community-scripts · MickLesk · Feb 10, 2025 · Feb 7, 2025 · Feb 7, 2025 · Feb 7, 2025
@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 tteck
+# Author: dave-yap (dave-yap)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://zitadel.com/
+
+# App Default Values
+APP="Zitadel"
+var_tags="identity-provider"
+var_cpu="1"
+var_ram="1024"
+var_disk="8"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+# App Output & Base Settings
+header_info "$APP"
+base_settings
+
+# Core
+variables
+color
+catch_errors
+
+function update_script() {
+    header_info
+    check_container_storage
+    check_container_resources
+    if [[ ! -f /etc/systemd/system/zitadel.service ]]; then
+        msg_error "No ${APP} Installation Found!"
+        exit
+    fi
+    RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') &>/dev/null
+    ARCH=$(uname -m)
+    case $ARCH in
+        armv5*) ARCH="armv5";;
+        armv6*) ARCH="armv6";;
+        armv7*) ARCH="arm";;
+        aarch64) ARCH="arm64";;
+        x86) ARCH="386";;
+        x86_64) ARCH="amd64";;
+        i686) ARCH="386";;
+        i386) ARCH="386";;
+    esac
+    if [[ "${RELEASE}" != "$(cat /opt/zitadel_version.txt | grep -oP '\d+\.\d+\.\d+')" ]] || [[ ! -f /opt/zitadel_version.txt ]]; then
+        msg_info "Updating ${APP} (Patience)"
+        wget -qc https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-linux-$ARCH.tar.gz -O - | tar -xz &>/dev/null
+        systemctl stop zitadel.service
+        sudo mv zitadel-linux-$ARCH/zitadel /usr/local/bin
+        rm -rf zitadel-linux-$ARCH
+        zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml --init-projections=true &>/dev/null
+        systemctl start zitadel.service
+        echo "v${RELEASE}" > /opt/zitadel_version.txt
+        msg_ok "Updated ${APP} to v${RELEASE}"
+    else
+        msg_ok "No update required. ${APP} is already at v${RELEASE}"
+    fi
+    exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}"
@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: dave-yap
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y \
+    curl \
+    ca-certificates \
+    wget \
+    sed \
+    sudo
+msg_ok "Installed Dependecies"
+
+msg_info "Installing Postgresql"
+$STD apt-get install -y postgresql postgresql-common
+sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh <<< return &>/dev/null
+DB_NAME="zitadel"
+DB_USER="zitadel"
+DB_PASS="zitadel"
+DB_ADMIN_USER="root"
+DB_ADMIN_PASS="postgres"
+{
+    echo "Application Credentials"
+    echo "DB_NAME: $DB_NAME"
+    echo "DB_USER: $DB_USER"
+    echo "DB_PASS: $DB_PASS"
+    echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+    echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+} >> ~/zitadel.creds
+systemctl enable -q --now postgresql
+sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" &>/dev/null
+sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;" &>/dev/null
+sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;" &>/dev/null
+systemctl restart -q postgresql
+msg_ok "Installed PostgreSQL"
+
+msg_info "Installing Zitadel"
+RELEASE=$(curl -si https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r') &>/dev/null
+ARCH=$(uname -m)
+case $ARCH in
+    armv5*) ARCH="armv5";;
+    armv6*) ARCH="armv6";;
+    armv7*) ARCH="arm";;
+    aarch64) ARCH="arm64";;
+    x86) ARCH="386";;
+    x86_64) ARCH="amd64";;
+    i686) ARCH="386";;
+    i386) ARCH="386";;
+esac
+wget -q -c https://github.com/zitadel/zitadel/releases/download/$RELEASE/zitadel-linux-$ARCH.tar.gz -O - | tar -xz &>/dev/null
+mv zitadel-linux-$ARCH/zitadel /usr/local/bin
+echo -e "$(zitadel -v | grep -oP '\d+\.\d+\.\d+')" > /opt/zitadel_version.txt 
+msg_ok "Installed Zitadel"
+
+msg_info "Setting up Zitadel Environments"
+mkdir -p /opt/zitadel
+echo "/opt/zitadel/config.yaml" > "/opt/zitadel/.config"
+head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') > "/opt/zitadel/.masterkey"
+{
+    echo "Config location: $(cat "/opt/zitadel/.config")"
+    echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
+} >> ~/zitadel.creds
+cat <<EOF >/opt/zitadel/config.yaml
+Port: 8080
+ExternalPort: 8080
+ExternalDomain: localhost
+ExternalSecure: false
+TLS:
+  Enabled: false
+  KeyPath: ""
+  Key: ""
+  CertPath: ""
+  Cert: ""
+
+Database:
+  postgres:
+    Host: localhost
+    Port: 5432
+    Database: zitadel
+    User:
+      Username: zitadel
+      Password: zitadel
+      SSL:
+        Mode: disable
+        RootCert: ""
+        Cert: ""
+        Key: ""
+    Admin:
+      Username: root
+      Password: postgres
+      SSL:
+        Mode: disable
+        RootCert: ""
+        Cert: ""
+        Key: ""
+EOF
+msg_ok "Installed Zitadel Enviroments"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/zitadel.service
+[Unit]
+Description=ZITADEL Identiy Server
+After=network.target postgresql.service
+Wants=postgresql.service
+
+[Service]
+Type=simple
+User=zitadel
+Group=zitadel
+ExecStart=/usr/local/bin/zitadel start --masterkeyFile "/opt/zitadel/.masterkey" --config "/opt/zitadel/config.yaml"
+Restart=always
+RestartSec=5
+TimeoutStartSec=0
+
+# Security Hardening options
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q zitadel.service
+msg_ok "Created Services"
+
+msg_info "Zitadel initial setup"
+zitadel start-from-init --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null &
+sleep 60
+kill $(lsof -i | awk '/zitadel/ {print $2}' | head -n1)
+useradd zitadel
+zitadel -v > /opt/zitadel_version.txt
+msg_ok "Zitadel initialized"
+
+msg_info "Set ExternalDomain to current IP and restart Zitadel"
+IP=$(ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1)
+sed -i "0,/localhost/s/localhost/${IP}/" /opt/zitadel/config.yaml
+systemctl stop -q zitadel.service
+zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml &>/dev/null 
+systemctl restart -q zitadel.service
+msg_ok "Zitadel restarted with ExternalDomain set to current IP"
+
+msg_info "Create zitadel-rerun.sh"
+cat <<EOF >~/zitadel-rerun.sh
+systemctl stop zitadel.service
+timeout --kill-after=5s 15s zitadel setup --masterkeyFile /opt/zitadel/.masterkey --config /opt/zitadel/config.yaml
+systemctl restart zitadel.service
+EOF
+msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+rm -rf zitadel-linux-$ARCH
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"
@@ -0,0 +1,43 @@
+{
+    "name": "Zitadel",
+    "slug": "Zitadel",
+    "categories": [
+        0
+    ],
+    "date_created": "2025-02-07",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 8080,
+    "documentation": "https://zitadel.com/docs/guides/overview",
+    "website": "https://zitadel.com",
+    "logo": "https://zitadel.com/zitadel-logo-dark.svg",
+    "description": "Zitadel is an open-source identity and access management (IAM) solution designed to provide secure authentication, authorization, and user management for modern applications and services. Built with a focus on flexibility, scalability, and security, Zitadel offers a comprehensive set of features for developers and organizations looking to implement robust identity management.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/zitadel.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 2048,
+                "hdd": 12,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": "zitadel-admin@zitadel.localhost",
+        "password": "Password1!"
+    },
+    "notes": [
+        {
+            "text": "Application credentials: `cat ~/zitadel.creds`",
+            "type": "info"
+        },
+        {
+            "text": "Change the ExternalDomain value in `/opt/zitadel/config.yaml` to your domain/hostname/IP and run `bash zitadel-rerun.sh`",
+            "type": "info"
+        }
+    ]
+}