From 20f0cc586d0b30e59c5d70513659c19a3bf50d31 Mon Sep 17 00:00:00 2001
From: aptalca <541623+aptalca@users.noreply.github.com>
Date: Fri, 24 Feb 2023 20:23:27 -0500
Subject: [PATCH 1/2] add support for authentik

---
 README.md              | 6 +++---
 root/app/auto-proxy.sh | 6 ++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 27abb30d..44f58229 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 This mod gives SWAG the ability to auto-detect running containers via labels and automatically enable reverse proxy for them.
 
 ## Requirements:
-- This mod needs the `universal-docker` mod installed and set up with either mapping `docker.sock` or setting the environment variable `DOCKER_HOST=remoteaddress`.
+- This mod needs the [universal-docker mod](https://github.com/linuxserver/docker-mods/tree/universal-docker) installed and set up with either mapping `docker.sock` or setting the environment variable `DOCKER_HOST=remoteaddress`.
 - Other containers to be auto-detected and reverse proxied should be in the same [user defined bridge network](https://docs.linuxserver.io/general/swag#docker-networking) as SWAG.
 - Containers to be auto-detected and reverse proxied must have a label `swag=enable` at a minimum.
 - To benefit from curated preset proxy confs we provide, the container name must match the container names that are suggested in our readme examples (ie. `radarr` and not `Radarr-4K`).
@@ -11,10 +11,10 @@ This mod gives SWAG the ability to auto-detect running containers via labels and
 ## Labels:
 - `swag=enable` - required for auto-detection
 - `swag_address=containername` - *optional* - overrides upstream app address. Can be set to an IP or a DNS hostname. Defaults to `container name`.
-- `swag_port=80` - *optional* - overrides *internal* exposed port
+- `swag_port=80` - *optional* - overrides *internal* exposed port (if no preset conf and this label not set, auto-proxy will default to first detected exposed port)
 - `swag_proto=http` - *optional* - overrides internal proto (defaults to http)
 - `swag_url=containername.domain.com` - *optional* - overrides *server_name* (defaults to `containername.*`)
-- `swag_auth=authelia` - *optional* - enables auth methods (options are `authelia`, `ldap` and `http` for basic http auth)
+- `swag_auth=authelia` - *optional* - enables auth methods (options are `authelia`, `authentik`, `ldap` and `http` for basic http auth)
 - `swag_auth_bypass=/api,/othersubfolder` - *optional* - bypasses auth for selected subfolders. Comma separated, no spaces.
 
 
diff --git a/root/app/auto-proxy.sh b/root/app/auto-proxy.sh
index cc132639..d99e3a79 100755
--- a/root/app/auto-proxy.sh
+++ b/root/app/auto-proxy.sh
@@ -73,6 +73,9 @@ for CONTAINER in ${AUTO_GEN}; do
         if [ "${swag_auth}" == "authelia" ]; then
             sed -i "s|#include /config/nginx/authelia|include /config/nginx/authelia|g" "/etc/nginx/http.d/auto-proxy-${CONTAINER}.subdomain.conf"
             echo "**** Enabling Authelia for ${CONTAINER} ****"
+        elif [ "${swag_auth}" == "authentik" ]; then
+            sed -i "s|#include /config/nginx/authentik|include /config/nginx/authentik|g" "/etc/nginx/http.d/auto-proxy-${CONTAINER}.subdomain.conf"
+            echo "**** Enabling Authentik for ${CONTAINER} ****"
         elif [ "${swag_auth}" == "http" ]; then
             sed -i "s|#auth_basic|auth_basic|g" "/etc/nginx/http.d/auto-proxy-${CONTAINER}.subdomain.conf"
             echo "**** Enabling basic http auth for ${CONTAINER} ****"
@@ -135,6 +138,9 @@ DUDE
         if [ "${swag_auth}" == "authelia" ]; then
             sed -i "s|#include /config/nginx/authelia|include /config/nginx/authelia|g" "/etc/nginx/http.d/auto-proxy-${CONTAINER}.subdomain.conf"
             echo "**** Enabling Authelia for ${CONTAINER} ****"
+        elif [ "${swag_auth}" == "authentik" ]; then
+            sed -i "s|#include /config/nginx/authentik|include /config/nginx/authentik|g" "/etc/nginx/http.d/auto-proxy-${CONTAINER}.subdomain.conf"
+            echo "**** Enabling Authentik for ${CONTAINER} ****"
         elif [ "${swag_auth}" == "http" ]; then
             sed -i "s|#auth_basic|auth_basic|g" "/etc/nginx/http.d/auto-proxy-${CONTAINER}.subdomain.conf"
             echo "**** Enabling basic http auth for ${CONTAINER} ****"

From be29d4c1bd41dfa69bf0a35483ac7a44ca76d31d Mon Sep 17 00:00:00 2001
From: aptalca <541623+aptalca@users.noreply.github.com>
Date: Fri, 24 Feb 2023 20:30:26 -0500
Subject: [PATCH 2/2] add permissions.yml, update checkout action ver

---
 .github/workflows/BuildImage.yml  | 2 +-
 .github/workflows/permissions.yml | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/permissions.yml

diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml
index ae4e146f..bb418c2d 100644
--- a/.github/workflows/BuildImage.yml
+++ b/.github/workflows/BuildImage.yml
@@ -11,7 +11,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
 
       - name: Build image
         run: |
diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml
new file mode 100644
index 00000000..2df6b61b
--- /dev/null
+++ b/.github/workflows/permissions.yml
@@ -0,0 +1,9 @@
+name: Permission check
+on:
+  pull_request:
+    paths:
+      - '**/run'
+      - '**/finish'
+jobs:
+  permission_check:
+    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1