diff --git a/ct/authentik.sh b/ct/authentik.sh index 64077a0c..b040272f 100644 --- a/ct/authentik.sh +++ b/ct/authentik.sh @@ -112,6 +112,25 @@ function update_script() { start build_container + +msg_info "Attaching data storage volume" +pct stop "$CTID" +pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1 +pct start "$CTID" +for i in {1..10}; do + pct status "$CTID" | grep -q "status: running" && break + sleep 1 +done +pct exec "$CTID" -- bash -c "mkdir -p /opt/authentik-data/{certs,media,geoip,templates}; \ + cp /opt/authentik/tests/GeoLite2-ASN-Test.mmdb /opt/authentik-data/geoip/GeoLite2-ASN.mmdb; \ + cp /opt/authentik/tests/GeoLite2-City-Test.mmdb /opt/authentik-data/geoip/GeoLite2-City.mmdb; \ + chown -R authentik:authentik /opt/authentik-data" +msg_ok "Attached data storage volume" + +msg_info "Starting Services" +pct exec "$CTID" -- systemctl enable -q --now authentik-server.service authentik-worker.service +msg_ok "Started Services" + description msg_ok "Completed successfully!\n" diff --git a/install/authentik-install.sh b/install/authentik-install.sh index 53961d23..25769a42 100644 --- a/install/authentik-install.sh +++ b/install/authentik-install.sh @@ -84,7 +84,7 @@ msg_ok "Go proxy installed" fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary" -cat </usr/local/etc/GeoIP.conf +cat </usr/local/etc/GeoIP.conf AccountID ChangeME LicenseKey ChangeME EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country @@ -93,7 +93,7 @@ RetryFor 5m Parallelism 1 EOF -cat </tmp/crontab +cat </tmp/crontab #39 19 * * 6,4 /usr/bin/geoipupdate -f /usr/local/etc/GeoIP.conf EOF crontab /tmp/crontab @@ -115,7 +115,6 @@ export UV_PYTHON_INSTALL_DIR="/usr/local/bin" $STD uv sync --frozen --no-install-project --no-dev msg_ok "Installed python server" -mkdir -p /opt/authentik-data/{certs,media,geoip,templates} cp /opt/authentik/authentik/sources/kerberos/krb5.conf /etc/krb5.conf PG_VERSION="16" setup_postgresql @@ -135,11 +134,9 @@ yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.ym yq -i ".cert_discovery_dir = \"/opt/authentik-data/certs\"" /etc/authentik/config.yml yq -i ".email.template_dir = \"/opt/authentik-data/templates\"" /etc/authentik/config.yml yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml -cp /opt/authentik/tests/GeoLite2-ASN-Test.mmdb /opt/authentik-data/geoip/GeoLite2-ASN.mmdb -cp /opt/authentik/tests/GeoLite2-City-Test.mmdb /opt/authentik-data/geoip/GeoLite2-City.mmdb $STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik -chown -R authentik:authentik /opt/authentik /opt/authentik-data -cat </etc/default/authentik +chown -R authentik:authentik /opt/authentik +cat </etc/default/authentik TMPDIR=/dev/shm/ UV_LINK_MODE=copy UV_PYTHON_DOWNLOADS=0 @@ -154,7 +151,7 @@ EOF msg_ok "authentik config created" msg_info "Creating services" -cat </etc/systemd/system/authentik-server.service +cat </etc/systemd/system/authentik-server.service [Unit] Description=authentik Go Server (API Gateway) After=network.target @@ -174,7 +171,7 @@ EnvironmentFile=/etc/default/authentik WantedBy=multi-user.target EOF -cat </etc/systemd/system/authentik-worker.service +cat </etc/systemd/system/authentik-worker.service [Unit] Description=authentik Worker After=network.target postgresql.service @@ -193,7 +190,6 @@ RestartSec=5 WantedBy=multi-user.target EOF -systemctl enable -q --now authentik-server.service authentik-worker.service msg_ok "Services created" motd_ssh diff --git a/json/authentik.json b/json/authentik.json index dce71538..a5462f43 100644 --- a/json/authentik.json +++ b/json/authentik.json @@ -21,7 +21,7 @@ "resources": { "cpu": 4, "ram": 4096, - "hdd": 10, + "hdd": 11, "os": "Debian", "version": "13" } @@ -32,6 +32,10 @@ "password": null }, "notes": [ + { + "text": "A 1 GB secondary volume is automatically created and attached to the container at /opt/authentik-data. This is required for Authentik's internal file manager to work.", + "type": "info" + }, { "text": "You will get a Not Found error if initial setup URL doesn't include the trailing forward slash /. Make sure you use the complete url (http://:9000/if/flow/initial-setup/) including the trailing forward slash.", "type": "info"