New Script: Zitadel (#2141)
* Create zitadel-install.sh
* Create zitadel.json
* Create zitadel.sh
* Update zitadel.sh
Edit reference back to upstream build.func
* Update zitadel.json
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
* Update zitadel-install.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel-install.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Update zitadel.json
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Use declared variables in config files
* Remove other architectures
* Update to fit changes requested
Include mc for install; removal of variable ARCH and put into direct links; correct the default resources required
* Update zitadel.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Update zitadel-install.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Update zitadel-install.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Made changes to fit suggestions
* Update zitadel-install.sh
correct version output
* Update zitadel-install.sh
* Update path for version.txt
* Set update part default to our project defaults
* Update zitadel.sh, Remove v befor ${RELEASE}
* Update zitadel-install.sh
---------
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com>
			
			
This commit is contained in:
		
							parent
							
								
									a481e89cad
								
							
						
					
					
						commit
						b05858c6e9
					
				
							
								
								
									
										70
									
								
								ct/zitadel.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										70
									
								
								ct/zitadel.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,70 @@ | ||||
| #!/usr/bin/env bash | ||||
| source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) | ||||
| # Copyright (c) 2021-2025 community-scripts ORG | ||||
| # Author: dave-yap (dave-yap) | ||||
| # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE | ||||
| # Source: https://zitadel.com/ | ||||
| 
 | ||||
| # App Default Values | ||||
| APP="Zitadel" | ||||
| var_tags="identity-provider" | ||||
| var_cpu="1" | ||||
| var_ram="1024" | ||||
| var_disk="8" | ||||
| var_os="debian" | ||||
| var_version="12" | ||||
| var_unprivileged="1" | ||||
| 
 | ||||
| # App Output & Base Settings | ||||
| header_info "$APP" | ||||
| base_settings | ||||
| 
 | ||||
| # Core | ||||
| variables | ||||
| color | ||||
| catch_errors | ||||
| 
 | ||||
| function update_script() { | ||||
|     header_info | ||||
|     check_container_storage | ||||
|     check_container_resources | ||||
|     if [[ ! -f /etc/systemd/system/zitadel.service ]]; then | ||||
|         msg_error "No ${APP} Installation Found!" | ||||
|         exit | ||||
|     fi | ||||
|     RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') | ||||
|     if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt | grep -oP '\d+\.\d+\.\d+')" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then | ||||
|         msg_info "Stopping $APP" | ||||
|         systemctl stop zitadel | ||||
|         msg_ok "Stopped $APP" | ||||
|          | ||||
|         msg_info "Updating $APP to ${RELEASE}" | ||||
|         cd /tmp | ||||
|         wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz | ||||
|         mv zitadel-linux-amd64/zitadel /usr/local/bin | ||||
|         zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml --init-projections=true &>/dev/null | ||||
|         echo "${RELEASE}" >/opt/${APP}_version.txt | ||||
|         msg_ok "Updated $APP to ${RELEASE}" | ||||
| 
 | ||||
|         msg_info "Starting $APP" | ||||
|         systemctl start zitadel | ||||
|         msg_ok "Started $APP" | ||||
| 
 | ||||
|         msg_info "Cleaning Up" | ||||
|         rm -rf /tmp/zitadel-linux-amd64 | ||||
|         msg_ok "Cleanup Completed" | ||||
|         msg_ok "Update Successful" | ||||
|       else | ||||
|         msg_ok "No update required. ${APP} is already at ${RELEASE}" | ||||
|     fi | ||||
|     exit | ||||
| } | ||||
| 
 | ||||
| start | ||||
| build_container | ||||
| description | ||||
| 
 | ||||
| msg_ok "Completed Successfully!\n" | ||||
| echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" | ||||
| echo -e "${INFO}${YW} Access it using the following URL:${CL}" | ||||
| echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}" | ||||
							
								
								
									
										155
									
								
								install/zitadel-install.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										155
									
								
								install/zitadel-install.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,155 @@ | ||||
| #!/usr/bin/env bash | ||||
| 
 | ||||
| # Copyright (c) 2021-2025 community-scripts ORG | ||||
| # Author: dave-yap | ||||
| # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE | ||||
| 
 | ||||
| source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" | ||||
| color | ||||
| verb_ip6 | ||||
| catch_errors | ||||
| setting_up_container | ||||
| network_check | ||||
| update_os | ||||
| 
 | ||||
| msg_info "Installing Dependencies (Patience)" | ||||
| $STD apt-get install -y \ | ||||
|     curl \ | ||||
|     sudo \ | ||||
|     mc \ | ||||
|     ca-certificates \ | ||||
|     wget | ||||
| msg_ok "Installed Dependecies" | ||||
| 
 | ||||
| msg_info "Installing Postgresql" | ||||
| $STD apt-get install -y postgresql postgresql-common | ||||
| DB_NAME="zitadel" | ||||
| DB_USER="zitadel" | ||||
| DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) | ||||
| DB_ADMIN_USER="root" | ||||
| DB_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) | ||||
| systemctl start postgresql | ||||
| $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" | ||||
| $STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;" | ||||
| $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;" | ||||
| { | ||||
|     echo "Application Credentials" | ||||
|     echo "DB_NAME: $DB_NAME" | ||||
|     echo "DB_USER: $DB_USER" | ||||
|     echo "DB_PASS: $DB_PASS" | ||||
|     echo "DB_ADMIN_USER: $DB_ADMIN_USER" | ||||
|     echo "DB_ADMIN_PASS: $DB_ADMIN_PASS" | ||||
| } >> ~/zitadel.creds | ||||
| msg_ok "Installed PostgreSQL" | ||||
| 
 | ||||
| msg_info "Installing Zitadel" | ||||
| RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') | ||||
| wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz | ||||
| mv zitadel-linux-amd64/zitadel /usr/local/bin | ||||
| echo "${RELEASE}" >"/opt/zitadel_version.txt" | ||||
| msg_ok "Installed Zitadel" | ||||
| 
 | ||||
| msg_info "Setting up Zitadel Environments" | ||||
| mkdir -p /opt/zitadel | ||||
| echo "/opt/zitadel/config.yaml" > "/opt/zitadel/.config" | ||||
| head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') > "/opt/zitadel/.masterkey" | ||||
| { | ||||
|     echo "Config location: $(cat "/opt/zitadel/.config")" | ||||
|     echo "Masterkey: $(cat "/opt/zitadel/.masterkey")" | ||||
| } >> ~/zitadel.creds | ||||
| cat <<EOF >/opt/zitadel/config.yaml | ||||
| Port: 8080 | ||||
| ExternalPort: 8080 | ||||
| ExternalDomain: localhost | ||||
| ExternalSecure: false | ||||
| TLS: | ||||
|   Enabled: false | ||||
|   KeyPath: "" | ||||
|   Key: "" | ||||
|   CertPath: "" | ||||
|   Cert: "" | ||||
| 
 | ||||
| Database: | ||||
|   postgres: | ||||
|     Host: localhost | ||||
|     Port: 5432 | ||||
|     Database: ${DB_NAME} | ||||
|     User: | ||||
|       Username: ${DB_USER} | ||||
|       Password: ${DB_PASS} | ||||
|       SSL: | ||||
|         Mode: disable | ||||
|         RootCert: "" | ||||
|         Cert: "" | ||||
|         Key: "" | ||||
|     Admin: | ||||
|       Username: ${DB_ADMIN_USER} | ||||
|       Password: ${DB_ADMIN_PASS} | ||||
|       SSL: | ||||
|         Mode: disable | ||||
|         RootCert: "" | ||||
|         Cert: "" | ||||
|         Key: "" | ||||
| EOF | ||||
| msg_ok "Installed Zitadel Enviroments" | ||||
| 
 | ||||
| msg_info "Creating Services" | ||||
| cat <<EOF >/etc/systemd/system/zitadel.service | ||||
| [Unit] | ||||
| Description=ZITADEL Identiy Server | ||||
| After=network.target postgresql.service | ||||
| Wants=postgresql.service | ||||
| 
 | ||||
| [Service] | ||||
| Type=simple | ||||
| User=zitadel | ||||
| Group=zitadel | ||||
| ExecStart=/usr/local/bin/zitadel start --masterkeyFile "/opt/zitadel/.masterkey" --config "/opt/zitadel/config.yaml" | ||||
| Restart=always | ||||
| RestartSec=5 | ||||
| TimeoutStartSec=0 | ||||
| 
 | ||||
| # Security Hardening options | ||||
| ProtectSystem=full | ||||
| ProtectHome=true | ||||
| PrivateTmp=true | ||||
| NoNewPrivileges=true | ||||
| 
 | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
| EOF | ||||
| systemctl enable -q zitadel.service | ||||
| msg_ok "Created Services" | ||||
| 
 | ||||
| msg_info "Zitadel initial setup" | ||||
| zitadel start-from-init --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null & | ||||
| sleep 60 | ||||
| kill $(lsof -i | awk '/zitadel/ {print $2}' | head -n1) | ||||
| useradd zitadel | ||||
| echo -e "$(zitadel -v | grep -oP 'v\d+\.\d+\.\d+')" > /opt/Zitadel_version.txt | ||||
| msg_ok "Zitadel initialized" | ||||
| 
 | ||||
| msg_info "Set ExternalDomain to current IP and restart Zitadel" | ||||
| IP=$(ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1) | ||||
| sed -i "0,/localhost/s/localhost/${IP}/" /opt/zitadel/config.yaml | ||||
| systemctl stop -q zitadel.service | ||||
| zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null  | ||||
| systemctl restart -q zitadel.service | ||||
| msg_ok "Zitadel restarted with ExternalDomain set to current IP" | ||||
| 
 | ||||
| msg_info "Create zitadel-rerun.sh" | ||||
| cat <<EOF >~/zitadel-rerun.sh | ||||
| systemctl stop zitadel.service | ||||
| timeout --kill-after=5s 15s zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml | ||||
| systemctl restart zitadel.service | ||||
| EOF | ||||
| msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml" | ||||
| 
 | ||||
| motd_ssh | ||||
| customize | ||||
| 
 | ||||
| msg_info "Cleaning up" | ||||
| rm -rf ~/zitadel-linux-amd64 | ||||
| $STD apt-get -y autoremove | ||||
| $STD apt-get -y autoclean | ||||
| msg_ok "Cleaned" | ||||
							
								
								
									
										43
									
								
								json/zitadel.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								json/zitadel.json
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,43 @@ | ||||
| { | ||||
|     "name": "Zitadel", | ||||
|     "slug": "Zitadel", | ||||
|     "categories": [ | ||||
|         6 | ||||
|     ], | ||||
|     "date_created": "2025-02-07", | ||||
|     "type": "ct", | ||||
|     "updateable": true, | ||||
|     "privileged": false, | ||||
|     "interface_port": 8080, | ||||
|     "documentation": "https://zitadel.com/docs/guides/overview", | ||||
|     "website": "https://zitadel.com", | ||||
|     "logo": "https://zitadel.com/zitadel-logo-dark.svg", | ||||
|     "description": "Zitadel is an open-source identity and access management (IAM) solution designed to provide secure authentication, authorization, and user management for modern applications and services. Built with a focus on flexibility, scalability, and security, Zitadel offers a comprehensive set of features for developers and organizations looking to implement robust identity management.", | ||||
|     "install_methods": [ | ||||
|         { | ||||
|             "type": "default", | ||||
|             "script": "ct/zitadel.sh", | ||||
|             "resources": { | ||||
|                 "cpu": 1, | ||||
|                 "ram": 1024, | ||||
|                 "hdd": 8, | ||||
|                 "os": "debian", | ||||
|                 "version": "12" | ||||
|             } | ||||
|         } | ||||
|     ], | ||||
|     "default_credentials": { | ||||
|         "username": "zitadel-admin@zitadel.localhost", | ||||
|         "password": "Password1!" | ||||
|     }, | ||||
|     "notes": [ | ||||
|         { | ||||
|             "text": "Application credentials: `cat ~/zitadel.creds`", | ||||
|             "type": "info" | ||||
|         }, | ||||
|         { | ||||
|             "text": "Change the ExternalDomain value in `/opt/zitadel/config.yaml` to your domain/hostname/IP and run `bash zitadel-rerun.sh`", | ||||
|             "type": "info" | ||||
|         } | ||||
|     ] | ||||
| } | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Dave Yap
						Dave Yap