From b6cd9d457c39fa65fbb79c900693d8a8d08e1885 Mon Sep 17 00:00:00 2001
From: tremor021 <arezina.slavisa@gmail.com>
Date: Fri, 29 Aug 2025 12:52:28 +0200
Subject: [PATCH] Zitadel testing

---
 ct/zitadel.sh              |  62 +++++++++++++++
 install/zitadel-install.sh | 149 +++++++++++++++++++++++++++++++++++++
 2 files changed, 211 insertions(+)
 create mode 100644 ct/zitadel.sh
 create mode 100644 install/zitadel-install.sh

diff --git a/ct/zitadel.sh b/ct/zitadel.sh
new file mode 100644
index 00000000..c35c7b39
--- /dev/null
+++ b/ct/zitadel.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: dave-yap (dave-yap)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://zitadel.com/
+
+APP="Zitadel"
+var_tags="${var_tags:-identity-provider}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-12}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -f /etc/systemd/system/zitadel.service ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  RELEASE=$(curl -fsSL https://api.github.com/repos/zitadel/zitadel/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+  if [[ ! -f ~/.zitadel ]] || [[ "${RELEASE}" != "$(cat ~/.zitadel)" ]]; then
+    msg_info "Stopping $APP"
+    systemctl stop zitadel
+    msg_ok "Stopped $APP"
+
+    rm -f /usr/local/bin/zitadel
+    fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/usr/local/bin" "zitadel-linux-amd64.tar.gz"
+
+    msg_info "Updating $APP to ${RELEASE}"
+    $STD zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml --init-projections=true
+    msg_ok "Updated $APP to ${RELEASE}"
+
+    msg_info "Starting $APP"
+    systemctl start zitadel
+    msg_ok "Started $APP"
+
+    msg_ok "Update Successful"
+  else
+    msg_ok "No update required. ${APP} is already at ${RELEASE}"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}"
diff --git a/install/zitadel-install.sh b/install/zitadel-install.sh
new file mode 100644
index 00000000..ba8cbdc4
--- /dev/null
+++ b/install/zitadel-install.sh
@@ -0,0 +1,149 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: dave-yap
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://zitadel.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y ca-certificates
+msg_ok "Installed Dependecies"
+
+PG_VERSION="17" setup_postgresql
+
+msg_info "Installing Postgresql"
+DB_NAME="zitadel"
+DB_USER="zitadel"
+DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+DB_ADMIN_USER="root"
+DB_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+systemctl start postgresql
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
+{
+  echo "Application Credentials"
+  echo "DB_NAME: $DB_NAME"
+  echo "DB_USER: $DB_USER"
+  echo "DB_PASS: $DB_PASS"
+  echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+  echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+} >>~/zitadel.creds
+msg_ok "Installed PostgreSQL"
+
+fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/usr/local/bin" "zitadel-linux-amd64.tar.gz"
+
+msg_info "Setting up Zitadel Environments"
+mkdir -p /opt/zitadel
+echo "/opt/zitadel/config.yaml" >"/opt/zitadel/.config"
+head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') >"/opt/zitadel/.masterkey"
+{
+  echo "Config location: $(cat "/opt/zitadel/.config")"
+  echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
+} >>~/zitadel.creds
+cat <<EOF >/opt/zitadel/config.yaml
+Port: 8080
+ExternalPort: 8080
+ExternalDomain: localhost
+ExternalSecure: false
+TLS:
+  Enabled: false
+  KeyPath: ""
+  Key: ""
+  CertPath: ""
+  Cert: ""
+
+Database:
+  postgres:
+    Host: localhost
+    Port: 5432
+    Database: ${DB_NAME}
+    User:
+      Username: ${DB_USER}
+      Password: ${DB_PASS}
+      SSL:
+        Mode: disable
+        RootCert: ""
+        Cert: ""
+        Key: ""
+    Admin:
+      Username: ${DB_ADMIN_USER}
+      Password: ${DB_ADMIN_PASS}
+      SSL:
+        Mode: disable
+        RootCert: ""
+        Cert: ""
+        Key: ""
+DefaultInstance:
+  Features:
+    LoginV2:
+      Required: false
+EOF
+msg_ok "Installed Zitadel Enviroments"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/zitadel.service
+[Unit]
+Description=ZITADEL Identiy Server
+After=network.target postgresql.service
+Wants=postgresql.service
+
+[Service]
+Type=simple
+User=zitadel
+Group=zitadel
+ExecStart=/usr/local/bin/zitadel start --masterkeyFile "/opt/zitadel/.masterkey" --config "/opt/zitadel/config.yaml"
+Restart=always
+RestartSec=5
+TimeoutStartSec=0
+
+# Security Hardening options
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q zitadel
+msg_ok "Created Services"
+
+msg_info "Zitadel initial setup"
+$STD zitadel start-from-init --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml
+sleep 60
+kill $(lsof -i | awk '/zitadel/ {print $2}' | head -n1)
+useradd zitadel
+msg_ok "Zitadel initialized"
+
+msg_info "Set ExternalDomain to current IP and restart Zitadel"
+IP=$(ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1)
+sed -i "0,/localhost/s/localhost/${IP}/" /opt/zitadel/config.yaml
+systemctl stop -q zitadel
+$STD zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml
+systemctl restart -q zitadel
+msg_ok "Zitadel restarted with ExternalDomain set to current IP"
+
+msg_info "Create zitadel-rerun.sh"
+cat <<EOF >~/zitadel-rerun.sh
+systemctl stop zitadel
+timeout --kill-after=5s 15s zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml
+systemctl restart zitadel
+EOF
+msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"