Use a service instead of a manually started compose

scripts/init.sh

@@ -27,19 +27,19 @@ prompt_password() {
 # Trap SIGINT to exit gracefully if the user aborts with CTRL+C
 trap 'printf "\nOperation aborted by user.\n" >&2; exit 1' SIGINT
 
-
 cd "$(dirname "$(realpath "$0")")/../"
+AUTHENTIK_DOCKER_COMPOSE_PATH="$(realpath "$(pwd)")"
 
 # Check if .env exists and exit if it is
-[[ -f ./.env ]] && echo ".env already exists. Exiting!" && exit 1 || true
-
-cat ./env.template >> ./.env
-echo "# SECRETS" >> ./.env
-echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env
-echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env
-prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
-prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
-echo "" >> ./.env
+if [[ ! -f ./.env ]]; then
+	cat ./env.template >> ./.env
+	echo "# SECRETS" >> ./.env
+	echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env
+	echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env
+	prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
+	prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
+	echo "" >> ./.env
+fi
 
 # Generate dhparam, if not existing
 [[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs && chown 101:101 ./data/nginx/certs || true
@@ -60,7 +60,7 @@ if [[ ! -d ./data/.lego ]]; then
 fi
 
 # Setup directory for acme cheallenges
-mkdir -p ./data/nginx/acme
+[[ ! -d ./data/nginx/acme ]] && mkdir -p ./data/nginx/acme
 
 # Setup cronjob to automatically renew certificates
 [[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.service ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.service && systemctl daemon-reload
@@ -72,8 +72,8 @@ After=network-online.target
 
 [Service]
 Type=oneshot
-ExecStart=/var/lib/apps/sso.base23.de/scripts/cert_renew.sh
-WorkingDirectory=/var/lib/apps/sso.base23.de/
+ExecStart=${AUTHENTIK_DOCKER_COMPOSE_PATH}/scripts/cert_renew.sh
+WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}/
 User=root
 Group=root
 RemainAfterExit=yes
@@ -95,3 +95,21 @@ Persistent=true
 [Install]
 WantedBy=timers.target
 EOF
+
+# Setup systemd service for authentik
+[[ ! -f /etc/systemd/system/authentik.service ]] && cat <<EOF > /etc/systemd/system/authentik.service && systemctl daemon-reload && systemctl enable authentik.service
+[Unit]
+Description=Authentik Docker Compose Service
+After=network.target docker.service
+Requires=docker.service
+
+[Service]
+Restart=always
+WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose down
+TimeoutStartSec=0
+
+[Install]
+WantedBy=multi-user.target
+EOF