Update authentik-install.sh
This commit is contained in:
CanbiZ
parent
a74e9f3f88
commit
790537e27e
@ -62,7 +62,7 @@ EOF
|
|||||||
msg_ok "Installed GeoIP"
|
msg_ok "Installed GeoIP"
|
||||||
|
|
||||||
msg_info "Installing PostgreSQL"
|
msg_info "Installing PostgreSQL"
|
||||||
$STD apt-get install -y postgresql postgresql-contrib
|
$STD apt-get install -y postgresql-16 postgresql-contrib-16
|
||||||
DB_NAME="authentik"
|
DB_NAME="authentik"
|
||||||
DB_USER="authentik"
|
DB_USER="authentik"
|
||||||
DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
|
DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
|
||||||
@ -91,18 +91,16 @@ cd /opt/authentik
|
|||||||
$STD go mod download
|
$STD go mod download
|
||||||
$STD go build -o /go/authentik ./cmd/server
|
$STD go build -o /go/authentik ./cmd/server
|
||||||
$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/
|
$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/
|
||||||
|
|
||||||
cd /opt/authentik
|
|
||||||
$STD uv sync --frozen --no-install-project --no-dev
|
$STD uv sync --frozen --no-install-project --no-dev
|
||||||
$STD pip3 install --no-cache-dir --upgrade pip
|
#$STD pip3 install --no-cache-dir --upgrade pip
|
||||||
#$STD pip3 install --upgrade pip
|
#$STD pip3 install --upgrade pip
|
||||||
#$STD pip3 install poetry poetry-plugin-export
|
#$STD pip3 install poetry poetry-plugin-export
|
||||||
|
|
||||||
#ln -s /usr/local/bin/poetry /usr/bin/poetry
|
#ln -s /usr/local/bin/poetry /usr/bin/poetry
|
||||||
#$STD poetry install --only=main --no-ansi --no-interaction --no-root
|
#$STD poetry install --only=main --no-ansi --no-interaction --no-root
|
||||||
#$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt
|
#$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt
|
||||||
$STD pip install --no-cache-dir -r requirements.txt
|
#$STD pip install --no-cache-dir -r requirements.txt
|
||||||
$STD pip install .
|
#$STD pip install .
|
||||||
mkdir -p /etc/authentik
|
mkdir -p /etc/authentik
|
||||||
mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
|
mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
|
||||||
$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml
|
$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml
|
||||||
@ -110,23 +108,30 @@ $STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml
|
|||||||
$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml
|
$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml
|
||||||
cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
|
cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
|
||||||
$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
|
$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
|
||||||
ln -s /usr/bin/python3 /usr/bin/python
|
#ln -s /usr/bin/python3 /usr/bin/python
|
||||||
ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
|
#ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
|
||||||
ln -s /usr/local/bin/celery /usr/bin/celery
|
#ln -s /usr/local/bin/celery /usr/bin/celery
|
||||||
$STD bash /opt/authentik/lifecycle/ak migrate
|
#$STD bash /opt/authentik/lifecycle/ak migrate
|
||||||
|
cd /opt/authentik
|
||||||
|
uv run python -m lifecycle.migrate
|
||||||
|
ln -s /opt/authentik/.venv/bin/gunicorn /usr/local/bin/gunicorn
|
||||||
|
ln -s /opt/authentik/.venv/bin/celery /usr/local/bin/celery
|
||||||
echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
|
echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
|
||||||
msg_ok "Installed authentik"
|
msg_ok "Installed authentik"
|
||||||
|
|
||||||
msg_info "Creating Services"
|
msg_info "Creating Services"
|
||||||
cat <<EOF >/etc/systemd/system/authentik-server.service
|
cat <<EOF >/etc/systemd/system/authentik-server.service
|
||||||
[Unit]
|
[Unit]
|
||||||
Description = authentik Server
|
Description=authentik Go Server (API Gateway)
|
||||||
|
After=network.target
|
||||||
|
Wants=redis.service postgresql.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/opt/authentik/authentik-server
|
|
||||||
WorkingDirectory=/opt/authentik/
|
WorkingDirectory=/opt/authentik/
|
||||||
|
ExecStart=/opt/authentik/authentik-server
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
Environment=DJANGO_SETTINGS_MODULE=authentik.root.settings
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
@ -134,21 +139,49 @@ EOF
|
|||||||
|
|
||||||
cat <<EOF >/etc/systemd/system/authentik-worker.service
|
cat <<EOF >/etc/systemd/system/authentik-worker.service
|
||||||
[Unit]
|
[Unit]
|
||||||
Description = authentik Worker
|
Description=authentik Celery Worker
|
||||||
|
After=network.target redis.service postgresql.service
|
||||||
|
Requires=redis.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings"
|
Type=simple
|
||||||
ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events
|
WorkingDirectory=/opt/authentik
|
||||||
WorkingDirectory=/opt/authentik/authentik
|
ExecStart=/opt/authentik/.venv/bin/celery \
|
||||||
|
-A authentik.root.celery worker \
|
||||||
|
-Ofair \
|
||||||
|
--max-tasks-per-child=1 \
|
||||||
|
--autoscale 3,1 \
|
||||||
|
-Q authentik,authentik_scheduled,authentik_events \
|
||||||
|
-E
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
Environment=DJANGO_SETTINGS_MODULE=authentik.root.settings
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
EOF
|
EOF
|
||||||
systemctl enable -q --now authentik-server
|
|
||||||
sleep 2
|
cat <<EOF >/etc/systemd/system/authentik-celery-beat.service
|
||||||
systemctl enable -q --now authentik-worker
|
[Unit]
|
||||||
|
Description=authentik Celery Beat Scheduler
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
WorkingDirectory=/opt/authentik
|
||||||
|
ExecStart=/opt/authentik/.venv/bin/celery \
|
||||||
|
-A authentik.root.celery beat \
|
||||||
|
-s /tmp/celerybeat-schedule
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5
|
||||||
|
#User=authentik
|
||||||
|
Environment=DJANGO_SETTINGS_MODULE=authentik.root.settings
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl enable -q --now authentik-server authentik-worker authentik-celery-beat
|
||||||
msg_ok "Created Services"
|
msg_ok "Created Services"
|
||||||
|
|
||||||
motd_ssh
|
motd_ssh
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user