Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/zitadel/files/bootstrap_api_user.sh
Pieter 48ef4da920 Fix Zitadel deployment by removing FirstInstance variables 
- Remove all ZITADEL_FIRSTINSTANCE_* environment variables
- Fixes migration error: duplicate key constraint violation
- Root cause: Bug in Zitadel v2.63.7 FirstInstance migration
- Workaround: Complete initial setup via web UI
- Upstream issue: https://github.com/zitadel/zitadel/issues/8791

Changes:
- Clean up obsolete documentation (OIDC_AUTOMATION.md, SETUP_GUIDE.md, COLLABORA_SETUP.md)
- Add PROJECT_REFERENCE.md for essential configuration info
- Add force recreate functionality with clean database volumes
- Update bootstrap instructions for web UI setup
- Document one-time manual setup requirement for OIDC automation

Zitadel now deploys successfully and is accessible at:
https://zitadel.test.vrije.cloud

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-06 16:43:57 +01:00

58 lines
2 KiB
Bash
Raw Blame History

#!/bin/bash
# Bootstrap Zitadel API service user and generate PAT
# This script must be run once per client after initial Zitadel deployment
# It creates a machine user with a Personal Access Token for API automation
set -e
ZITADEL_DOMAIN="$1"
ADMIN_USERNAME="$2"
ADMIN_PASSWORD="$3"
if [ -z "$ZITADEL_DOMAIN" ] || [ -z "$ADMIN_USERNAME" ] || [ -z "$ADMIN_PASSWORD" ]; then
echo "Usage: $0 <zitadel_domain> <admin_username> <admin_password>" >&2
echo "Example: $0 zitadel.test.vrije.cloud 'admin@test.zitadel.test.vrije.cloud' 'password123'" >&2
exit 1
fi
echo "🔧 Bootstrapping Zitadel API automation..."
echo "Domain: $ZITADEL_DOMAIN"
echo "Admin: $ADMIN_USERNAME"
echo ""
# This is a placeholder script that provides instructions for the manual one-time setup
# In a production environment, this would use Puppeteer/Selenium to automate the browser
echo "⚠️ MANUAL SETUP REQUIRED (one time per client)"
echo ""
echo "Please follow these steps in your browser:"
echo ""
echo "1. Open: https://$ZITADEL_DOMAIN/ui/console"
echo "2. Login with:"
echo " Username: $ADMIN_USERNAME"
echo " Password: $ADMIN_PASSWORD"
echo ""
echo "3. Navigate to: Users → Service Users"
echo "4. Click 'New'"
echo "5. Enter:"
echo " Username: api-automation"
echo " Name: API Automation Service"
echo "6. Click 'Create'"
echo ""
echo "7. Click on the new user 'api-automation'"
echo "8. Go to 'Personal Access Tokens' tab"
echo "9. Click 'New'"
echo "10. Set expiration date: 2099-12-31 (or far future)"
echo "11. Click 'Add'"
echo "12. COPY THE TOKEN (it will only be shown once!)"
echo ""
echo "13. Add the token to your secrets file:"
echo " zitadel_api_token: <paste-token-here>"
echo ""
echo "14. Re-run the deployment: ansible-playbook -i hcloud.yml playbooks/deploy.yml"
echo ""
echo "After this one-time setup, all OIDC apps will be created automatically!"
echo ""
# TODO: Implement browser automation using Puppeteer or Selenium
# For now, this provides clear instructions for the manual process
Reference in a new issue View git blame Copy permalink