Fix Authentik Logo

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/workflows/shellcheck.yml

@@ -0,0 +1,25 @@
+name: Shellcheck
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "5 1 * * *"
+
+jobs:
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Run ShellCheck
+      uses: ludeeus/action-shellcheck@master
+      with:
+        ignore_paths: >-
+          frontend
+          json

CHANGELOG.md

@@ -16,6 +16,48 @@ All LXC instances created using this repository come pre-installed with Midnight
 > [!IMPORTANT]
 Do not break established syntax in this file, as it is automatically updated by a Github Workflow
 
+## 2024-12-27
+
+### Changed
+
+### ✨ New Scripts
+
+- new scripts for Authentik [@remz1337](https://github.com/remz1337) ([#291](https://github.com/community-scripts/ProxmoxVE/pull/291))
+
+### 🚀 Updated Scripts
+
+- Add 8.0 for MongoDB Installation [@MickLesk](https://github.com/MickLesk) ([#1046](https://github.com/community-scripts/ProxmoxVE/pull/1046))
+- Update Zabbix to 7.2. Release [@MickLesk](https://github.com/MickLesk) ([#1048](https://github.com/community-scripts/ProxmoxVE/pull/1048))
+- Apache-Guacamole script bug fix [@sannier3](https://github.com/sannier3) ([#1039](https://github.com/community-scripts/ProxmoxVE/pull/1039))
+
+### 🌐 Website
+
+- Updated SAB documentation based on RAM increase [@TheRealVira](https://github.com/TheRealVira) ([#1035](https://github.com/community-scripts/ProxmoxVE/pull/1035))
+
+### ❔ Unlabelled
+
+- Patch Figlet Repo if missing [@MickLesk](https://github.com/MickLesk) ([#1044](https://github.com/community-scripts/ProxmoxVE/pull/1044))
+- fix Tags for Advanced Settings [@MickLesk](https://github.com/MickLesk) ([#1042](https://github.com/community-scripts/ProxmoxVE/pull/1042))
+
+## 2024-12-26
+
+### Changed
+
+### ✨ New Scripts
+
+-  New Script: Jenkins [@quantumryuu](https://github.com/quantumryuu) ([#1019](https://github.com/community-scripts/ProxmoxVE/pull/1019))
+- New Script: 2FAuth [@jkrgr0](https://github.com/jkrgr0) ([#943](https://github.com/community-scripts/ProxmoxVE/pull/943))
+
+### 🚀 Updated Scripts
+
+- ChangeDetection Update: Update also Browsers [@Niklas04](https://github.com/Niklas04) ([#1027](https://github.com/community-scripts/ProxmoxVE/pull/1027))
+- ensure all RFC1918 local Ipv4 addresses are in iptag script [@AskAlice](https://github.com/AskAlice) ([#992](https://github.com/community-scripts/ProxmoxVE/pull/992))
+- Fix Proxmox DataCenter: incorrect build.func url [@rbradley0](https://github.com/rbradley0) ([#1013](https://github.com/community-scripts/ProxmoxVE/pull/1013))
+
+### 🧰 Maintenance
+
+- [GitHub Actions] Introduce Shellcheck to check bash code [@andygrunwald](https://github.com/andygrunwald) ([#1018](https://github.com/community-scripts/ProxmoxVE/pull/1018))
+
 ## 2024-12-25
 
 ### Changed

ct/2fauth.sh

@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: jkrgr0
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://docs.2fauth.app/
+
+# App Default Values
+APP="2FAuth"
+TAGS="2fa;authenticator"
+var_cpu="1"
+var_ram="512"
+var_disk="2"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+# App Output & Base Settings
+header_info "$APP"
+base_settings
+
+# Core
+variables
+color
+catch_errors
+
+function update_script() {
+    header_info
+    check_container_storage
+    check_container_resources
+
+    # Check if installation is present | -f for file, -d for folder
+    if [[ ! -d "/opt/2fauth" ]]; then
+        msg_error "No ${APP} Installation Found!"
+        exit
+    fi
+
+    # Crawling the new version and checking whether an update is required
+    RELEASE=$(curl -s https://api.github.com/repos/Bubka/2FAuth/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
+    if [[ "${RELEASE}" != "$(cat /opt/2fauth_version.txt)" ]] || [[ ! -f /opt/2fauth_version.txt ]]; then
+        msg_info "Updating $APP to ${RELEASE}"
+
+        apt-get update &>/dev/null
+        apt-get -y upgrade &>/dev/null
+
+        # Creating Backup
+        msg_info "Creating Backup"
+        mv "/opt/2fauth" "/opt/2fauth-backup"
+        msg_ok "Backup Created"
+
+        # Execute Update
+        wget -q "https://github.com/Bubka/2FAuth/archive/refs/tags/${RELEASE}.zip"
+        unzip -q "${RELEASE}.zip"
+        mv "2FAuth-${RELEASE//v}/" "/opt/2fauth"
+        mv "/opt/2fauth-backup/.env" "/opt/2fauth/.env"
+        mv "/opt/2fauth-backup/storage" "/opt/2fauth/storage"
+        cd "/opt/2fauth" || return
+
+        chown -R www-data: "/opt/2fauth"
+        chmod -R 755 "/opt/2fauth"
+
+        export COMPOSER_ALLOW_SUPERUSER=1
+        composer install --no-dev --prefer-source &>/dev/null
+
+        php artisan 2fauth:install
+
+        # Cleaning up
+        msg_info "Cleaning Up"
+        rm -rf "v${RELEASE}.zip"
+        $STD apt-get -y autoremove
+        $STD apt-get -y autoclean
+        msg_ok "Cleanup Completed"
+
+        # Last Action
+        echo "${RELEASE}" >/opt/2fauth_version.txt
+        msg_ok "Updated $APP to ${RELEASE}"
+    else
+        msg_ok "No update required. ${APP} is already at ${RELEASE}"
+    fi
+    exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:80${CL}"

ct/authentik.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: remz1337
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+# App Default Values
+APP="Authentik"
+var_tags="identity-provider"
+var_disk="15"
+var_cpu="6"
+var_ram="8192"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+# App Output & Base Settings
+header_info "$APP"
+base_settings
+
+# Core
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -f /etc/systemd/system/authentik-server.service ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+  RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+  if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+    msg_info "Stopping ${APP}"
+    systemctl stop authentik-server
+    systemctl stop authentik-worker
+    msg_ok "Stopped ${APP}"
+
+    msg_info "Building ${APP} website"
+    mkdir -p /opt/authentik
+    wget -qO authentik.tar.gz "${RELEASE}"
+    tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+    rm -rf authentik.tar.gz
+    cd /opt/authentik/website
+    npm install &>/dev/null
+    npm run build-bundled &>/dev/null
+    cd /opt/authentik/web
+    npm install &>/dev/null
+    npm run build &>/dev/null
+    msg_ok "Built ${APP} website"
+
+    msg_info "Installing Python Dependencies"
+    cd /opt/authentik
+    poetry install --only=main --no-ansi --no-interaction --no-root &>/dev/null
+    poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt &>/dev/null
+    pip install --no-cache-dir -r requirements.txt &>/dev/null
+    pip install . &>/dev/null
+    msg_ok "Installed Python Dependencies"
+
+    msg_info "Updating ${APP} to v${RELEASE} (Patience)"
+    cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+    bash /opt/authentik/lifecycle/ak migrate &>/dev/null
+    echo "${RELEASE}" >/opt/${APP}_version.txt
+    msg_ok "Updated ${APP} to v${RELEASE}"
+
+    msg_info "Starting ${APP}"
+    systemctl start authentik-server
+    systemctl start authentik-worker
+    msg_ok "Started ${APP}"
+  else
+    msg_ok "No update required. ${APP} is already at v${RELEASE}"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}/if/flow/initial-setup/${CL}"

ct/changedetection.sh

@@ -28,28 +28,45 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
+
   if [[ ! -f /etc/systemd/system/changedetection.service ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  msg_info "Updating ${APP} LXC"
+
   if ! dpkg -s libjpeg-dev >/dev/null 2>&1; then
+    msg_info "Installing Dependencies"
     apt-get update
     apt-get install -y libjpeg-dev
+    msg_ok "Updated Dependencies"
   fi
+
+  msg_info "Updating ${APP}"
   pip3 install changedetection.io --upgrade &>/dev/null
+  msg_ok "Updated ${APP}"
+
+  msg_info "Updating Playwright"
   pip3 install playwright --upgrade &>/dev/null
+  msg_ok "Updated Playwright"
+
   if [[ -f /etc/systemd/system/browserless.service ]]; then
+    msg_info "Updating Browserless (Patience)"
     git -C /opt/browserless/ fetch --all &>/dev/null
     git -C /opt/browserless/ reset --hard origin/main &>/dev/null
     npm update --prefix /opt/browserless &>/dev/null
+    /opt/browserless/node_modules/playwright-core/cli.js install --with-deps &>/dev/null
+    # Update Chrome separately, as it has to be done with the force option. Otherwise the installation of other browsers will not be done if Chrome is already installed.
+    /opt/browserless/node_modules/playwright-core/cli.js install --force chrome &>/dev/null
+    /opt/browserless/node_modules/playwright-core/cli.js install chromium firefox webkit &>/dev/null
     npm run build --prefix /opt/browserless &>/dev/null
     npm run build:function --prefix /opt/browserless &>/dev/null
     npm prune production --prefix /opt/browserless &>/dev/null
     systemctl restart browserless
+    msg_ok "Updated Browserless"
   else
     msg_error "No Browserless Installation Found!"
   fi
+
   systemctl restart changedetection
   msg_ok "Updated Successfully"
   exit
@@ -62,4 +79,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"

ct/jenkins.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: kristocopani
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.jenkins.io/
+
+# App Default Values
+APP="Jenkins"
+var_tags="automation"
+var_cpu="2"
+var_ram="1024"
+var_disk="4"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+# App Output & Base Settings
+header_info "$APP"
+base_settings
+
+# Core
+variables
+color
+catch_errors
+
+function update_script() {
+    header_info
+    check_container_storage
+    check_container_resources
+    if [[ ! -d /var/lib/jenkins ]]; then
+        msg_error "No ${APP} Installation Found!"
+        exit
+    fi
+    msg_info "Updating $APP LXC"
+    apt-get update &>/dev/null
+    apt-get -y upgrade &>/dev/null
+    msg_ok "Updated $APP LXC"
+    exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"

ct/mongodb.sh

@@ -28,7 +28,7 @@ function update_script() {
     header_info
     check_container_storage
     check_container_resources
-    if [[ ! -f /etc/apt/sources.list.d/mongodb-org-7.0.list ]]; then
+    if [[ ! -f /etc/apt/sources.list.d/mongodb-org-7.0.list && ! -f /etc/apt/sources.list.d/mongodb-org-8.0.list ]]; then
         msg_error "No ${APP} Installation Found!"
         exit
     fi
@@ -44,4 +44,4 @@ build_container
 description
 
 msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"

ct/proxmox-datacenter-manager.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/raw/main/misc/build.func)
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2024 community-scripts ORG
 # Author: CrazyWolf13
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE

ct/zabbix.sh

@@ -44,7 +44,7 @@ function update_script() {
     cp -R /usr/share/zabbix-* /opt/zabbix-backup/
     rm -Rf /etc/apt/sources.list.d/zabbix.list
     cd /tmp
-    wget -q https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_latest+debian12_all.deb
+    wget -q https://repo.zabbix.com/zabbix/7.2/debian/pool/main/z/zabbix-release/zabbix-release_latest+debian12_all.deb
     dpkg -i zabbix-release_latest+debian12_all.deb &>/dev/null
     apt-get update &>/dev/null
     apt-get install --only-upgrade zabbix-server-pgsql zabbix-frontend-php zabbix-agent2 zabbix-agent2-plugin-* &>/dev/null
@@ -68,4 +68,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}/zabbix${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}/zabbix${CL}"

install/2fauth-install.sh

@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: jkrgr0
+# License: MIT
+# Source: https://docs.2fauth.app/
+
+# Import Functions und Setup
+source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+# Installing Dependencies with the 3 core dependencies (curl;sudo;mc)
+msg_info "Installing Dependencies"
+$STD apt-get install -y \
+  curl \
+  sudo \
+  mc \
+  nginx \
+  composer \
+  php8.2-{bcmath,common,ctype,curl,fileinfo,fpm,gd,mbstring,mysql,xml,cli} \
+  mariadb-server
+msg_ok "Installed Dependencies"
+
+# Template: MySQL Database
+msg_info "Setting up Database"
+DB_NAME=2fauth_db
+DB_USER=2fauth
+DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
+$STD mysql -u root -e "CREATE DATABASE $DB_NAME;"
+$STD mysql -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED WITH mysql_native_password AS PASSWORD('$DB_PASS');"
+$STD mysql -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
+{
+    echo "2FAuth Credentials"
+    echo "Database User: $DB_USER"
+    echo "Database Password: $DB_PASS"
+    echo "Database Name: $DB_NAME"
+} >> ~/2FAuth.creds
+msg_ok "Set up Database"
+
+# Setup App
+msg_info "Setup 2FAuth"
+RELEASE=$(curl -s https://api.github.com/repos/Bubka/2FAuth/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
+wget -q "https://github.com/Bubka/2FAuth/archive/refs/tags/${RELEASE}.zip"
+unzip -q "${RELEASE}.zip"
+mv "2FAuth-${RELEASE//v}/" /opt/2fauth
+
+cd "/opt/2fauth" || return
+cp .env.example .env
+IPADDRESS=$(hostname -I | awk '{print $1}')
+
+sed -i -e "s|^APP_URL=.*|APP_URL=http://$IPADDRESS|" \
+       -e "s|^DB_CONNECTION=$|DB_CONNECTION=mysql|" \
+       -e "s|^DB_DATABASE=$|DB_DATABASE=$DB_NAME|" \
+       -e "s|^DB_HOST=$|DB_HOST=127.0.0.1|" \
+       -e "s|^DB_PORT=$|DB_PORT=3306|" \
+       -e "s|^DB_USERNAME=$|DB_USERNAME=$DB_USER|" \
+       -e "s|^DB_PASSWORD=$|DB_PASSWORD=$DB_PASS|" .env
+
+export COMPOSER_ALLOW_SUPERUSER=1
+$STD composer update --no-plugins --no-scripts
+$STD composer install --no-dev --prefer-source --no-plugins --no-scripts
+
+$STD php artisan key:generate --force
+
+$STD php artisan migrate:refresh
+$STD php artisan passport:install -q -n
+$STD php artisan storage:link
+$STD php artisan config:cache
+
+chown -R www-data: /opt/2fauth
+chmod -R 755 /opt/2fauth
+
+echo "${RELEASE}" >"/opt/2fauth_version.txt"
+msg_ok "Setup 2fauth"
+
+# Configure Service (NGINX)
+msg_info "Configure Service"
+cat <<EOF >/etc/nginx/conf.d/2fauth.conf
+server {
+        listen 80;
+        root /opt/2fauth/public;
+        server_name $IPADDRESS;
+        index index.php;
+        charset utf-8;
+
+        location / {
+                try_files \$uri \$uri/ /index.php?\$query_string;
+        }
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location = /robots.txt { access_log off; log_not_found off; }
+
+        error_page 404 /index.php;
+
+        location ~ \.php\$ {
+                fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+                fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+        location ~ /\.(?!well-known).* {
+                deny all;
+        }
+}
+EOF
+
+systemctl reload nginx
+msg_ok "Configured Service"
+
+motd_ssh
+customize
+
+# Cleanup
+msg_info "Cleaning up"
+rm -f "/opt/v${RELEASE}.zip"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"

install/apache-guacamole-install.sh

@@ -98,6 +98,11 @@ cat *.sql | mysql -u root ${DB_NAME}
 msg_ok "Setup Database"
 
 msg_info "Setup Service"
+cat <<EOF >/etc/guacamole/guacd.conf
+[server]
+bind_host = 127.0.0.1
+bind_port = 4822
+EOF
 JAVA_HOME=$(update-alternatives --query javadoc | grep Value: | head -n1 | sed 's/Value: //' | sed 's@bin/javadoc$@@')
 cat <<EOF >/etc/systemd/system/tomcat.service
 [Unit]

install/authentik-install.sh

@@ -0,0 +1,195 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: remz1337
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y \
+  curl \
+  sudo \
+  mc \
+  gpg \
+  pkg-config \
+  libffi-dev \
+  build-essential \
+  libpq-dev \
+  libkrb5-dev \
+  libssl-dev \
+  libsqlite3-dev \
+  tk-dev \
+  libgdbm-dev \
+  libc6-dev \
+  libbz2-dev \
+  zlib1g-dev \
+  libxmlsec1 \
+  libxmlsec1-dev \
+  libxmlsec1-openssl \
+  libmaxminddb0 \
+  python3-pip \
+  git
+msg_ok "Installed Dependencies"
+
+msg_info "Installing yq"
+cd /tmp
+YQ_LATEST="$(wget -qO- "https://api.github.com/repos/mikefarah/yq/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')"
+wget -q "https://github.com/mikefarah/yq/releases/download/${YQ_LATEST}/yq_linux_amd64" -qO /usr/bin/yq
+chmod +x /usr/bin/yq
+msg_ok "Installed yq"
+
+msg_info "Installing GeoIP"
+cd /tmp
+GEOIP_RELEASE=$(curl -s https://api.github.com/repos/maxmind/geoipupdate/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+wget -qO geoipupdate.deb https://github.com/maxmind/geoipupdate/releases/download/v${GEOIP_RELEASE}/geoipupdate_${GEOIP_RELEASE}_linux_amd64.deb
+$STD dpkg -i geoipupdate.deb
+cat <<EOF >/etc/GeoIP.conf
+#GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
+#GEOIPUPDATE_VERBOSE="1"
+#GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID"
+#GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY"
+EOF
+msg_ok "Installed GeoIP"
+
+msg_info "Setting up Python 3"
+cd /tmp
+wget -q https://www.python.org/ftp/python/3.12.1/Python-3.12.1.tgz -O Python.tgz
+tar -zxf Python.tgz
+cd Python-3.12.1
+$STD ./configure --enable-optimizations
+$STD make altinstall
+cd ~
+$STD update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.12 1
+msg_ok "Setup Python 3"
+
+msg_info "Setting up Node.js Repository"
+mkdir -p /etc/apt/keyrings
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" >/etc/apt/sources.list.d/nodesource.list
+msg_ok "Set up Node.js Repository"
+
+msg_info "Installing Node.js"
+$STD apt-get update
+$STD apt-get install -y nodejs
+msg_ok "Installed Node.js"
+
+msg_info "Installing Golang"
+cd /tmp
+set +o pipefail
+GO_RELEASE=$(curl -s https://go.dev/dl/ | grep -o -m 1 "go.*\linux-amd64.tar.gz")
+wget -q https://golang.org/dl/${GO_RELEASE}
+tar -xzf ${GO_RELEASE} -C /usr/local
+ln -s /usr/local/go/bin/go /usr/bin/go
+set -o pipefail
+msg_ok "Installed Golang"
+
+msg_info "Installing Redis"
+$STD apt-get install -y redis-server
+systemctl enable -q --now redis-server
+msg_ok "Installed Redis"
+
+msg_info "Installing PostgreSQL"
+$STD apt-get install -y postgresql postgresql-contrib
+DB_NAME="authentik"
+DB_USER="authentik"
+DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" 
+$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
+$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
+msg_ok "Installed PostgreSQL"
+
+msg_info "Installing authentik"
+RELEASE=$(curl -s https://api.github.com/repos/goauthentik/authentik/releases/latest | grep "tarball_url" | awk '{print substr($2, 2, length($2)-3)}')
+mkdir -p /opt/authentik
+wget -qO authentik.tar.gz "${RELEASE}"
+tar -xzf authentik.tar.gz -C /opt/authentik --strip-components 1 --overwrite
+cd /opt/authentik/website
+$STD npm install
+$STD npm run build-bundled
+cd /opt/authentik/web
+$STD npm install
+$STD npm run build
+echo "${RELEASE}" >/opt/${APPLICATION}_version.txt
+cd /opt/authentik
+$STD go mod download
+$STD go build -o /go/authentik ./cmd/server
+$STD go build -o /opt/authentik/authentik-server /opt/authentik/cmd/server/
+cd /opt/authentik
+$STD pip3 install --upgrade pip
+$STD pip3 install poetry poetry-plugin-export
+ln -s /usr/local/bin/poetry /usr/bin/poetry
+$STD poetry install --only=main --no-ansi --no-interaction --no-root
+$STD poetry export --without-hashes --without-urls -f requirements.txt --output requirements.txt
+$STD pip install --no-cache-dir -r requirements.txt
+$STD pip install .
+mkdir -p /etc/authentik
+mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
+$STD yq -i ".secret_key = \"$(openssl rand -hex 32)\"" /etc/authentik/config.yml
+$STD yq -i ".postgresql.password = \"${DB_PASS}\"" /etc/authentik/config.yml
+$STD yq -i ".geoip = \"/opt/authentik/tests/GeoLite2-City-Test.mmdb\"" /etc/authentik/config.yml
+cp -r /opt/authentik/authentik/blueprints /opt/authentik/blueprints
+$STD yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
+ln -s /usr/bin/python3 /usr/bin/python
+ln -s /usr/local/bin/gunicorn /usr/bin/gunicorn
+ln -s /usr/local/bin/celery /usr/bin/celery
+$STD bash /opt/authentik/lifecycle/ak migrate
+cd ~
+msg_ok "Installed authentik"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/authentik-server.service
+[Unit]
+Description = authentik Server
+
+[Service]
+ExecStart=/opt/authentik/authentik-server
+WorkingDirectory=/opt/authentik/
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF >/etc/systemd/system/authentik-worker.service
+[Unit]
+Description = authentik Worker
+
+[Service]
+Environment=DJANGO_SETTINGS_MODULE="authentik.root.settings"
+ExecStart=celery -A authentik.root.celery worker -Ofair --max-tasks-per-child=1 --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events
+WorkingDirectory=/opt/authentik/authentik
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now authentik-server
+sleep 2
+systemctl enable -q --now authentik-worker
+msg_ok "Created Services"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+rm -rf /tmp/Python-3.12.1
+rm -rf /tmp/Python.tgz
+rm -rf go/
+rm -rf /tmp/${GO_RELEASE}
+rm -rf /tmp/geoipupdate.deb
+rm -rf authentik.tar.gz
+$STD apt-get -y remove yq
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"

install/jenkins-install.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Copyright (c) 2021-2024 community-scripts ORG
+# Author: kristocopani
+# License: MIT
+# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y \
+    curl \
+    mc \
+    sudo \
+    openjdk-17-jre
+msg_ok "Installed Dependencies"
+
+msg_info "Setup Jenkins"
+wget -qO /usr/share/keyrings/jenkins-keyring.asc https://pkg.jenkins.io/debian/jenkins.io-2023.key
+echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" https://pkg.jenkins.io/debian binary/ >/etc/apt/sources.list.d/jenkins.list
+$STD apt-get update
+$STD apt-get install -y jenkins
+msg_ok "Setup Jenkins"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"

install/mongodb-install.sh

@@ -1,3 +1,4 @@
+
 #!/usr/bin/env bash
 
 # Copyright (c) 2021-2024 tteck
@@ -20,14 +21,22 @@ $STD apt-get install -y sudo
 $STD apt-get install -y mc
 msg_ok "Installed Dependencies"
 
-msg_info "Installing MongoDB"
-wget -qO- https://www.mongodb.org/static/pgp/server-7.0.asc | gpg --dearmor >/usr/share/keyrings/mongodb-server-7.0.gpg
-echo "deb [signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg] http://repo.mongodb.org/apt/debian $(grep '^VERSION_CODENAME=' /etc/os-release | cut -d'=' -f2)/mongodb-org/7.0 main" >/etc/apt/sources.list.d/mongodb-org-7.0.list
+# Abfrage für die MongoDB-Version
+read -p "Do you want to install MongoDB 8.0 instead of 7.0? [y/N]: " install_mongodb_8
+if [[ "$install_mongodb_8" =~ ^[Yy]$ ]]; then
+  MONGODB_VERSION="8.0"
+else
+  MONGODB_VERSION="7.0"
+fi
+
+msg_info "Installing MongoDB $MONGODB_VERSION"
+wget -qO- https://www.mongodb.org/static/pgp/server-${MONGODB_VERSION}.asc | gpg --dearmor >/usr/share/keyrings/mongodb-server-${MONGODB_VERSION}.gpg
+echo "deb [signed-by=/usr/share/keyrings/mongodb-server-${MONGODB_VERSION}.gpg] http://repo.mongodb.org/apt/debian $(grep '^VERSION_CODENAME=' /etc/os-release | cut -d'=' -f2)/mongodb-org/${MONGODB_VERSION} main" >/etc/apt/sources.list.d/mongodb-org-${MONGODB_VERSION}.list
 $STD apt-get update
 $STD apt-get install -y mongodb-org
 sed -i 's/bindIp: 127.0.0.1/bindIp: 0.0.0.0/' /etc/mongod.conf
 systemctl enable -q --now mongod.service
-msg_ok "Installed MongoDB"
+msg_ok "Installed MongoDB $MONGODB_VERSION"
 
 motd_ssh
 customize

install/zabbix-install.sh

@@ -22,7 +22,7 @@ msg_ok "Installed Dependencies"
 
 msg_info "Installing Zabbix"
 cd /tmp
-wget -q https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_latest+debian12_all.deb
+wget -q https://repo.zabbix.com/zabbix/7.2/debian/pool/main/z/zabbix-release/zabbix-release_latest+debian12_all.deb
 $STD dpkg -i /tmp/zabbix-release_latest+debian12_all.deb
 $STD apt-get update
 $STD apt-get install -y zabbix-server-pgsql zabbix-frontend-php php8.2-pgsql zabbix-apache-conf zabbix-sql-scripts 

json/2fauth.json

@@ -0,0 +1,43 @@
+{
+    "name": "2FAuth",
+    "slug": "2fauth",
+    "categories": [
+      0
+    ],
+    "date_created": "2024-12-20",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 80,
+    "documentation": null,
+    "website": "https://docs.2fauth.app/",
+    "logo": "https://raw.githubusercontent.com/Bubka/2FAuth/refs/heads/master/public/logo.svg",
+    "description": "2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop. It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.",
+    "install_methods": [
+      {
+        "type": "default",
+        "script": "ct/2fauth.sh",
+        "resources": {
+          "cpu": 1,
+          "ram": 512,
+          "hdd": 2,
+          "os": "Debian",
+          "version": "12"
+        }
+      }
+    ],
+    "default_credentials": {
+      "username": null,
+      "password": null
+    },
+    "notes": [
+      {
+        "text": "Database credentials: `cat ~/2FAuth.creds`",
+        "type": "info"
+      },
+      {
+        "text": "The very first account created is automatically set up as an administrator account.",
+        "type": "info"
+      }
+    ]
+  }

json/authentik.json

@@ -0,0 +1,39 @@
+{
+    "name": "authentik",
+    "slug": "authentik",
+    "categories": [
+        11
+    ],
+    "date_created": "2024-12-27",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 9000,
+    "documentation": "https://docs.goauthentik.io/docs/",
+    "website": "https://goauthentik.io/",
+    "logo": "https://raw.githubusercontent.com/goauthentik/authentik/refs/heads/main/website/static/img/icon.png",
+    "description": "authentik is an IdP (Identity Provider) and SSO (single sign on) that is built with security at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/authentik.sh",
+            "resources": {
+                "cpu": 6,
+                "ram": 8192,
+                "hdd": 12,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Authentik is very resource-heavy, it is recommended to use at least 8GB RAM anytime!",
+            "type": "warning"
+        }
+    ]
+}

json/jenkins.json

@@ -0,0 +1,34 @@
+{
+    "name": "Jenkins",
+    "slug": "jenkins",
+    "categories": [
+      3
+    ],
+    "date_created": "2024-12-26",
+    "type": "ct",
+    "updateable": false,
+    "privileged": false,
+    "interface_port": 8080,
+    "documentation": "https://www.jenkins.io/doc/",
+    "website": "https://www.jenkins.io/",
+    "logo": "https://www.jenkins.io/images/logos/jenkins/jenkins.svg",
+    "description": "Jenkins provides hundreds of plugins to support building, deploying and automating any project. ",
+    "install_methods": [
+      {
+        "type": "default",
+        "script": "ct/jenkins.sh",
+        "resources": {
+          "cpu": 2,
+          "ram": 1024,
+          "hdd": 4,
+          "os": "Debian",
+          "version": "12"
+        }
+      }
+    ],
+    "default_credentials": {
+      "username": null,
+      "password": null
+    },
+    "notes": []
+  }

json/proxmox-datacenter-manager.json

@@ -2,10 +2,9 @@
     "name": "Proxmox Datacenter Manager",
     "slug": "proxmox-datacenter-manager",
     "categories": [
-      11,
       1
     ],
-    "date_created": "2024-12-20",
+    "date_created": "2024-12-25",
     "type": "ct",
     "updateable": true,
     "privileged": false,
@@ -41,4 +40,4 @@
         "type": "warning"
       }
     ]
-  }
+  }

json/sabnzbd.json

@@ -19,7 +19,7 @@
             "script": "ct/sabnzbd.sh",
             "resources": {
                 "cpu": 2,
-                "ram": 2048,
+                "ram": 4096,
                 "hdd": 8,
                 "os": "debian",
                 "version": "12"
@@ -31,4 +31,4 @@
         "password": null
     },
     "notes": []
-}
+}

misc/add-lxc-iptag.sh

@@ -133,8 +133,9 @@ if [[ ! -f /opt/lxc-iptag/iptag.conf ]]; then
 # List of allowed CIDRs
 CIDR_LIST=(
   192.168.0.0/16
-  100.64.0.0/10
+  172.16.0.0/12
   10.0.0.0/8
+  100.64.0.0/10
 )
 
 # Interval settings (in seconds)

misc/build.func

@@ -161,6 +161,10 @@ arch_check() {
 header_info() {
   if [ -f /etc/debian_version ]; then
     # Debian/Ubuntu
+    if ! grep -q "^deb http://ftp.debian.org/debian bookworm main contrib" /etc/apt/sources.list; then
+      echo "deb http://ftp.debian.org/debian bookworm main contrib" >> /etc/apt/sources.list
+      apt-get update -y &> /dev/null
+    fi
     apt-get install -y figlet &> /dev/null
   elif [ -f /etc/alpine-release ]; then
     # Alpine Linux
@@ -317,7 +321,7 @@ advanced_settings() {
     done
   fi
   # Setting Default Tag for Advanced Settings
-  TAGS="community-script;"
+  TAGS="community-script;${var_tags:-}"
 
   CT_TYPE=""
   while [ -z "$CT_TYPE" ]; do