diff --git a/ct/authentik.sh b/ct/authentik.sh index 236e2b43..0d049c47 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -35,7 +35,7 @@ function update_script() { setup_rust AUTHENTIK_VERSION="version/2026.2.2" - XMLSEC_VERSION="1.3.9" + XMLSEC_VERSION="1.3.11" if check_for_gh_release "geoipupdate" "maxmind/geoipupdate"; then fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary" @@ -122,7 +122,13 @@ build_container msg_info "Attaching data storage volume" $STD pct stop "$CTID" -$STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1 +if [ "${PROTECT_CT:-}" == "1" ] || [ "${PROTECT_CT:-}" == "yes" ]; then + $STD pct set "$CTID" --protection 0 + $STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1 + $STD pct set "$CTID" --protection 1 +else + $STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1 +fi $STD pct start "$CTID" for i in {1..10}; do pct status "$CTID" | grep -q "status: running" && break diff --git a/ct/headers/protonmail-bridge b/ct/headers/protonmail-bridge deleted file mode 100644 index ff694915..00000000 --- a/ct/headers/protonmail-bridge +++ /dev/null @@ -1,6 +0,0 @@ - ____ __ __ ___ _ __ ____ _ __ - / __ \_________ / /_____ ____ / |/ /___ _(_) / / __ )_____(_)___/ /___ ____ - / /_/ / ___/ __ \/ __/ __ \/ __ \/ /|_/ / __ `/ / /_____/ __ / ___/ / __ / __ `/ _ \ - / ____/ / / /_/ / /_/ /_/ / / / / / / / /_/ / / /_____/ /_/ / / / / /_/ / /_/ / __/ -/_/ /_/ \____/\__/\____/_/ /_/_/ /_/\__,_/_/_/ /_____/_/ /_/\__,_/\__, /\___/ - /____/ diff --git a/ct/protonmail-bridge.sh b/ct/protonmail-bridge.sh deleted file mode 100644 index 3bcf518c..00000000 --- a/ct/protonmail-bridge.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash -source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) -# Copyright (c) 2021-2026 community-scripts ORG -# Author: Stephen Chin (steveonjava) -# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE -# Source: https://github.com/ProtonMail/proton-bridge - -APP="ProtonMail-Bridge" -var_tags="${var_tags:-mail;proton}" -var_cpu="${var_cpu:-2}" -var_ram="${var_ram:-1024}" -var_disk="${var_disk:-8}" -var_os="${var_os:-debian}" -var_version="${var_version:-13}" -var_unprivileged="${var_unprivileged:-1}" - -header_info "$APP" -variables -color -catch_errors - -function update_script() { - header_info - check_container_storage - check_container_resources - - if [[ ! -x /usr/bin/protonmail-bridge ]]; then - msg_error "No ${APP} Installation Found!" - exit 1 - fi - - if check_for_gh_release "protonmail-bridge" "ProtonMail/proton-bridge"; then - local -a bridge_units=( - protonmail-bridge - protonmail-bridge-imap.socket - protonmail-bridge-smtp.socket - protonmail-bridge-imap-proxy - protonmail-bridge-smtp-proxy - ) - local unit - declare -A was_active - for unit in "${bridge_units[@]}"; do - if systemctl is-active --quiet "$unit" 2>/dev/null; then - was_active["$unit"]=1 - else - was_active["$unit"]=0 - fi - done - - msg_info "Stopping Services" - systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge - msg_ok "Stopped Services" - - fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary" - - if [[ -f /home/protonbridge/.protonmailbridge-initialized ]]; then - msg_info "Starting Services" - for unit in "${bridge_units[@]}"; do - if [[ "${was_active[$unit]:-0}" == "1" ]]; then - systemctl start "$unit" - fi - done - msg_ok "Started Services" - else - msg_ok "Initialization not completed. Services remain disabled." - fi - msg_ok "Updated successfully!" - fi - exit -} - -start -build_container -description - -msg_ok "Completed successfully!\n" -echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" -echo -e "${INFO}${YW}One-time configuration is required before Bridge services are enabled.${CL}" -echo -e "${INFO}${YW}Run this command in the container: protonmailbridge-configure${CL}" diff --git a/install/authentik-install.sh b/install/authentik-install.sh index cfc5c029..3147a7b5 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -55,7 +55,7 @@ setup_rust PG_VERSION="17" setup_postgresql PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db -XMLSEC_VERSION="1.3.9" +XMLSEC_VERSION="1.3.11" AUTHENTIK_VERSION="version/2026.2.2" fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec" fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik" @@ -122,6 +122,7 @@ yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.ym yq -i ".cert_discovery_dir = \"/opt/authentik-data/certs\"" /etc/authentik/config.yml yq -i ".email.template_dir = \"/opt/authentik-data/templates\"" /etc/authentik/config.yml yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml +yq -i ".disable_startup_analytics = \"true\"" /etc/authentik/config.yml $STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik chown -R authentik:authentik /opt/authentik cat </etc/default/authentik diff --git a/install/protonmail-bridge-install.sh b/install/protonmail-bridge-install.sh deleted file mode 100644 index baba5dfe..00000000 --- a/install/protonmail-bridge-install.sh +++ /dev/null @@ -1,192 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (c) 2021-2026 community-scripts ORG -# Author: Stephen Chin (steveonjava) -# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE -# Source: https://github.com/ProtonMail/proton-bridge - -source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" -color -verb_ip6 -catch_errors -setting_up_container -network_check -update_os - -msg_info "Installing Dependencies" -$STD apt install -y pass -msg_ok "Installed Dependencies" - -msg_info "Creating Service User" -useradd -r -m -d /home/protonbridge -s /usr/sbin/nologin protonbridge -install -d -m 0750 -o protonbridge -g protonbridge /home/protonbridge -msg_ok "Created Service User" - -fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary" - -msg_info "Creating Services" -cat </etc/systemd/system/protonmail-bridge.service -[Unit] -Description=Proton Mail Bridge (noninteractive) -After=network-online.target -Wants=network-online.target -ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized - -[Service] -Type=simple -User=protonbridge -Group=protonbridge -WorkingDirectory=/home/protonbridge -Environment=HOME=/home/protonbridge -ExecStart=/usr/bin/protonmail-bridge --noninteractive -Restart=always -RestartSec=3 -NoNewPrivileges=yes -PrivateTmp=yes -ProtectSystem=full -ProtectKernelTunables=yes -ProtectKernelModules=yes -ProtectControlGroups=yes - -[Install] -WantedBy=multi-user.target -EOF -cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap.socket -[Unit] -Description=Proton Mail Bridge IMAP Socket (143) -ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized - -[Socket] -ListenStream=143 -Accept=no -Service=protonmail-bridge-imap-proxy.service - -[Install] -WantedBy=sockets.target -EOF -cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap-proxy.service -[Unit] -Description=Proton Mail Bridge IMAP Proxy (143 -> 127.0.0.1:1143) -After=protonmail-bridge.service -Requires=protonmail-bridge.service -ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized - -[Service] -Type=simple -Sockets=protonmail-bridge-imap.socket -ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1143 -NoNewPrivileges=yes -PrivateTmp=yes -EOF -cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp.socket -[Unit] -Description=Proton Mail Bridge SMTP Socket (587) -ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized - -[Socket] -ListenStream=587 -Accept=no -Service=protonmail-bridge-smtp-proxy.service - -[Install] -WantedBy=sockets.target -EOF -cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp-proxy.service -[Unit] -Description=Proton Mail Bridge SMTP Proxy (587 -> 127.0.0.1:1025) -After=protonmail-bridge.service -Requires=protonmail-bridge.service -ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized - -[Service] -Type=simple -Sockets=protonmail-bridge-smtp.socket -ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1025 -NoNewPrivileges=yes -PrivateTmp=yes -EOF -msg_ok "Created Services" - -msg_info "Creating Helper Commands" - -cat <<'EOF' >/usr/local/bin/protonmailbridge-configure -#!/usr/bin/env bash -set -euo pipefail - -BRIDGE_USER="protonbridge" -BRIDGE_HOME="/home/${BRIDGE_USER}" -GNUPG_HOME="${BRIDGE_HOME}/.gnupg" -MARKER="${BRIDGE_HOME}/.protonmailbridge-initialized" - -FIRST_TIME=0 -if [[ ! -f "${MARKER}" ]]; then - FIRST_TIME=1 -fi - -# Stop sockets/proxies/bridge daemon before configuration -systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket -systemctl stop protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge - -if [[ "${FIRST_TIME}" == "1" ]]; then - echo "First-time setup: initializing pass keychain for ${BRIDGE_USER} (required by Proton Mail Bridge on Linux)." - - install -d -m 0700 -o "${BRIDGE_USER}" -g "${BRIDGE_USER}" "${GNUPG_HOME}" - - FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ - gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')" - - if [[ -z "${FPR}" ]]; then - runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ - gpg --batch --pinentry-mode loopback --passphrase '' \ - --quick-gen-key 'ProtonMail Bridge' default default never - - FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ - gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')" - fi - - if [[ -z "${FPR}" ]]; then - echo "Failed to detect a GPG key fingerprint for ${BRIDGE_USER}." >&2 - exit 1 - fi - - runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \ - pass init "${FPR}" - - echo - echo "To do initial configuration of the Proton Mail Bridge:" - echo "Run: login" - echo "Run: info" - echo "Run: exit" - echo -else - echo - echo "Launching Proton Mail Bridge CLI for configuration." - echo "External access is disabled until you exit." - echo "Run: exit" - echo -fi - -runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" \ - protonmail-bridge -c - -if [[ "${FIRST_TIME}" == "1" ]]; then - touch "${MARKER}" - chown "${BRIDGE_USER}:${BRIDGE_USER}" "${MARKER}" - chmod 0644 "${MARKER}" -fi - -systemctl enable -q --now protonmail-bridge.service protonmail-bridge-imap.socket protonmail-bridge-smtp.socket - -if [[ "${FIRST_TIME}" == "1" ]]; then - echo "Initialization complete. Services enabled and started." -else - echo "Configuration complete. Services enabled and started." -fi -EOF -chmod +x /usr/local/bin/protonmailbridge-configure -ln -sf /usr/local/bin/protonmailbridge-configure /usr/bin/protonmailbridge-configure -msg_ok "Created Helper Commands" - -motd_ssh -customize -cleanup_lxc diff --git a/json/protonmail-bridge.json b/json/protonmail-bridge.json deleted file mode 100644 index e24637ad..00000000 --- a/json/protonmail-bridge.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "Proton Mail Bridge", - "slug": "protonmail-bridge", - "categories": [ - 18 - ], - "date_created": "2026-02-22", - "type": "ct", - "updateable": true, - "privileged": false, - "interface_port": null, - "documentation": "https://proton.me/support/bridge-cli-guide", - "website": "https://proton.me/mail/bridge", - "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/proton-mail.webp", - "description": "Proton Mail Bridge runs a local IMAP/SMTP service that lets traditional mail clients access a Proton mailbox. This LXC runs Bridge headless and forwards IMAP/SMTP to the LAN using systemd socket activation (systemd-socket-proxyd).", - "install_methods": [ - { - "type": "default", - "script": "ct/protonmail-bridge.sh", - "config_path": "", - "resources": { - "cpu": 2, - "ram": 1024, - "hdd": 8, - "os": "debian", - "version": "13" - } - } - ], - "default_credentials": { - "username": null, - "password": null - }, - "notes": [ - { - "text": "After install, run protonmailbridge-configure inside the container for first-time setup.", - "type": "info" - }, - { - "text": "LAN forwarding (container IP): IMAP 143 -> 127.0.0.1:1143, SMTP 587 -> 127.0.0.1:1025.", - "type": "info" - }, - { - "text": "You can later use protonmailbridge-configure to temporarily stop the service and enter the Bridge CLI.", - "type": "info" - } - ] -}