diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 0d7baf8..66f5e68 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -62,7 +62,7 @@ EOF msg_ok "Installed GeoIP" msg_info "Installing PostgreSQL" -$STD apt-get install -y postgresql postgresql-contrib +$STD apt-get install -y postgresql-16 postgresql-contrib-16 DB_NAME="authentik" DB_USER="authentik" DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" @@ -91,18 +91,16 @@ cd /opt/authentik $STD go mod download $STD go build -o /go/authentik ./cmd/server $STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/ - -cd /opt/authentik $STD uv sync --frozen --no-install-project --no-dev -$STD pip3 install --no-cache-dir --upgrade pip +#$STD pip3 install --no-cache-dir --upgrade pip #$STD pip3 install --upgrade pip #$STD pip3 install poetry poetry-plugin-export #ln -s /usr/local/bin/poetry /usr/bin/poetry #$STD poetry install --only=main --no-ansi --no-interaction --no-root #$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt -$STD pip install --no-cache-dir -r requirements.txt -$STD pip install . +#$STD pip install --no-cache-dir -r requirements.txt +#$STD pip install . mkdir -p /etc/authentik mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml $STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml @@ -110,23 +108,30 @@ $STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml $STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints $STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml -ln -s /usr/bin/python3 /usr/bin/python -ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn -ln -s /usr/local/bin/celery /usr/bin/celery -$STD bash /opt/authentik/lifecycle/ak migrate +#ln -s /usr/bin/python3 /usr/bin/python +#ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn +#ln -s /usr/local/bin/celery /usr/bin/celery +#$STD bash /opt/authentik/lifecycle/ak migrate +cd /opt/authentik +uv run python -m lifecycle.migrate +ln -s /opt/authentik/.venv/bin/gunicorn /usr/local/bin/gunicorn +ln -s /opt/authentik/.venv/bin/celery /usr/local/bin/celery echo "${RELEASE}" >/opt/${APPLICATION}_version.txt msg_ok "Installed authentik" msg_info "Creating Services" cat </etc/systemd/system/authentik-server.service [Unit] -Description = authentik Server +Description=authentik Go Server (API Gateway) +After=network.target +Wants=redis.service postgresql.service [Service] -ExecStart=/opt/authentik/authentik-server WorkingDirectory=/opt/authentik/ +ExecStart=/opt/authentik/authentik-server Restart=always RestartSec=5 +Environment=DJANGO_SETTINGS_MODULE=authentik.root.settings [Install] WantedBy=multi-user.target @@ -134,21 +139,49 @@ EOF cat </etc/systemd/system/authentik-worker.service [Unit] -Description = authentik Worker +Description=authentik Celery Worker +After=network.target redis.service postgresql.service +Requires=redis.service [Service] -Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings" -ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events -WorkingDirectory=/opt/authentik/authentik +Type=simple +WorkingDirectory=/opt/authentik +ExecStart=/opt/authentik/.venv/bin/celery \ + -A authentik.root.celery worker \ + -Ofair \ + --max-tasks-per-child=1 \ + --autoscale 3,1 \ + -Q authentik,authentik_scheduled,authentik_events \ + -E Restart=always RestartSec=5 +Environment=DJANGO_SETTINGS_MODULE=authentik.root.settings [Install] WantedBy=multi-user.target EOF -systemctl enable -q --now authentik-server -sleep 2 -systemctl enable -q --now authentik-worker + +cat </etc/systemd/system/authentik-celery-beat.service +[Unit] +Description=authentik Celery Beat Scheduler +After=network.target + +[Service] +Type=simple +WorkingDirectory=/opt/authentik +ExecStart=/opt/authentik/.venv/bin/celery \ + -A authentik.root.celery beat \ + -s /tmp/celerybeat-schedule +Restart=always +RestartSec=5 +#User=authentik +Environment=DJANGO_SETTINGS_MODULE=authentik.root.settings + +[Install] +WantedBy=multi-user.target +EOF + +systemctl enable -q --now authentik-server authentik-worker authentik-celery-beat msg_ok "Created Services" motd_ssh