Feat: Set External Auth for Sonarr v4

[JigSawFr]

For Sonarr role:

IF

1. sonarr_docker_image_tag is set to v4
2. sonarr_traefik_sso_middleware is set to Authelia default SSO

Execute a subtask to set AuthMethod to <AuthenticationMethod>External</AuthenticationMethod>

Cf. https://wiki.servarr.com/sonarr/faq-v4#can-i-disable-forced-authentication

[JigSawFr]

Need also to set <UrlBase></UrlBase>

[owine]

Can potentially apply similar logic to other arr apps

An alternative (this is what I currently use) would be to provision a middleware to inject basic auth credentials and apply to the arr containers

[JigSawFr]

Can potentially apply similar logic to other arr apps

An alternative (this is what I currently use) would be to provision a middleware to inject basic auth credentials and apply to the arr containers

Yep, was doing it until now, prefer to use it on my side in last resort. As they offer external choice, it is better if you use health check for e.g. (And avoid multiple BA failures in logs :>)

But yeah there is other's vars that we can automate :)

[saltydk]

Do we really need to touch existing setups?

[JigSawFr]

Do we really need to touch existing setups?

I see it as an improvement only

[saltydk]

Well, I'd be against merging checks against user inventory edits. If this needs to be a thing then wait until v4 is the standard version.

[owine]

This is coming to Prowlarr stable soon fyi

[JigSawFr]

This is coming to Prowlarr stable soon fyi

Thanks for info !

[saltydk]

Need also to set <UrlBase></UrlBase>

That is the default so not sure why this is mentioned.

[saltydk]

So maybe something like

- name: Lookup AuthenticationMethod value
  community.general.xml:
    path: "/opt/{{ prowlarr_name }}/config.xml"
    xpath: "/Config/AuthenticationMethod"
    content: "text"
  register: xmlresp

- name: Toggle AuthenticationMethod to External
  block:
    - name: Remove the 'subjective' attribute of the 'rating' element
      community.general.xml:
        path: "/opt/{{ prowlarr_name }}/config.xml"
        xpath: "/Config/AuthenticationMethod"
        value: "External"

    - name: Restart Docker container
      ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/restart_docker_container.yml"

  when: ((xmlresp.matches[0].AuthenticationMethod is defined) and (xmlresp.matches[0].AuthenticationMethod != 'External'))```

[JigSawFr]

@saltydk yes, maybe we can add also another condition to check if sso middleware is defined to authelia, so we can keep initial behavior in case of ?

[saltydk]

I'd just have that in the include of the subtask

[JigSawFr]

Need also to set <UrlBase></UrlBase>

That is the default so not sure why this is mentioned.

Not sure how it's used in these programs, but in case of to avoid future problems ? At the moment it's working as expected without editing it.

[saltydk]

They won't set a UrlBase for you so don't worry about it.

[saltydk]

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base

[saltydk]

https://github.com/saltyorg/Saltbox/commit/a8571593f49a2d442e96da6a7fed5b6eb59b4873