New connection!mode option https://github.com/alexbelgium/hassio-addons/security/advisories/GHSA-qv4x-8hwg-7cqj

radarr/CHANGELOG.md

@@ -1,3 +1,4 @@
+- BREAKING CHANGE : ingress_disabled option removed. Instead, a new option connection_mode is added. It has 3 modes : ingress_noauth (default, disables authentification to allow a seamless ingress integration), noingress_auth (disables ingress to allow a simpler external url, enables authentification), ingress_auth (enables both ingress and authentification). Thanks @Ni3kjm !
 
 ## 5.4.6.8723 (20-04-2024)
 - Update to latest version from linuxserver/docker-radarr (changelog : https://github.com/linuxserver/docker-radarr/releases)

radarr/README.md

@@ -57,6 +57,7 @@ localdisks: sda1 #put the hardware name of your drive to mount separated by comm
 networkdisks: "//SERVER/SHARE" # optional, list of smb servers to mount, separated by commas
 cifsusername: "username" # optional, smb username, same for all smb shares
 cifspassword: "password" # optional, smb password
+connection_mode: ingress_noauth (default, disables authentification to allow a seamless ingress integration), noingress_auth (disables ingress to allow a simpler external url, enables authentification), ingress_auth (enables both ingress and authentification)
 ```
 
 ## Support

radarr/config.json

@@ -82,7 +82,9 @@
   "name": "Radarr",
   "options": {
     "PGID": 0,
-    "PUID": 0
+    "PUID": 0,
+    "connection_mode": "ingress_noauth"
+
   },
   "panel_icon": "mdi:movie-outline",
   "ports": {
@@ -102,13 +104,12 @@
     "cifsdomain": "str?",
     "cifspassword": "str?",
     "cifsusername": "str?",
-    "ingress_disabled": "bool?",
+    "connection_mode": "list(ingress_noauth,noingress_auth,ingress_auth)",
     "localdisks": "str?",
-    "networkdisks": "str?",
-    "smbv1": "bool?"
+    "networkdisks": "str?"
   },
   "slug": "radarr_nas",
   "udev": true,
   "url": "https://github.com/alexbelgium/hassio-addons/tree/master/radarr",
-  "version": "5.4.6.8723"
+  "version": "5.4.6.8723-2"
 }

radarr/rootfs/etc/cont-init.d/32-nginx_ingress.sh

@@ -24,25 +24,42 @@ slug=radarr
 CONFIG_LOCATION=/config/addons_config/"$slug"/config.xml
 
 if [ -f "$CONFIG_LOCATION" ]; then
-    # Set UrlBase
-    if ! bashio::config.true "ingress_disabled"; then
-        bashio::log.warning "---------------------------"
-        bashio::log.warning "Ingress is enabled, authentification will be disabled and should be managed through HA itself. If you need authentification, please disable ingress in addon options"
-        bashio::log.warning "---------------------------"
-        # Define UrlBase
-        sed -i "/UrlBase/d" "$CONFIG_LOCATION"
-        sed -i "2a <UrlBase>$slug<\/UrlBase>" "$CONFIG_LOCATION"
-        # Disable local auth
-        sed -i "/AuthenticationType/d" "$CONFIG_LOCATION"
-        sed -i "2a <AuthenticationType>DisabledForLocalAddresses</AuthenticationType>" "$CONFIG_LOCATION"
-        # Disable local auth
-        sed -i "/AuthenticationMethod/d" "$CONFIG_LOCATION"
-        sed -i "2a <AuthenticationMethod>external</AuthenticationMethod>" "$CONFIG_LOCATION"
-    else
-        bashio::log.warning "---------------------------"
-        bashio::log.info "Disabling ingress and enabling authentification"
-        bashio::log.warning "---------------------------"
-        sed -i "/UrlBase/d" "$CONFIG_LOCATION"
-        sed -i "/<AuthenticationMethod>external/d" "$CONFIG_LOCATION"
-    fi
+
+    # Define addon mode
+    connection_mode="$(bashio::config "connection_mode")"
+    bashio::log.green "---------------------------"
+    bashio::log.green "Connection_mode is $connection_mode"
+    bashio::log.green "---------------------------"
+    case connectionmode in
+        # Ingress mode, authentification is disabled
+        ingress_noauth)
+            bashio::log.green "Ingress is enabled, authentification is disabled"
+            bashio::log.yellow "WARNING : Make sure that the port is not exposed externally by your router to avoid a security risk !"
+            # Define UrlBase
+            sed -i "/UrlBase/d" "$CONFIG_LOCATION"
+            sed -i "2a <UrlBase>$slug<\/UrlBase>" "$CONFIG_LOCATION"
+            # Disable local auth
+            sed -i "/AuthenticationType/d" "$CONFIG_LOCATION"
+            sed -i "2a <AuthenticationType>DisabledForLocalAddresses</AuthenticationType>" "$CONFIG_LOCATION"
+            # Disable local auth
+            sed -i "/AuthenticationMethod/d" "$CONFIG_LOCATION"
+            sed -i "2a <AuthenticationMethod>external</AuthenticationMethod>" "$CONFIG_LOCATION"
+            ;;
+        # Ingress mode, with authentification
+        ingress_auth)
+            bashio::log.green "Ingress is enabled, and external authentification is enabled"
+            # Define UrlBase
+            sed -i "/UrlBase/d" "$CONFIG_LOCATION"
+            sed -i "2a <UrlBase>$slug<\/UrlBase>" "$CONFIG_LOCATION"
+            sed -i "/<AuthenticationMethod>external/d" "$CONFIG_LOCATION"
+            ;;
+        # No ingress mode, with authentification
+        noingress_auth)
+            bashio::log.green "Disabling ingress and enabling authentification"
+            bashio::log.yellow "WARNING : Ingress is disabled so the app won't be available from HA itself !"
+            sed -i "/UrlBase/d" "$CONFIG_LOCATION"
+            sed -i "/<AuthenticationMethod>external/d" "$CONFIG_LOCATION"
+            ;;
+    esac
+
 fi