mirror of
https://github.com/bashclub/zamba-lxc-toolbox.git
synced 2024-12-25 03:30:12 +01:00
Add authentik container
This commit is contained in:
parent
8644cab71f
commit
a9853a6fbe
29
src/authentik/constants-service.conf
Normal file
29
src/authentik/constants-service.conf
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
# This file contains the project constants on service level
|
||||||
|
|
||||||
|
# Debian Version, which will be installed
|
||||||
|
LXC_TEMPLATE_VERSION="debian-12-standard"
|
||||||
|
|
||||||
|
# Create sharefs mountpoint
|
||||||
|
LXC_MP="0"
|
||||||
|
|
||||||
|
# Create unprivileged container
|
||||||
|
LXC_UNPRIVILEGED="1"
|
||||||
|
|
||||||
|
# enable nesting feature
|
||||||
|
LXC_NESTING="1"
|
||||||
|
|
||||||
|
# enable keyctl feature
|
||||||
|
LXC_KEYCTL="1"
|
||||||
|
|
||||||
|
# Sets the minimum amount of RAM the service needs for operation
|
||||||
|
LXC_MEM_MIN=2048
|
||||||
|
|
||||||
|
# service dependent meta tags
|
||||||
|
SERVICE_TAGS=""
|
107
src/authentik/install-service.sh
Normal file
107
src/authentik/install-service.sh
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
source /root/functions.sh
|
||||||
|
source /root/zamba.conf
|
||||||
|
source /root/constants-service.conf
|
||||||
|
|
||||||
|
# Add Docker's official GPG key:
|
||||||
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||||
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||||
|
|
||||||
|
# Add the repository to Apt sources:
|
||||||
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
|
apt-get update
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin pwgen
|
||||||
|
|
||||||
|
SECRET=$(random_password)
|
||||||
|
myip=$(ip a s dev eth0 | grep -m1 inet | cut -d' ' -f6 | cut -d'/' -f1)
|
||||||
|
|
||||||
|
install_portainer_full() {
|
||||||
|
mkdir -p /opt/portainer/data
|
||||||
|
cd /opt/portainer
|
||||||
|
cat << EOF > /opt/portainer/docker-compose.yml
|
||||||
|
version: "3.4"
|
||||||
|
|
||||||
|
services:
|
||||||
|
portainer:
|
||||||
|
restart: always
|
||||||
|
image: portainer/portainer:latest
|
||||||
|
volumes:
|
||||||
|
- ./data:/data
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
ports:
|
||||||
|
- "8000:8000"
|
||||||
|
- "9443:9443"
|
||||||
|
command: --admin-password-file=/data/admin_password
|
||||||
|
EOF
|
||||||
|
echo -n "$SECRET" > ./data/admin_password
|
||||||
|
|
||||||
|
docker compose pull
|
||||||
|
docker compose up -d
|
||||||
|
echo -e "\n######################################################################\n\n You can access Portainer with your browser at https://${myip}:9443\n\n Please note the following admin password to access the portainer:\n '$SECRET'\n Enjoy your Docker intallation.\n\n######################################################################\n\n Setup your authentik instance by entering https://${myip}/if/flow/initial-setup/ into your browser.\n\n######################################################################"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
install_portainer_agent() {
|
||||||
|
mkdir -p /opt/portainer-agent/data
|
||||||
|
cd /opt/portainer-agent
|
||||||
|
cat << EOF > /opt/portainer-agent/docker-compose.yml
|
||||||
|
version: "3.4"
|
||||||
|
|
||||||
|
services:
|
||||||
|
portainer:
|
||||||
|
restart: always
|
||||||
|
image: portainer/agent:latest
|
||||||
|
volumes:
|
||||||
|
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
ports:
|
||||||
|
- "9001:9001"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
docker compose pull
|
||||||
|
docker compose up -d
|
||||||
|
|
||||||
|
echo -e "\n######################################################################\n\n Please enter the following data into the Portainer "Add environment" wizard:\n\tEnvironment address: ${myip}:9001\n\n Enjoy your Docker intallation.\n\n######################################################################\n\n Setup your authentik instance by entering https://${myip}/if/flow/initial-setup/ into your browser.\n\n######################################################################"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
mkdir -p /opt/authentik
|
||||||
|
wget -O /opt/authentik/docker-compose.yml https://goauthentik.io/docker-compose.yml
|
||||||
|
cd /opt/authentik
|
||||||
|
cat << EOF > .env
|
||||||
|
PG_PASS=$(pwgen -s 40 1)
|
||||||
|
AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)
|
||||||
|
AUTHENTIK_DISABLE_UPDATE_CHECK=false
|
||||||
|
AUTHENTIK_ERROR_REPORTING__ENABLED=false
|
||||||
|
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
|
||||||
|
AUTHENTIK_AVATARS=initials
|
||||||
|
COMPOSE_PORT_HTTP=80
|
||||||
|
COMPOSE_PORT_HTTPS=443
|
||||||
|
AUTHENTIK_EMAIL__HOST=
|
||||||
|
AUTHENTIK_EMAIL__PORT=
|
||||||
|
AUTHENTIK_EMAIL__USERNAME=
|
||||||
|
AUTHENTIK_EMAIL__PASSWORD=
|
||||||
|
# Use StartTLS
|
||||||
|
AUTHENTIK_EMAIL__USE_TLS=false
|
||||||
|
# Use SSL
|
||||||
|
AUTHENTIK_EMAIL__USE_SSL=false
|
||||||
|
AUTHENTIK_EMAIL__TIMEOUT=10
|
||||||
|
# Email address authentik will send from, should have a correct @domain
|
||||||
|
AUTHENTIK_EMAIL__FROM=
|
||||||
|
EOF
|
||||||
|
|
||||||
|
docker compose pull
|
||||||
|
docker compose up -d
|
||||||
|
|
||||||
|
case $PORTAINER in
|
||||||
|
full) install_portainer_full ;;
|
||||||
|
agent) install_portainer_agent ;;
|
||||||
|
*) echo -e "\n######################################################################\n\n Enjoy your authentik intallation.\n\n######################################################################\n\n Setup your authentik instance by entering https://${myip}/if/flow/initial-setup/ into your browser.\n\n######################################################################" ;;
|
||||||
|
esac
|
Loading…
Reference in New Issue
Block a user