diff --git a/README.md b/README.md index 8c81379..746888f 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,10 @@ apt update \ tee /etc/apt/sources.list.d/docker.list > /dev/null \ && apt update \ && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \ + && echo "{" > /etc/docker/daemon.json \ + && echo " \"log-driver\": \"journald\"" >> /etc/docker/daemon.json \ + && echo "}" >> /etc/docker/daemon.json \ + && systemctl restart docker.service \ && mkdir -p /var/lib/apps \ && ln -s /var/lib/apps \ && apt install -y git vim \ @@ -39,16 +43,32 @@ cd /root/apps \ && ./scripts/init.sh \ && docker compose build --no-cache \ --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ - --build-arg SRC_REV=$(git rev-parse --short HEAD) \ - && docker compose up -d; docker compose logs -f + --build-arg SRC_REV=$(git rev-parse --short HEAD) +``` + +## Service Handling + +Start service: +```shell +systemctl start authentik.service +``` + +Stop service: +```shell +systemctl stop authentik.service +``` + +Show logs: +```shell +journalctl -xef -u authentik.service ``` ## Upgrade 1. Update `AUTHENTIK_TAG` to the desired tag in `env.template`, as well as in the deployed `.env` file. -2. `docker-compose down` -3. `docker compose up -d; docker compose logs -f` +2. `systemctl stop authentik.service` +3. `systemctl start authentik.service; journalctl -xef -u authentik.service` ## Rebuild containers locally diff --git a/scripts/init.sh b/scripts/init.sh index f70bd37..626eb80 100755 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -27,19 +27,19 @@ prompt_password() { # Trap SIGINT to exit gracefully if the user aborts with CTRL+C trap 'printf "\nOperation aborted by user.\n" >&2; exit 1' SIGINT - cd "$(dirname "$(realpath "$0")")/../" +AUTHENTIK_DOCKER_COMPOSE_PATH="$(realpath "$(pwd)")" # Check if .env exists and exit if it is -[[ -f ./.env ]] && echo ".env already exists. Exiting!" && exit 1 || true - -cat ./env.template >> ./.env -echo "# SECRETS" >> ./.env -echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env -echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env -prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD -prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD -echo "" >> ./.env +if [[ ! -f ./.env ]]; then + cat ./env.template >> ./.env + echo "# SECRETS" >> ./.env + echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env + echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env + prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD + prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD + echo "" >> ./.env +fi # Generate dhparam, if not existing [[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs && chown 101:101 ./data/nginx/certs || true @@ -60,7 +60,7 @@ if [[ ! -d ./data/.lego ]]; then fi # Setup directory for acme cheallenges -mkdir -p ./data/nginx/acme +[[ ! -d ./data/nginx/acme ]] && mkdir -p ./data/nginx/acme # Setup cronjob to automatically renew certificates [[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.service ]] && cat < /etc/systemd/system/lego-renew-sso-base23-de.service && systemctl daemon-reload @@ -72,8 +72,8 @@ After=network-online.target [Service] Type=oneshot -ExecStart=/var/lib/apps/sso.base23.de/scripts/cert_renew.sh -WorkingDirectory=/var/lib/apps/sso.base23.de/ +ExecStart=${AUTHENTIK_DOCKER_COMPOSE_PATH}/scripts/cert_renew.sh +WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}/ User=root Group=root RemainAfterExit=yes @@ -95,3 +95,21 @@ Persistent=true [Install] WantedBy=timers.target EOF + +# Setup systemd service for authentik +[[ ! -f /etc/systemd/system/authentik.service ]] && cat < /etc/systemd/system/authentik.service && systemctl daemon-reload && systemctl enable authentik.service +[Unit] +Description=Authentik Docker Compose Service +After=network.target docker.service +Requires=docker.service + +[Service] +Restart=always +WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH} +ExecStart=/usr/bin/docker compose up -d +ExecStop=/usr/bin/docker compose down +TimeoutStartSec=0 + +[Install] +WantedBy=multi-user.target +EOF