From ec846e4f4624a80bac6fee4c2b5a60bd5441d5db Mon Sep 17 00:00:00 2001 From: Thorsten Date: Wed, 5 Feb 2025 15:35:03 +0100 Subject: [PATCH] Authelia + Dev env --- ct/authelia.sh | 60 ++++++++++++++++++++++++ install/authelia-install.sh | 93 +++++++++++++++++++++++++++++++++++++ json/authelia.json | 34 ++++++++++++++ misc/build.func | 16 ++++--- misc/install.func | 3 +- 5 files changed, 199 insertions(+), 7 deletions(-) create mode 100644 ct/authelia.sh create mode 100644 install/authelia-install.sh create mode 100644 json/authelia.json diff --git a/ct/authelia.sh b/ct/authelia.sh new file mode 100644 index 00000000..11844437 --- /dev/null +++ b/ct/authelia.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash +#source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +source <(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/build.func) +# Copyright (c) 2021-2025 community-scripts ORG +# Author: thost96 (thost96) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.authelia.com/integration/deployment/bare-metal/" + + +# App Default Values +APP="Authelia" +TAGS="" +var_cpu="1" +var_ram="512" +var_disk="2" +var_os="debian" +var_version="12" +var_unprivileged="1" + +# App Output & Base Settings +header_info "$APP" +base_settings + +# Core +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -d "/etc/authelia/" ]]; then msg_error "No ${APP} Installation Found!"; exit; fi + RELEASE=$(curl -s https://api.github.com/repos/authelia/authelia/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') + #if [[ "${RELEASE}" != "$(cat )" ]]; then + msg_info "Updating $APP to ${RELEASE}" + $STD apt-get update &>/dev/null + $STD apt-get -y upgrade &>/dev/null + wget -q https://github.com/authelia/authelia/releases/download/$RELEASE/authelia_$RELEASE_amd64.deb + $STD dpkg -i authelia_$RELEASE_amd64.deb + msg_info "Cleaning Up" + rm -f authelia_$RELEASE_amd64.deb + $STD apt-get -y autoremove + $STD apt-get -y autoclean + msg_ok "Cleanup Completed" + msg_ok "Updated $APP to ${RELEASE}" + #else + # msg_ok "No update required. ${APP} is already at ${RELEASE}" + #fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9091${CL}" \ No newline at end of file diff --git a/install/authelia-install.sh b/install/authelia-install.sh new file mode 100644 index 00000000..941f2fec --- /dev/null +++ b/install/authelia-install.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash + + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: thost96 (thost96) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://www.authelia.com/integration/deployment/bare-metal/" + + +# Import Functions und Setup +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt-get install -y \ + curl \ + sudo \ + mc +msg_ok "Installed Dependencies" + +msg_info "Installing Authelia" +RELEASE=$(curl -s https://api.github.com/repos/authelia/authelia/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') +wget -q https://github.com/authelia/authelia/releases/download/$RELEASE/authelia_$RELEASE_amd64.deb +$STD dpkg -i authelia_$RELEASE_amd64.deb +$STD systemctl enable authelia +msg_ok "Install Authelia completed" + +msg_info "Setting Authelia up" +$STD touch /etc/authelia/emails.txt +JWT_SECRET=$(openssl rand -hex 64) +SESSION_SECRET=$(openssl rand -hex 64) +STORAGE_KEY=$(openssl rand -hex 64) +DOMAIN=$(hostname -d) + +#authelia crypto hash generate argon2 --random +cat <<'EOF' >/etc/authelia/users.yml +users: + authelia: + disabled: false + displayname: "Authelia Admin" + password: "$argon2id$v=19$m=65536,t=3,p=4$ZBopMzXrzhHXPEZxRDVT2w$SxWm96DwhOsZyn34DLocwQEIb4kCDsk632PuiMdZnig" + groups: [] +EOF + +cat <<'EOF' >/etc/authelia/configuration.yml +authentication_backend: + file: + path: /etc/authelia/users.yml +access_control: + default_policy: one_factor +session: + secret: '${SESSION_SECRET}' + name: 'authelia_session' + same_site: 'lax' + inactivity: '5m' + expiration: '1h' + remember_me: '1M' + cookies: + - domain: '${DOMAIN}' + authelia_url: 'https://auth.${DOMAIN}' +storage: + encryption_key: '${STORAGE_KEY}' + local: + path: /etc/authelia/db.sqlite +identity_validation: + reset_password: + jwt_secret: '${JWT_SECRET}' + jwt_lifespan: '5 minutes' + jwt_algorithm: 'HS256' +notifier: + filesystem: + filename: /etc/authelia/emails.txt +EOF + +msg_info "Validating Authelia Config" +$STD authelia config validate -c /etc/authelia/configuration.yml + +msg_ok "Authelia Setup completed" + +motd_ssh +customize + +# Cleanup +msg_info "Cleaning up" +rm -f authelia_$RELEASE_amd64.deb +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" diff --git a/json/authelia.json b/json/authelia.json new file mode 100644 index 00000000..2ec46271 --- /dev/null +++ b/json/authelia.json @@ -0,0 +1,34 @@ +{ + "name": "Authelia", + "slug": "authelia", + "categories": [ + 6 + ], + "date_created": "2025-02-05", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 9091, + "documentation": "https://www.authelia.com/integration/deployment/bare-metal/", + "website": "https://www.authelia.com/", + "logo": "https://camo.githubusercontent.com/bea2da4de8f6101f3d4f819585c23b01a08f5bcb20af70b900ac5d936879a99a/68747470733a2f2f7777772e61757468656c69612e636f6d2f696d616765732f61757468656c69612d7469746c652e706e67", + "description": "Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.", + "install_methods": [ + { + "type": "default", + "script": "ct/authelia.sh", + "resources": { + "cpu": 1, + "ram": 512, + "hdd": 2, + "os": "Debian", + "version": "12" + } + } + ], + "default_credentials": { + "username": "authelia", + "password": "authelia" + }, + "notes": [] + } \ No newline at end of file diff --git a/misc/build.func b/misc/build.func index 5e03a623..2a4e7a9f 100644 --- a/misc/build.func +++ b/misc/build.func @@ -13,7 +13,9 @@ variables() { METHOD="default" # sets the METHOD variable to "default", used for the API call. RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)" # generates a random UUID and sets it to the RANDOM_UUID variable. } -source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/api.func) +#source <(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/api.func) +source <(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/api.func) + # This function sets various color variables using ANSI escape codes for formatting text in the terminal. color() { @@ -1020,9 +1022,11 @@ build_container() { TEMP_DIR=$(mktemp -d) pushd $TEMP_DIR >/dev/null if [ "$var_os" == "alpine" ]; then - export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func)" + #export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/alpine-install.func)" + export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/alpine-install.func)" else - export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)" + #export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/install.func)" + export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/misc/install.func)" fi export RANDOM_UUID="$RANDOM_UUID" export CACHER="$APT_CACHER" @@ -1054,7 +1058,7 @@ build_container() { $PW " # This executes create_lxc.sh and creates the container and .conf file - bash -c "$(wget -qLO - https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/create_lxc.sh)" || exit + bash -c "$(wget -qLO - https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/ct/create_lxc.sh)" || exit LXC_CONFIG=/etc/pve/lxc/${CTID}.conf if [ "$CT_TYPE" == "0" ]; then @@ -1116,7 +1120,7 @@ http://dl-cdn.alpinelinux.org/alpine/latest-stable/community EOF' pct exec "$CTID" -- ash -c "apk add bash >/dev/null" fi - lxc-attach -n "$CTID" -- bash -c "$(wget -qLO - https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/$var_install.sh)" || exit + lxc-attach -n "$CTID" -- bash -c "$(wget -qLO - https://raw.githubusercontent.com/thost96/ProxmoxVE-scripts/authelia/install/$var_install.sh)" || exit } @@ -1129,7 +1133,7 @@ description() { cat < - Logo + Logo

${APP} LXC

diff --git a/misc/install.func b/misc/install.func index b0234479..4a99876a 100644 --- a/misc/install.func +++ b/misc/install.func @@ -248,7 +248,8 @@ EOF systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//') msg_ok "Customized Container" fi - echo "bash -c \"\$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/${app}.sh)\"" >/usr/bin/update + #echo "bash -c \"\$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/${app}.sh)\"" >/usr/bin/update + echo "bash -c \"\$(wget -qLO - https://github.com/thost96/ProxmoxVE-scripts/raw/authelia/ct/${app}.sh)\"" >/usr/bin/update chmod +x /usr/bin/update if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then