From 5a7c0025ef0dcc9deefe8450fc2a957730e7908f Mon Sep 17 00:00:00 2001
From: Thieneret <kalmimre@gmail.com>
Date: Sat, 2 May 2026 09:19:18 +0200
Subject: [PATCH] add outposts

---
 ct/authentik.sh              | 21 ++++++++++
 install/authentik-install.sh | 77 +++++++++++++++++++++++++++++++++++-
 2 files changed, 97 insertions(+), 1 deletion(-)

diff --git a/ct/authentik.sh b/ct/authentik.sh
index e302ea78..236e2b43 100644
--- a/ct/authentik.sh
+++ b/ct/authentik.sh
@@ -57,6 +57,15 @@ function update_script() {
   if check_for_gh_release "authentik" "goauthentik/authentik" "${AUTHENTIK_VERSION}"; then
     msg_info "Stopping Services"
     systemctl stop authentik-server authentik-worker
+	if [[ $(systemctl is-active authentik-ldap) == active ]]; then
+		systemctl stop authentik-ldap
+	fi
+	if [[ $(systemctl is-active authentik-rac) == active ]]; then
+		systemctl stop authentik-rac
+	fi
+	if [[ $(systemctl is-active authentik-radius) == active ]]; then
+		systemctl stop authentik-radius
+	fi
     msg_ok "Stopped Services"
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
@@ -74,6 +83,9 @@ function update_script() {
     export CGO_ENABLED="1"
     $STD go mod download
     $STD go build -o /opt/authentik/authentik-server ./cmd/server
+	$STD go build -o /opt/authentik/ldap ./cmd/ldap
+	$STD go build -o /opt/authentik/rac ./cmd/rac
+	$STD go build -o /opt/authentik/radius ./cmd/radius
     msg_ok "Updated go proxy"
 
     msg_info "Updating python server"
@@ -91,6 +103,15 @@ function update_script() {
 
   msg_info "Starting Services"
   systemctl start authentik-server authentik-worker
+  if [[ $(systemctl is-enabled authentik-ldap) == enabled ]]; then
+  	systemctl start authentik-ldap
+  fi
+  if [[ $(systemctl is-enabled authentik-rac) == enabled ]]; then
+  	systemctl start authentik-rac
+  fi
+  if [[ $(systemctl is-enabled authentik-radius) == enabled ]]; then
+  	systemctl start authentik-radius
+  fi
   msg_ok "Started Services"
   msg_ok "Updated successfully!"
   exit
diff --git a/install/authentik-install.sh b/install/authentik-install.sh
index f7c32649..cfc5c029 100644
--- a/install/authentik-install.sh
+++ b/install/authentik-install.sh
@@ -83,6 +83,9 @@ cd /opt/authentik
 export CGO_ENABLED="1"
 $STD go mod download
 $STD go build -o /opt/authentik/authentik-server ./cmd/server
+$STD go build -o /opt/authentik/ldap ./cmd/ldap
+$STD go build -o /opt/authentik/rac ./cmd/rac
+$STD go build -o /opt/authentik/radius ./cmd/radius
 msg_ok "Go proxy installed"
 
 cat <<EOF >/usr/local/etc/GeoIP.conf
@@ -133,6 +136,21 @@ PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local
 DJANGO_SETTINGS_MODULE=authentik.root.settings
 PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
 EOF
+cat <<EOF >/etc/default/authentik_ldap
+AUTHENTIK_HOST="https://127.0.0.1:9443"
+AUTHENTIK_INSECURE="true"
+AUTHENTIK_TOKEN="token-generated-by-authentik"
+EOF
+cat <<EOF >/etc/default/authentik_rac
+AUTHENTIK_HOST="https://127.0.0.1:9443"
+AUTHENTIK_INSECURE="true"
+AUTHENTIK_TOKEN="token-generated-by-authentik"
+EOF
+cat <<EOF >/etc/default/authentik_radius
+AUTHENTIK_HOST="https://127.0.0.1:9443"
+AUTHENTIK_INSECURE="true"
+AUTHENTIK_TOKEN="token-generated-by-authentik"
+EOF
 msg_ok "authentik config created"
 
 msg_info "Creating services"
@@ -174,7 +192,64 @@ RestartSec=5
 [Install]
 WantedBy=multi-user.target
 EOF
-systemctl enable -q authentik-server authentik-worker
+
+cat <<EOF >/etc/systemd/system/authentik-ldap.service
+[Unit]
+Description=authentik LDAP Outpost
+After=network.target
+Wants=postgresql.service
+
+[Service]
+User=authentik
+Group=authentik
+ExecStart=/opt/authentik/ldap
+WorkingDirectory=/opt/authentik/
+Restart=always
+RestartSec=5
+EnvironmentFile=/etc/default/authentik_ldap
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF >/etc/systemd/system/authentik-rac.service
+[Unit]
+Description=authentik RAC Outpost
+After=network.target
+Wants=postgresql.service
+
+[Service]
+User=authentik
+Group=authentik
+ExecStart=/opt/authentik/rac
+WorkingDirectory=/opt/authentik/
+Restart=always
+RestartSec=5
+EnvironmentFile=/etc/default/authentik_rac
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF >/etc/systemd/system/authentik-radius.service
+[Unit]
+Description=authentik Radius Outpost
+After=network.target
+Wants=postgresql.service
+
+[Service]
+User=authentik
+Group=authentik
+ExecStart=/opt/authentik/radius
+WorkingDirectory=/opt/authentik/
+Restart=always
+RestartSec=5
+EnvironmentFile=/etc/default/authentik_radius
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
 msg_ok "Services created"
 
 motd_ssh