New Script: Zitadel (#2141)
* Create zitadel-install.sh
* Create zitadel.json
* Create zitadel.sh
* Update zitadel.sh
Edit reference back to upstream build.func
* Update zitadel.json
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
* Update zitadel-install.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel-install.sh
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
* Update zitadel.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Update zitadel.json
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Use declared variables in config files
* Remove other architectures
* Update to fit changes requested
Include mc for install; removal of variable ARCH and put into direct links; correct the default resources required
* Update zitadel.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Update zitadel-install.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Update zitadel-install.sh
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
* Made changes to fit suggestions
* Update zitadel-install.sh
correct version output
* Update zitadel-install.sh
* Update path for version.txt
* Set update part default to our project defaults
* Update zitadel.sh, Remove v befor ${RELEASE}
* Update zitadel-install.sh
---------
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
Co-authored-by: bvdberg01 <74251551+bvdberg01@users.noreply.github.com>
Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com>
			
			
This commit is contained in:
		
							parent
							
								
									a481e89cad
								
							
						
					
					
						commit
						b05858c6e9
					
				
							
								
								
									
										70
									
								
								ct/zitadel.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										70
									
								
								ct/zitadel.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,70 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) | ||||||
|  | # Copyright (c) 2021-2025 community-scripts ORG | ||||||
|  | # Author: dave-yap (dave-yap) | ||||||
|  | # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE | ||||||
|  | # Source: https://zitadel.com/ | ||||||
|  | 
 | ||||||
|  | # App Default Values | ||||||
|  | APP="Zitadel" | ||||||
|  | var_tags="identity-provider" | ||||||
|  | var_cpu="1" | ||||||
|  | var_ram="1024" | ||||||
|  | var_disk="8" | ||||||
|  | var_os="debian" | ||||||
|  | var_version="12" | ||||||
|  | var_unprivileged="1" | ||||||
|  | 
 | ||||||
|  | # App Output & Base Settings | ||||||
|  | header_info "$APP" | ||||||
|  | base_settings | ||||||
|  | 
 | ||||||
|  | # Core | ||||||
|  | variables | ||||||
|  | color | ||||||
|  | catch_errors | ||||||
|  | 
 | ||||||
|  | function update_script() { | ||||||
|  |     header_info | ||||||
|  |     check_container_storage | ||||||
|  |     check_container_resources | ||||||
|  |     if [[ ! -f /etc/systemd/system/zitadel.service ]]; then | ||||||
|  |         msg_error "No ${APP} Installation Found!" | ||||||
|  |         exit | ||||||
|  |     fi | ||||||
|  |     RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') | ||||||
|  |     if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt | grep -oP '\d+\.\d+\.\d+')" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then | ||||||
|  |         msg_info "Stopping $APP" | ||||||
|  |         systemctl stop zitadel | ||||||
|  |         msg_ok "Stopped $APP" | ||||||
|  |          | ||||||
|  |         msg_info "Updating $APP to ${RELEASE}" | ||||||
|  |         cd /tmp | ||||||
|  |         wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz | ||||||
|  |         mv zitadel-linux-amd64/zitadel /usr/local/bin | ||||||
|  |         zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml --init-projections=true &>/dev/null | ||||||
|  |         echo "${RELEASE}" >/opt/${APP}_version.txt | ||||||
|  |         msg_ok "Updated $APP to ${RELEASE}" | ||||||
|  | 
 | ||||||
|  |         msg_info "Starting $APP" | ||||||
|  |         systemctl start zitadel | ||||||
|  |         msg_ok "Started $APP" | ||||||
|  | 
 | ||||||
|  |         msg_info "Cleaning Up" | ||||||
|  |         rm -rf /tmp/zitadel-linux-amd64 | ||||||
|  |         msg_ok "Cleanup Completed" | ||||||
|  |         msg_ok "Update Successful" | ||||||
|  |       else | ||||||
|  |         msg_ok "No update required. ${APP} is already at ${RELEASE}" | ||||||
|  |     fi | ||||||
|  |     exit | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | start | ||||||
|  | build_container | ||||||
|  | description | ||||||
|  | 
 | ||||||
|  | msg_ok "Completed Successfully!\n" | ||||||
|  | echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" | ||||||
|  | echo -e "${INFO}${YW} Access it using the following URL:${CL}" | ||||||
|  | echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}" | ||||||
							
								
								
									
										155
									
								
								install/zitadel-install.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										155
									
								
								install/zitadel-install.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,155 @@ | |||||||
|  | #!/usr/bin/env bash | ||||||
|  | 
 | ||||||
|  | # Copyright (c) 2021-2025 community-scripts ORG | ||||||
|  | # Author: dave-yap | ||||||
|  | # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE | ||||||
|  | 
 | ||||||
|  | source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" | ||||||
|  | color | ||||||
|  | verb_ip6 | ||||||
|  | catch_errors | ||||||
|  | setting_up_container | ||||||
|  | network_check | ||||||
|  | update_os | ||||||
|  | 
 | ||||||
|  | msg_info "Installing Dependencies (Patience)" | ||||||
|  | $STD apt-get install -y \ | ||||||
|  |     curl \ | ||||||
|  |     sudo \ | ||||||
|  |     mc \ | ||||||
|  |     ca-certificates \ | ||||||
|  |     wget | ||||||
|  | msg_ok "Installed Dependecies" | ||||||
|  | 
 | ||||||
|  | msg_info "Installing Postgresql" | ||||||
|  | $STD apt-get install -y postgresql postgresql-common | ||||||
|  | DB_NAME="zitadel" | ||||||
|  | DB_USER="zitadel" | ||||||
|  | DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) | ||||||
|  | DB_ADMIN_USER="root" | ||||||
|  | DB_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) | ||||||
|  | systemctl start postgresql | ||||||
|  | $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" | ||||||
|  | $STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;" | ||||||
|  | $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;" | ||||||
|  | { | ||||||
|  |     echo "Application Credentials" | ||||||
|  |     echo "DB_NAME: $DB_NAME" | ||||||
|  |     echo "DB_USER: $DB_USER" | ||||||
|  |     echo "DB_PASS: $DB_PASS" | ||||||
|  |     echo "DB_ADMIN_USER: $DB_ADMIN_USER" | ||||||
|  |     echo "DB_ADMIN_PASS: $DB_ADMIN_PASS" | ||||||
|  | } >> ~/zitadel.creds | ||||||
|  | msg_ok "Installed PostgreSQL" | ||||||
|  | 
 | ||||||
|  | msg_info "Installing Zitadel" | ||||||
|  | RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') | ||||||
|  | wget -qc https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-amd64.tar.gz -O - | tar -xz | ||||||
|  | mv zitadel-linux-amd64/zitadel /usr/local/bin | ||||||
|  | echo "${RELEASE}" >"/opt/zitadel_version.txt" | ||||||
|  | msg_ok "Installed Zitadel" | ||||||
|  | 
 | ||||||
|  | msg_info "Setting up Zitadel Environments" | ||||||
|  | mkdir -p /opt/zitadel | ||||||
|  | echo "/opt/zitadel/config.yaml" > "/opt/zitadel/.config" | ||||||
|  | head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') > "/opt/zitadel/.masterkey" | ||||||
|  | { | ||||||
|  |     echo "Config location: $(cat "/opt/zitadel/.config")" | ||||||
|  |     echo "Masterkey: $(cat "/opt/zitadel/.masterkey")" | ||||||
|  | } >> ~/zitadel.creds | ||||||
|  | cat <<EOF >/opt/zitadel/config.yaml | ||||||
|  | Port: 8080 | ||||||
|  | ExternalPort: 8080 | ||||||
|  | ExternalDomain: localhost | ||||||
|  | ExternalSecure: false | ||||||
|  | TLS: | ||||||
|  |   Enabled: false | ||||||
|  |   KeyPath: "" | ||||||
|  |   Key: "" | ||||||
|  |   CertPath: "" | ||||||
|  |   Cert: "" | ||||||
|  | 
 | ||||||
|  | Database: | ||||||
|  |   postgres: | ||||||
|  |     Host: localhost | ||||||
|  |     Port: 5432 | ||||||
|  |     Database: ${DB_NAME} | ||||||
|  |     User: | ||||||
|  |       Username: ${DB_USER} | ||||||
|  |       Password: ${DB_PASS} | ||||||
|  |       SSL: | ||||||
|  |         Mode: disable | ||||||
|  |         RootCert: "" | ||||||
|  |         Cert: "" | ||||||
|  |         Key: "" | ||||||
|  |     Admin: | ||||||
|  |       Username: ${DB_ADMIN_USER} | ||||||
|  |       Password: ${DB_ADMIN_PASS} | ||||||
|  |       SSL: | ||||||
|  |         Mode: disable | ||||||
|  |         RootCert: "" | ||||||
|  |         Cert: "" | ||||||
|  |         Key: "" | ||||||
|  | EOF | ||||||
|  | msg_ok "Installed Zitadel Enviroments" | ||||||
|  | 
 | ||||||
|  | msg_info "Creating Services" | ||||||
|  | cat <<EOF >/etc/systemd/system/zitadel.service | ||||||
|  | [Unit] | ||||||
|  | Description=ZITADEL Identiy Server | ||||||
|  | After=network.target postgresql.service | ||||||
|  | Wants=postgresql.service | ||||||
|  | 
 | ||||||
|  | [Service] | ||||||
|  | Type=simple | ||||||
|  | User=zitadel | ||||||
|  | Group=zitadel | ||||||
|  | ExecStart=/usr/local/bin/zitadel start --masterkeyFile "/opt/zitadel/.masterkey" --config "/opt/zitadel/config.yaml" | ||||||
|  | Restart=always | ||||||
|  | RestartSec=5 | ||||||
|  | TimeoutStartSec=0 | ||||||
|  | 
 | ||||||
|  | # Security Hardening options | ||||||
|  | ProtectSystem=full | ||||||
|  | ProtectHome=true | ||||||
|  | PrivateTmp=true | ||||||
|  | NoNewPrivileges=true | ||||||
|  | 
 | ||||||
|  | [Install] | ||||||
|  | WantedBy=multi-user.target | ||||||
|  | EOF | ||||||
|  | systemctl enable -q zitadel.service | ||||||
|  | msg_ok "Created Services" | ||||||
|  | 
 | ||||||
|  | msg_info "Zitadel initial setup" | ||||||
|  | zitadel start-from-init --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null & | ||||||
|  | sleep 60 | ||||||
|  | kill $(lsof -i | awk '/zitadel/ {print $2}' | head -n1) | ||||||
|  | useradd zitadel | ||||||
|  | echo -e "$(zitadel -v | grep -oP 'v\d+\.\d+\.\d+')" > /opt/Zitadel_version.txt | ||||||
|  | msg_ok "Zitadel initialized" | ||||||
|  | 
 | ||||||
|  | msg_info "Set ExternalDomain to current IP and restart Zitadel" | ||||||
|  | IP=$(ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1) | ||||||
|  | sed -i "0,/localhost/s/localhost/${IP}/" /opt/zitadel/config.yaml | ||||||
|  | systemctl stop -q zitadel.service | ||||||
|  | zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null  | ||||||
|  | systemctl restart -q zitadel.service | ||||||
|  | msg_ok "Zitadel restarted with ExternalDomain set to current IP" | ||||||
|  | 
 | ||||||
|  | msg_info "Create zitadel-rerun.sh" | ||||||
|  | cat <<EOF >~/zitadel-rerun.sh | ||||||
|  | systemctl stop zitadel.service | ||||||
|  | timeout --kill-after=5s 15s zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml | ||||||
|  | systemctl restart zitadel.service | ||||||
|  | EOF | ||||||
|  | msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml" | ||||||
|  | 
 | ||||||
|  | motd_ssh | ||||||
|  | customize | ||||||
|  | 
 | ||||||
|  | msg_info "Cleaning up" | ||||||
|  | rm -rf ~/zitadel-linux-amd64 | ||||||
|  | $STD apt-get -y autoremove | ||||||
|  | $STD apt-get -y autoclean | ||||||
|  | msg_ok "Cleaned" | ||||||
							
								
								
									
										43
									
								
								json/zitadel.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								json/zitadel.json
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,43 @@ | |||||||
|  | { | ||||||
|  |     "name": "Zitadel", | ||||||
|  |     "slug": "Zitadel", | ||||||
|  |     "categories": [ | ||||||
|  |         6 | ||||||
|  |     ], | ||||||
|  |     "date_created": "2025-02-07", | ||||||
|  |     "type": "ct", | ||||||
|  |     "updateable": true, | ||||||
|  |     "privileged": false, | ||||||
|  |     "interface_port": 8080, | ||||||
|  |     "documentation": "https://zitadel.com/docs/guides/overview", | ||||||
|  |     "website": "https://zitadel.com", | ||||||
|  |     "logo": "https://zitadel.com/zitadel-logo-dark.svg", | ||||||
|  |     "description": "Zitadel is an open-source identity and access management (IAM) solution designed to provide secure authentication, authorization, and user management for modern applications and services. Built with a focus on flexibility, scalability, and security, Zitadel offers a comprehensive set of features for developers and organizations looking to implement robust identity management.", | ||||||
|  |     "install_methods": [ | ||||||
|  |         { | ||||||
|  |             "type": "default", | ||||||
|  |             "script": "ct/zitadel.sh", | ||||||
|  |             "resources": { | ||||||
|  |                 "cpu": 1, | ||||||
|  |                 "ram": 1024, | ||||||
|  |                 "hdd": 8, | ||||||
|  |                 "os": "debian", | ||||||
|  |                 "version": "12" | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     ], | ||||||
|  |     "default_credentials": { | ||||||
|  |         "username": "zitadel-admin@zitadel.localhost", | ||||||
|  |         "password": "Password1!" | ||||||
|  |     }, | ||||||
|  |     "notes": [ | ||||||
|  |         { | ||||||
|  |             "text": "Application credentials: `cat ~/zitadel.creds`", | ||||||
|  |             "type": "info" | ||||||
|  |         }, | ||||||
|  |         { | ||||||
|  |             "text": "Change the ExternalDomain value in `/opt/zitadel/config.yaml` to your domain/hostname/IP and run `bash zitadel-rerun.sh`", | ||||||
|  |             "type": "info" | ||||||
|  |         } | ||||||
|  |     ] | ||||||
|  | } | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Dave Yap
						Dave Yap