From 58bbbf5992e2b708f721db6b5a8eb2b59085553a Mon Sep 17 00:00:00 2001
From: Chris P <42878642+Griffen8280@users.noreply.github.com>
Date: Tue, 30 Aug 2022 13:48:32 -0400
Subject: [PATCH] Add Authentik to the Template (#378)

---
 docs/AppList.md                  |  7 +--
 stack/authentik.yml              | 87 ++++++++++++++++++++++++++++++++
 template/apps/authentik.json     | 61 ++++++++++++++++++++++
 template/portainer-v2-amd64.json | 57 +++++++++++++++++++++
 template/portainer-v2-arm64.json | 57 +++++++++++++++++++++
 tools/install_authentik.sh       | 23 +++++++++
 6 files changed, 289 insertions(+), 3 deletions(-)
 create mode 100644 stack/authentik.yml
 create mode 100644 template/apps/authentik.json
 create mode 100644 tools/install_authentik.sh

diff --git a/docs/AppList.md b/docs/AppList.md
index 14a3eff..b37cebb 100644
--- a/docs/AppList.md
+++ b/docs/AppList.md
@@ -3,9 +3,9 @@
 List of all apps included in this project with info related to it.
 
 - **Arm32:** 166 apps
-- **Arm64:** 177 apps
-- **Amd64:** 175 apps
-- **Total:** 177 apps
+- **Arm64:** 178 apps
+- **Amd64:** 176 apps
+- **Total:** 178 apps
 
 ---
 
@@ -19,6 +19,7 @@ List of all apps included in this project with info related to it.
 |[Archivebox](https://archivebox.io/)|Arm32<br>Arm64<br>Amd64|Container| [![](../build/images/blue_doc_icon.png)](https://github.com/ArchiveBox/ArchiveBox/wiki/Docker) |  |  |  |  |
 |[AriaNG](https://github.com/hurlenko/aria2-ariang-docker)|Arm32<br>Arm64<br>Amd64|Container| [![](../build/images/blue_doc_icon.png)](https://github.com/hurlenko/aria2-ariang-docker) |  |  |  |  |
 |[Authelia](https://www.authelia.com/)|Arm32<br>Arm64<br>Amd64|Container| [![](../build/images/blue_doc_icon.png)](https://www.authelia.com/docs/configuration/) |  |  |  |  |
+|[Authentik](https://goauthentik.io/)|Arm64<br>Amd64|Stack| [![](../build/images/blue_doc_icon.png)](https://goauthentik.io/docs/) |  | [![](../build/images/script_icon.png)](../tools/install_authentik.sh) |  |  |
 |[Bazarr](https://www.bazarr.media/)|Arm32<br>Arm64<br>Amd64|Container| [![](../build/images/blue_doc_icon.png)](https://wiki.bazarr.media/Getting-Started/Installation/Docker/docker/) |  |  |  |  |
 |[Beets](https://beets.io/)|Arm32<br>Arm64<br>Amd64|Container| [![](../build/images/blue_doc_icon.png)](https://docs.linuxserver.io/images/docker-beets) |  |  |  |  |
 |[Booksonic](https://booksonic.org/)|Arm32<br>Arm64<br>Amd64|Container| [![](../build/images/blue_doc_icon.png)](https://docs.linuxserver.io/images/docker-booksonic-air) |  |  |  |  |
diff --git a/stack/authentik.yml b/stack/authentik.yml
new file mode 100644
index 0000000..865405d
--- /dev/null
+++ b/stack/authentik.yml
@@ -0,0 +1,87 @@
+version: '3.4'
+
+services:
+  postgresql:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - /portainer/Files/AppData/Config/authentik/postgre:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_DB=${POSTGRES_DB}
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - /portainer/Files/AppData/Config/authentik/redis:/data
+  server:
+    image: ghcr.io/goauthentik/server:2022.8.2
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER}
+      AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+      AUTHENTIK_AUTHENTIK__GEOIP: /geoip/GeoLite2-City.mmdb
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+      # WORKERS: 2
+    volumes:
+      - /portainer/Files/AppData/Config/authentik/media:/media
+      - /portainer/Files/AppData/Config/authentik/custom-templates:/templates
+      - /portainer/Files/AppData/Config/authentik/geoip:/geoip
+    ports:
+      - "9191:9000"
+      - "7443:9443"
+  worker:
+    image: ghcr.io/goauthentik/server:2022.8.2
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER}
+      AUTHENTIK_POSTGRESQL__NAME: ${POSTGRES_DB}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+      AUTHENTIK_AUTHENTIK__GEOIP: /geoip/GeoLite2-City.mmdb
+      #AUTHENTIK_ERROR_REPORTING__ENABLED: "true" #Optional
+      #AUTHENTIK_EMAIL__HOST: localhost #Optional
+      #AUTHENTIK_EMAIL__PORT: 25 #Optional
+      #AUTHENTIK_EMAIL__USERNAME: #Optional
+      #AUTHENTIK_EMAIL__PASSWORD: #Optional
+      #AUTHENTIK_EMAIL__USE_TLS: false #Optional
+      #AUTHENTIK_EMAIL__USE_SSL: false #Optional
+      #AUTHENTIK_EMAIL__TIMEOUT: 10 #Optional
+      #AUTHENTIK_EMAIL__FROM: authentik@localhost #Optional
+    user: root
+    volumes:
+      - /portainer/Files/AppData/Config/authentik/media:/media
+      - /portainer/Files/AppData/Config/authentik/certs:/certs
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /portainer/Files/AppData/Config/authentik/custom-templates:/templates
+      - /portainer/Files/AppData/Config/authentik/geoip:/geoip
+  geoipupdate:
+    image: "maxmindinc/geoipupdate:latest"
+    volumes:
+      - /portainer/Files/AppData/Config/authentik/geoip:/usr/share/GeoIP
+    environment:
+      GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS}
+      GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID}
+      GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY}
+      GEOIPUPDATE_FREQUENCY: "8" #Optional
diff --git a/template/apps/authentik.json b/template/apps/authentik.json
new file mode 100644
index 0000000..beb6d31
--- /dev/null
+++ b/template/apps/authentik.json
@@ -0,0 +1,61 @@
+{
+	"categories": [
+		"Authentication",
+		"Cloud",
+		"Management",
+		"Security"
+	],
+	"description": "Authentik is an open-source Identity Provider focused on flexibility and versatility.  This will start the stack with basic options, to customize further ie. adding email settings then use the editor under the deployed stack and 'Update the stack'",
+	"env": [
+		{
+			"default": "authentik",
+			"label": "POSTGRES_USER",
+			"name": "POSTGRES_USER"
+		},
+		{
+			"default": "authentik",
+			"label": "POSTGRES_DB",
+			"name": "POSTGRES_DB"
+		},
+		{
+			"default": "YOUR_POSTGRE_PASSWORD",
+			"label": "POSTGRES_PASSWORD",
+			"name": "POSTGRES_PASSWORD"
+		},
+		{
+			"default": "YOUR_AUTHENTIK_SECRET_KEY",
+			"label": "AUTHENTIK_SECRET_KEY",
+			"name": "AUTHENTIK_SECRET_KEY"
+		},
+		{
+			"default": "GeoLite2-City",
+			"label": "GEOIPUPDATE_EDITION_IDS",
+			"name": "GEOIPUPDATE_EDITION_IDS"
+		},
+		{
+			"default": "Your GEOIP ID",
+			"label": "GEOIPUPDATE_ACCOUNT_ID",
+			"name": "GEOIPUPDATE_ACCOUNT_ID"
+		},
+		{
+			"default": "Your GEOIP License Key",
+			"label": "GEOIPUPDATE_LICENSE_KEY",
+			"name": "GEOIPUPDATE_LICENSE_KEY"
+		}
+	],
+	"logo": "https://d33wubrfki0l68.cloudfront.net/3986a9ebfee622cb3fed7c0b7d3661e431dcff5c/8fd41/img/icon_top_brand.svg",
+	"name": "authentik",
+	"note": "For this to work properly you will need a GeoIP account.  Go to https://www.maxmind.com/en/geolite2/signup, once done generate a license key and copy in your user number.  For info on emailing in the system see, https://goauthentik.io/docs/installation/docker-compose#email-configuration-optional-but-recommended",
+	"officialDoc": "https://goauthentik.io/docs/",
+	"platform": "linux",
+	"preInstallScript": "install_authentik.sh",
+	"repository": {
+		"stackfile_arm64": "stack/authentik.yml",
+		"stackfile_amd64": "stack/authentik.yml",
+		"url": "https://github.com/pi-hosted/pi-hosted/"
+	},
+	"restart_policy": "unless-stopped",
+	"title": "Authentik",
+	"type": 3,
+	"webpage": "https://goauthentik.io/"
+}
diff --git a/template/portainer-v2-amd64.json b/template/portainer-v2-amd64.json
index 734f6fa..9c1cd4b 100644
--- a/template/portainer-v2-amd64.json
+++ b/template/portainer-v2-amd64.json
@@ -396,6 +396,63 @@
 				}
 			]
 		},
+		{
+			"categories": [
+				"Authentication",
+				"Cloud",
+				"Management",
+				"Security"
+			],
+			"description": "Authentik is an open-source Identity Provider focused on flexibility and versatility.  This will start the stack with basic options, to customize further ie. adding email settings then use the editor under the deployed stack and 'Update the stack'",
+			"env": [
+				{
+					"default": "authentik",
+					"label": "POSTGRES_USER",
+					"name": "POSTGRES_USER"
+				},
+				{
+					"default": "authentik",
+					"label": "POSTGRES_DB",
+					"name": "POSTGRES_DB"
+				},
+				{
+					"default": "YOUR_POSTGRE_PASSWORD",
+					"label": "POSTGRES_PASSWORD",
+					"name": "POSTGRES_PASSWORD"
+				},
+				{
+					"default": "YOUR_AUTHENTIK_SECRET_KEY",
+					"label": "AUTHENTIK_SECRET_KEY",
+					"name": "AUTHENTIK_SECRET_KEY"
+				},
+				{
+					"default": "GeoLite2-City",
+					"label": "GEOIPUPDATE_EDITION_IDS",
+					"name": "GEOIPUPDATE_EDITION_IDS"
+				},
+				{
+					"default": "Your GEOIP ID",
+					"label": "GEOIPUPDATE_ACCOUNT_ID",
+					"name": "GEOIPUPDATE_ACCOUNT_ID"
+				},
+				{
+					"default": "Your GEOIP License Key",
+					"label": "GEOIPUPDATE_LICENSE_KEY",
+					"name": "GEOIPUPDATE_LICENSE_KEY"
+				}
+			],
+			"logo": "https://d33wubrfki0l68.cloudfront.net/3986a9ebfee622cb3fed7c0b7d3661e431dcff5c/8fd41/img/icon_top_brand.svg",
+			"name": "authentik",
+			"note": "<h3>Template created by Pi-Hosted Series</h3><b>Check our Github page: <a href=\"https://github.com/pi-hosted/pi-hosted\" target=\"_blank\">https://github.com/pi-hosted/pi-hosted</a></b><br><br><b>Official Webpage: </b><a href=\"https://goauthentik.io/\" target=\"_blank\">https://goauthentik.io/</a><br><b>Official Docker Documentation: </b><a href=\"https://goauthentik.io/docs/\" target=\"_blank\">https://goauthentik.io/docs/</a><br><br><b><a href=\"https://github.com/pi-hosted/pi-hosted/blob/master/tools/install_authentik.sh\" target=\"_blank\">Pre-installation script</a> must be RAN before you install: </b>wget -qO- https://raw.githubusercontent.com/pi-hosted/pi-hosted/master/tools/install_authentik.sh | <br><br>For this to work properly you will need a GeoIP account.  Go to https://www.maxmind.com/en/geolite2/signup, once done generate a license key and copy in your user number.  For info on emailing in the system see, https://goauthentik.io/docs/installation/docker-compose#email-configuration-optional-but-recommended",
+			"platform": "linux",
+			"repository": {
+				"stackfile": "stack/authentik.yml",
+				"url": "https://github.com/pi-hosted/pi-hosted/"
+			},
+			"restart_policy": "unless-stopped",
+			"title": "Authentik",
+			"type": 3
+		},
 		{
 			"categories": [
 				"Video",
diff --git a/template/portainer-v2-arm64.json b/template/portainer-v2-arm64.json
index 30a7e7a..46e3f4d 100644
--- a/template/portainer-v2-arm64.json
+++ b/template/portainer-v2-arm64.json
@@ -396,6 +396,63 @@
 				}
 			]
 		},
+		{
+			"categories": [
+				"Authentication",
+				"Cloud",
+				"Management",
+				"Security"
+			],
+			"description": "Authentik is an open-source Identity Provider focused on flexibility and versatility.  This will start the stack with basic options, to customize further ie. adding email settings then use the editor under the deployed stack and 'Update the stack'",
+			"env": [
+				{
+					"default": "authentik",
+					"label": "POSTGRES_USER",
+					"name": "POSTGRES_USER"
+				},
+				{
+					"default": "authentik",
+					"label": "POSTGRES_DB",
+					"name": "POSTGRES_DB"
+				},
+				{
+					"default": "YOUR_POSTGRE_PASSWORD",
+					"label": "POSTGRES_PASSWORD",
+					"name": "POSTGRES_PASSWORD"
+				},
+				{
+					"default": "YOUR_AUTHENTIK_SECRET_KEY",
+					"label": "AUTHENTIK_SECRET_KEY",
+					"name": "AUTHENTIK_SECRET_KEY"
+				},
+				{
+					"default": "GeoLite2-City",
+					"label": "GEOIPUPDATE_EDITION_IDS",
+					"name": "GEOIPUPDATE_EDITION_IDS"
+				},
+				{
+					"default": "Your GEOIP ID",
+					"label": "GEOIPUPDATE_ACCOUNT_ID",
+					"name": "GEOIPUPDATE_ACCOUNT_ID"
+				},
+				{
+					"default": "Your GEOIP License Key",
+					"label": "GEOIPUPDATE_LICENSE_KEY",
+					"name": "GEOIPUPDATE_LICENSE_KEY"
+				}
+			],
+			"logo": "https://d33wubrfki0l68.cloudfront.net/3986a9ebfee622cb3fed7c0b7d3661e431dcff5c/8fd41/img/icon_top_brand.svg",
+			"name": "authentik",
+			"note": "<h3>Template created by Pi-Hosted Series</h3><b>Check our Github page: <a href=\"https://github.com/pi-hosted/pi-hosted\" target=\"_blank\">https://github.com/pi-hosted/pi-hosted</a></b><br><br><b>Official Webpage: </b><a href=\"https://goauthentik.io/\" target=\"_blank\">https://goauthentik.io/</a><br><b>Official Docker Documentation: </b><a href=\"https://goauthentik.io/docs/\" target=\"_blank\">https://goauthentik.io/docs/</a><br><br><b><a href=\"https://github.com/pi-hosted/pi-hosted/blob/master/tools/install_authentik.sh\" target=\"_blank\">Pre-installation script</a> must be RAN before you install: </b>wget -qO- https://raw.githubusercontent.com/pi-hosted/pi-hosted/master/tools/install_authentik.sh | <br><br>For this to work properly you will need a GeoIP account.  Go to https://www.maxmind.com/en/geolite2/signup, once done generate a license key and copy in your user number.  For info on emailing in the system see, https://goauthentik.io/docs/installation/docker-compose#email-configuration-optional-but-recommended",
+			"platform": "linux",
+			"repository": {
+				"stackfile": "stack/authentik.yml",
+				"url": "https://github.com/pi-hosted/pi-hosted/"
+			},
+			"restart_policy": "unless-stopped",
+			"title": "Authentik",
+			"type": 3
+		},
 		{
 			"categories": [
 				"Video",
diff --git a/tools/install_authentik.sh b/tools/install_authentik.sh
new file mode 100644
index 0000000..5349a2c
--- /dev/null
+++ b/tools/install_authentik.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+function error {
+  echo -e "\\e[91m$1\\e[39m"
+  exit 1
+}
+
+echo "Creating directories..."
+sudo mkdir -p /portainer/Files/AppData/Config/authentik/certs || error "Failed to create certs directory!"
+sudo mkdir -p /portainer/Files/AppData/Config/authentik/custom-templates || error "Failed to create custom-templates directory!"
+sudo mkdir -p /portainer/Files/AppData/Config/authentik/media || error "Failed to create media directory!"
+sudo mkdir -p /portainer/Files/AppData/Config/authentik/geoip || error "Failed to create geoip directory!"
+sudo mkdir -p /portainer/Files/AppData/Config/authentik/redis || error "Failed to create redis directory!"
+sudo mkdir -p /portainer/Files/AppData/Config/authentik/postgre || error "Failed to create postgre directory!"
+
+echo "Setting permissions..."
+sudo chown -R 1000:1000 /portainer/Files/AppData/Config/authentik/certs || error "Failed to set permissions for Authentik certs!"
+sudo chown -R 1000:1000 /portainer/Files/AppData/Config/authentik/custom-templates || error "Failed to set permissions for Authentik custom-templates!"
+sudo chown -R 1000:1000 /portainer/Files/AppData/Config/authentik/media || error "Failed to set permissions for Authentik media!"
+sudo chown -R 1000:1000 /portainer/Files/AppData/Config/authentik/geoip || error "Failed to set permissions for Authentik geoip!"
+sudo chown -R 999:999 /portainer/Files/AppData/Config/authentik/redis || error "Failed to set permissions for Authentik redis!"
+sudo chown -R 70:70 /portainer/Files/AppData/Config/authentik/postgre || error "Failed to set permissions for Authentik postgre!"
+echo "Done You are ready to goto next step in the install document"