diff --git a/ct/authentik.sh b/ct/authentik.sh new file mode 100644 index 000000000..ee6a8ffb8 --- /dev/null +++ b/ct/authentik.sh @@ -0,0 +1,120 @@ +#!/usr/bin/env bash +source <(curl -s https://raw.githubusercontent.com/thieneret/ProxmoxVED/feat/authentik/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Thieneret +# License: MIT | https://github.com/thieneret/ProxmoxVED/raw/main/LICENSE +# Source: https://github.com/goauthentik/authentik + +APP="authentik" +var_tags="auth" +var_cpu="4" +var_ram="4096" +var_disk="10" +var_os="debian" +var_version="13" +var_unprivileged="1" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + AUTHENTIK_VERSION="version/2025.12.4" + NODE_VERSION="24" + + if [[ ! -d /opt/authentik ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + if [[ "$AUTHENTIK_VERSION" == "$(cat /opt/authentik_version.txt)" ]]; then + msg_ok "Authentik up-to-date" + exit + fi + + if check_for_gh_release "geoipupdate" "maxmind/geoipupdate"; then + fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary" + fi + + msg_info "Stopping Services" + systemctl stop authentik-server.service + systemctl stop authentik-worker.service + msg_ok "Stopped Services" + + if check_for_gh_release "xmlsec" "lsh123/xmlsec"; then + + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "latest" "/opt/xmlsec" + + msg_info "Update xmlsec" + cd /opt/xmlsec + $STD ./autogen.sh + $STD make -j $(nproc) + $STD make check + $STD make install + ldconfig + msg_ok "xmlsec updated" + fi + + setup_nodejs + setup_go + + if check_for_gh_tag "authentik" "goauthentik/authentik" "${AUTHENTIK_VERSION}"; then + + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tag" "${AUTHENTIK_VERSION}" "/opt/authentik" + + msg_info "Update web" + cd /opt/authentik/web + NODE_ENV="production" + $STD npm install + $STD npm run build + $STD npm run build:sfe + msg_ok "Web updated" + + msg_info "Update go proxy" + cd /opt/authentik + CGO_ENABLED="1" + $STD go mod download + $STD go build -o /opt/authentik/authentik-server ./cmd/server + msg_ok "Go proxy updated" + + setup_uv + + setup_rust + + msg_info "Update python server" + UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec" + UV_COMPILE_BYTECODE="1" + UV_LINK_MODE="copy" + UV_NATIVE_TLS="1" + RUSTUP_PERMIT_COPY_RENAME="true" + cd /opt/authentik + $STD uv sync --frozen --no-install-project --no-dev + msg_ok "Python server updated" + + chown -R authentik:authentik /opt/authentik + + echo "${AUTHENTIK_VERSION}" > /opt/authentik_version.txt + fi + + msg_info "Restarting services" + systemctl restart authentik-server.service authentik-worker.service + msg_ok "Started Service" + msg_ok "Updated successfully!" + exit +} + +start +build_container +description + +msg_ok "Completed successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Initial setup URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000/if/flow/initial-setup/${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000${CL}" diff --git a/frontend/public/json/authentik.json b/frontend/public/json/authentik.json new file mode 100644 index 000000000..1e899da7e --- /dev/null +++ b/frontend/public/json/authentik.json @@ -0,0 +1,42 @@ +{ + "name": "authentik", + "slug": "authentik", + "categories": [6], + "date_created": "2026-02-21", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 9000, + "documentation": "https://docs.goauthentik.io/", + "website": "https://goauthentik.io/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp", + "config_path": "/etc/authentik/config.yml", + "description": "authentik is an IdP (Identity Provider) and SSO (Single Sign On) platform.", + "install_methods": [ + { + "type": "default", + "script": "ct/authentik.sh", + "resources": { + "cpu": 4, + "ram": 4096, + "hdd": 10, + "os": "Debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, +"notes": [ + { + "text": "You will get a Not Found error if initial setup URL doesn't include the trailing forward slash /. Make sure you use the complete url (http://:9000/if/flow/initial-setup/) including the trailing forward slash.", + "type": "info" + }, + { + "text": "If you want automatic GeoIP updates, create a free account at https://www.maxmind.com/en/geolite2/signup, then edit the /usr/local/etc/GeoIP.conf file with your credentials and remove the # in front of the geoipupdate line in the crontab.", + "type": "info" + } +] +} \ No newline at end of file diff --git a/install/authentik-install.sh b/install/authentik-install.sh new file mode 100644 index 000000000..eee3ad6cf --- /dev/null +++ b/install/authentik-install.sh @@ -0,0 +1,206 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: Thieneret +# License: MIT | https://github.com/thieneret/ProxmoxVED/raw/main/LICENSE +# Source: https://github.com/goauthentik/authentik + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" + +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Installing Dependencies with the 3 core dependencies (curl;sudo;mc) +msg_info "Installing Dependencies" +$STD apt install -y \ + curl \ + sudo \ + mc \ + build-essential \ + pkg-config \ + libffi-dev \ + git \ + libxslt-dev \ + zlib1g-dev \ + libpq-dev \ + krb5-multidev \ + libkrb5-dev \ + heimdal-multidev \ + libclang-dev \ + libltdl-dev \ + libpq5 \ + libmaxminddb0 \ + ca-certificates \ + krb5-multidev \ + libkrb5-3 \ + libkdb5-10 \ + libkadm5clnt-mit12 \ + libkadm5clnt7t64-heimdal \ + libltdl7 \ + libxslt1.1 \ + python3-dev \ + wget \ + gnupg \ + libxml2-dev \ + libltdl7 \ + libxml2 \ + libxslt1-dev \ + automake \ + autoconf \ + libtool \ + libtool-bin \ + gcc +msg_ok "Installed Dependencies" + +AUTHENTIK_VERSION="version/2025.12.4" +NODE_VERSION="24" + +fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "latest" "/opt/xmlsec" + +msg_info "Setup xmlsec" +cd /opt/xmlsec +$STD ./autogen.sh +$STD make -j $(nproc) +$STD make check +$STD make install +ldconfig +msg_ok "xmlsec installed" + +setup_nodejs +setup_go + +fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tag" "${AUTHENTIK_VERSION}" "/opt/authentik" + +msg_info "Setup web" +cd /opt/authentik/web +NODE_ENV="production" +$STD npm install +$STD npm run build +$STD npm run build:sfe +msg_ok "Web installed" + +msg_info "Setup go proxy" +cd /opt/authentik +CGO_ENABLED="1" +$STD go mod download +$STD go build -o /opt/authentik/authentik-server ./cmd/server +msg_ok "Go proxy installed" + +fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary" + +cat </usr/local/etc/GeoIP.conf +AccountID ChangeME +LicenseKey ChangeME +EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country +DatabaseDirectory /opt/authentik-data/geoip +RetryFor 5m +Parallelism 1 +EOF + +cat </tmp/crontab +#39 19 * * 6,4 /usr/bin/geoipupdate -f /usr/local/etc/GeoIP.conf +EOF +crontab /tmp/crontab +rm /tmp/crontab + +setup_uv + +setup_rust + +msg_info "Setup python server" +UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec" +UV_COMPILE_BYTECODE="1" +UV_LINK_MODE="copy" +UV_NATIVE_TLS="1" +RUSTUP_PERMIT_COPY_RENAME="true" +cd /opt/authentik +$STD uv sync --frozen --no-install-project --no-dev +msg_ok "Installed python server" + +mkdir -p /opt/authentik-data/{certs,media,geoip,templates} +cp /opt/authentik/authentik/sources/kerberos/krb5.conf /etc/krb5.conf +cp -r /usr/share/GeoIP/ /opt/authentik/geoip/ + +PG_VERSION="16" setup_postgresql + +PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db + +setup_yq + +msg_info "Creating authentik config" +mkdir -p /etc/authentik +mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml +yq -i ".secret_key = \"$(openssl rand -base64 128 | tr -dc 'a-zA-Z0-9' | head -c64)\"" /etc/authentik/config.yml +yq -i ".postgresql.password = \"${PG_DB_PASS}\"" /etc/authentik/config.yml +yq -i ".events.context_processors.geoip = \"/opt/authentik-data/geoip/GeoLite2-City.mmdb\"" /etc/authentik/config.yml +yq -i ".events.context_processors.asn = \"/opt/authentik-data/geoip/GeoLite2-ASN.mmdb\"" /etc/authentik/config.yml +yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml +yq -i ".cert_discovery_dir = \"/opt/authentik-data/certs\"" /etc/authentik/config.yml +yq -i ".email.template_dir = \"/opt/authentik-data/templates\"" /etc/authentik/config.yml +yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml +cp /opt/authentik/tests/GeoLite2-ASN-Test.mmdb /opt/authentik-data/geoip/GeoLite2-ASN.mmdb +cp /opt/authentik/tests/GeoLite2-City-Test.mmdb /opt/authentik-data/geoip/GeoLite2-City.mmdb +$STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik +chown -R authentik:authentik /opt/authentik /opt/authentik-data +cat </etc/default/authentik +TMPDIR=/dev/shm/ +UV_LINK_MODE=copy +UV_PYTHON_DOWNLOADS=0 +UV_NATIVE_TLS=1 +VENV_PATH=/opt/authentik/.venv +PYTHONDONTWRITEBYTECODE=1 +PYTHONUNBUFFERED=1 +PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin +DJANGO_SETTINGS_MODULE=authentik.root.settings +PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp" +EOF +msg_ok "authentik config created" + +msg_info "Creating services" +cat </etc/systemd/system/authentik-server.service +[Unit] +Description=authentik Go Server (API Gateway) +After=network.target +Wants=postgresql.service + +[Service] +User=authentik +Group=authentik +ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}" +ExecStart=/opt/authentik/authentik-server +WorkingDirectory=/opt/authentik/ +Restart=always +RestartSec=5 +EnvironmentFile=/etc/default/authentik + +[Install] +WantedBy=multi-user.target +EOF + +cat </etc/systemd/system/authentik-worker.service +[Unit] +Description=authentik Worker +After=network.target postgresql.service + +[Service] +User=authentik +Group=authentik +Type=simple +EnvironmentFile=/etc/default/authentik +ExecStart=/usr/local/bin/uv run python -m manage worker --pid-file /dev/shm/authentik-worker.pid +WorkingDirectory=/opt/authentik +Restart=always +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF + +systemctl enable -q --now authentik-server.service authentik-worker.service +msg_ok "Services created" + +echo "${AUTHENTIK_VERSION}" > /opt/authentik_version.txt \ No newline at end of file