+TLS:
+  Enabled: false
+  KeyPath: ""
+  Key: ""
+  CertPath: ""
+  Cert: ""
+
+Database:
+  postgres:
+    Host: localhost
+    Port: 5432
+    Database: ${DB_NAME}
+    User:
+      Username: ${DB_USER}
+      Password: ${DB_PASS}
+      SSL:
+        Mode: disable
+        RootCert: ""
+        Cert: ""
+        Key: ""
+    Admin:
+      Username: ${DB_ADMIN_USER}
+      Password: ${DB_ADMIN_PASS}
+      SSL:
+        Mode: disable
+        RootCert: ""
+        Cert: ""
+        Key: ""
+EOF
+msg_ok "Installed Zitadel Enviroments"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/zitadel.service
+[Unit]
+Description=ZITADEL Identiy Server
+After=network.target postgresql.service
+Wants=postgresql.service
+
+[Service]
+Type=simple
+User=zitadel
+Group=zitadel
+ExecStart=/usr/local/bin/zitadel start --masterkeyFile "/opt/zitadel/.masterkey" --config "/opt/zitadel/config.yaml"
+Restart=always
+RestartSec=5
+TimeoutStartSec=0
+
+# Security Hardening options
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q zitadel.service
+msg_ok "Created Services"
+
+msg_info "Zitadel initial setup"
+zitadel start-from-init --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null &
+sleep 60
+kill $(lsof -i | awk '/zitadel/ {print $2}' | head -n1)
+useradd zitadel
+echo -e "$(zitadel -v | grep -oP 'v\d+\.\d+\.\d+')" > /opt/Zitadel_version.txt
+msg_ok "Zitadel initialized"
+
+msg_info "Set ExternalDomain to current IP and restart Zitadel"
+IP=$(ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1)
+sed -i "0,/localhost/s/localhost/${IP}/" /opt/zitadel/config.yaml
+systemctl stop -q zitadel.service
+zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null 
+systemctl restart -q zitadel.service
+msg_ok "Zitadel restarted with ExternalDomain set to current IP"
+
+msg_info "Create zitadel-rerun.sh"
+cat <<EOF >~/zitadel-rerun.sh
+systemctl stop zitadel.service
+timeout --kill-after=5s 15s zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml
+systemctl restart zitadel.service
+EOF
+msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+rm -rf ~/zitadel-linux-amd64
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"

json/zitadel.json

@@ -0,0 +1,43 @@
+{
+    "name": "Zitadel",
+    "slug": "Zitadel",
+    "categories": [
+        6
+    ],
+    "date_created": "2025-02-07",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 8080,
+    "documentation": "https://zitadel.com/docs/guides/overview",
+    "website": "https://zitadel.com",
+    "logo": "https://zitadel.com/zitadel-logo-dark.svg",
+    "description": "Zitadel is an open-source identity and access management (IAM) solution designed to provide secure authentication, authorization, and user management for modern applications and services. Built with a focus on flexibility, scalability, and security, Zitadel offers a comprehensive set of features for developers and organizations looking to implement robust identity management.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/zitadel.sh",
+            "resources": {
+                "cpu": 1,
+                "ram": 1024,
+                "hdd": 8,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": "[email protected]",
+        "password": "Password1!"
+    },
+    "notes": [
+        {
+            "text": "Application credentials: `cat ~/zitadel.creds`",
+            "type": "info"
+        },
+        {
+            "text": "Change the ExternalDomain value in `/opt/zitadel/config.yaml` to your domain/hostname/IP and run `bash zitadel-rerun.sh`",
+            "type": "info"
+        }
+    ]
+}