108 lines
2.7 KiB
Bash
108 lines
2.7 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Copyright (c) 2021-2026 community-scripts ORG
|
|
# Author: thost96 (thost96)
|
|
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
|
# Source: https://www.authelia.com/
|
|
|
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
|
color
|
|
verb_ip6
|
|
catch_errors
|
|
setting_up_container
|
|
network_check
|
|
update_os
|
|
|
|
fetch_and_deploy_gh_release "authelia" "authelia/authelia" "binary"
|
|
|
|
MAX_ATTEMPTS=3
|
|
attempt=0
|
|
while true; do
|
|
attempt=$((attempt + 1))
|
|
read -rp "${TAB3}Enter your domain or IP (ex. example.com or 192.168.1.100): " DOMAIN
|
|
if [[ -z "$DOMAIN" ]]; then
|
|
if ((attempt >= MAX_ATTEMPTS)); then
|
|
DOMAIN="${LOCAL_IP:-localhost}"
|
|
msg_warn "Using fallback: $DOMAIN"
|
|
break
|
|
fi
|
|
msg_warn "Domain cannot be empty! (Attempt $attempt/$MAX_ATTEMPTS)"
|
|
elif [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
|
|
valid_ip=true
|
|
IFS='.' read -ra octets <<< "$DOMAIN"
|
|
for octet in "${octets[@]}"; do
|
|
if ((octet > 255)); then
|
|
valid_ip=false
|
|
break
|
|
fi
|
|
done
|
|
if $valid_ip; then
|
|
break
|
|
else
|
|
msg_warn "Invalid IP address!"
|
|
fi
|
|
elif [[ "$DOMAIN" =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$ ]]; then
|
|
break
|
|
else
|
|
msg_warn "Invalid domain format!"
|
|
fi
|
|
done
|
|
msg_info "Setting Authelia up"
|
|
touch /etc/authelia/emails.txt
|
|
JWT_SECRET=$(openssl rand -hex 64)
|
|
SESSION_SECRET=$(openssl rand -hex 64)
|
|
STORAGE_KEY=$(openssl rand -hex 64)
|
|
|
|
if [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
|
|
AUTHELIA_URL="https://${DOMAIN}:9091"
|
|
else
|
|
AUTHELIA_URL="https://auth.${DOMAIN}"
|
|
fi
|
|
echo "$AUTHELIA_URL" > /etc/authelia/.authelia_url
|
|
|
|
cat <<EOF >/etc/authelia/users.yml
|
|
users:
|
|
authelia:
|
|
disabled: false
|
|
displayname: "Authelia Admin"
|
|
password: "\$argon2id\$v=19\$m=65536,t=3,p=4\$ZBopMzXrzhHXPEZxRDVT2w\$SxWm96DwhOsZyn34DLocwQEIb4kCDsk632PuiMdZnig"
|
|
groups: []
|
|
EOF
|
|
cat <<EOF >/etc/authelia/configuration.yml
|
|
authentication_backend:
|
|
file:
|
|
path: /etc/authelia/users.yml
|
|
access_control:
|
|
default_policy: one_factor
|
|
session:
|
|
secret: "${SESSION_SECRET}"
|
|
name: 'authelia_session'
|
|
same_site: 'lax'
|
|
inactivity: '5m'
|
|
expiration: '1h'
|
|
remember_me: '1M'
|
|
cookies:
|
|
- domain: "${DOMAIN}"
|
|
authelia_url: "${AUTHELIA_URL}"
|
|
storage:
|
|
encryption_key: "${STORAGE_KEY}"
|
|
local:
|
|
path: /etc/authelia/db.sqlite
|
|
identity_validation:
|
|
reset_password:
|
|
jwt_secret: "${JWT_SECRET}"
|
|
jwt_lifespan: '5 minutes'
|
|
jwt_algorithm: 'HS256'
|
|
notifier:
|
|
filesystem:
|
|
filename: /etc/authelia/emails.txt
|
|
EOF
|
|
touch /etc/authelia/emails.txt
|
|
chown -R authelia:authelia /etc/authelia
|
|
systemctl enable -q --now authelia
|
|
msg_ok "Authelia Setup completed"
|
|
|
|
motd_ssh
|
|
customize
|
|
cleanup_lxc
|