From 536c903fe288a8d85f9973ffc432f2f018c04947 Mon Sep 17 00:00:00 2001
From: LinuxServer-CI <ci@linuxserver.io>
Date: Tue, 1 Dec 2020 11:06:37 +0000
Subject: [PATCH 1/3] Bot Updating Package Versions

---
 package_versions.txt | 94 ++++++++++++++++++++++----------------------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/package_versions.txt b/package_versions.txt
index 905c67a..65e4f5c 100755
--- a/package_versions.txt
+++ b/package_versions.txt
@@ -58,7 +58,7 @@ libmnl-1.0.4-r0
 libmount-2.35.2-r0
 libnftnl-libs-1.1.6-r0
 libpng-1.6.37-r1
-libpq-12.4-r0
+libpq-12.5-r0
 libproc-3.3.16-r0
 libressl3.1-libcrypto-3.1.2-r0
 libressl3.1-libssl-3.1.2-r0
@@ -89,7 +89,7 @@ logrotate-3.16.0-r0
 luajit-5.1.20190925-r0
 memcached-1.6.6-r0
 musl-1.1.24-r10
-musl-utils-1.1.24-r9
+musl-utils-1.1.24-r10
 nano-4.9.3-r0
 ncurses-libs-6.2_p20200523-r0
 ncurses-terminfo-base-6.2_p20200523-r0
@@ -123,55 +123,55 @@ pcre2-10.35-r0
 perl-5.30.3-r0
 perl-error-0.17029-r0
 perl-git-2.26.2-r0
-php7-7.3.24-r0
-php7-bcmath-7.3.24-r0
-php7-bz2-7.3.24-r0
-php7-common-7.3.24-r0
-php7-ctype-7.3.24-r0
-php7-curl-7.3.24-r0
-php7-dom-7.3.24-r0
-php7-exif-7.3.24-r0
-php7-fileinfo-7.3.24-r0
-php7-fpm-7.3.24-r0
-php7-ftp-7.3.24-r0
-php7-gd-7.3.24-r0
-php7-iconv-7.3.24-r0
-php7-imap-7.3.24-r0
-php7-intl-7.3.24-r0
-php7-json-7.3.24-r0
-php7-ldap-7.3.24-r0
-php7-mbstring-7.3.24-r0
-php7-mysqli-7.3.24-r0
-php7-mysqlnd-7.3.24-r0
-php7-opcache-7.3.24-r0
-php7-openssl-7.3.24-r0
-php7-pdo-7.3.24-r0
-php7-pdo_mysql-7.3.24-r0
-php7-pdo_odbc-7.3.24-r0
-php7-pdo_pgsql-7.3.24-r0
-php7-pdo_sqlite-7.3.24-r0
-php7-pear-7.3.24-r0
+php7-7.3.25-r0
+php7-bcmath-7.3.25-r0
+php7-bz2-7.3.25-r0
+php7-common-7.3.25-r0
+php7-ctype-7.3.25-r0
+php7-curl-7.3.25-r0
+php7-dom-7.3.25-r0
+php7-exif-7.3.25-r0
+php7-fileinfo-7.3.25-r0
+php7-fpm-7.3.25-r0
+php7-ftp-7.3.25-r0
+php7-gd-7.3.25-r0
+php7-iconv-7.3.25-r0
+php7-imap-7.3.25-r0
+php7-intl-7.3.25-r0
+php7-json-7.3.25-r0
+php7-ldap-7.3.25-r0
+php7-mbstring-7.3.25-r0
+php7-mysqli-7.3.25-r0
+php7-mysqlnd-7.3.25-r0
+php7-opcache-7.3.25-r0
+php7-openssl-7.3.25-r0
+php7-pdo-7.3.25-r0
+php7-pdo_mysql-7.3.25-r0
+php7-pdo_odbc-7.3.25-r0
+php7-pdo_pgsql-7.3.25-r0
+php7-pdo_sqlite-7.3.25-r0
+php7-pear-7.3.25-r0
 php7-pecl-apcu-5.1.19-r0
 php7-pecl-igbinary-3.1.6-r0
 php7-pecl-mcrypt-1.0.3-r0
 php7-pecl-memcached-3.1.5-r0
 php7-pecl-redis-5.2.2-r1
-php7-pgsql-7.3.24-r0
-php7-phar-7.3.24-r0
-php7-posix-7.3.24-r0
-php7-session-7.3.24-r0
-php7-simplexml-7.3.24-r0
-php7-soap-7.3.24-r0
-php7-sockets-7.3.24-r0
-php7-sodium-7.3.24-r0
-php7-sqlite3-7.3.24-r0
-php7-tokenizer-7.3.24-r0
-php7-xml-7.3.24-r0
-php7-xmlreader-7.3.24-r0
-php7-xmlrpc-7.3.24-r0
-php7-xmlwriter-7.3.24-r0
-php7-xsl-7.3.24-r0
-php7-zip-7.3.24-r0
+php7-pgsql-7.3.25-r0
+php7-phar-7.3.25-r0
+php7-posix-7.3.25-r0
+php7-session-7.3.25-r0
+php7-simplexml-7.3.25-r0
+php7-soap-7.3.25-r0
+php7-sockets-7.3.25-r0
+php7-sodium-7.3.25-r0
+php7-sqlite3-7.3.25-r0
+php7-tokenizer-7.3.25-r0
+php7-xml-7.3.25-r0
+php7-xmlreader-7.3.25-r0
+php7-xmlrpc-7.3.25-r0
+php7-xmlwriter-7.3.25-r0
+php7-xsl-7.3.25-r0
+php7-zip-7.3.25-r0
 pinentry-1.1.0-r2
 popt-1.16-r7
 procps-3.3.16-r0
@@ -212,7 +212,7 @@ scanelf-1.2.6-r0
 shadow-4.8.1-r0
 sqlite-libs-3.32.1-r0
 ssl_client-1.31.1-r19
-tzdata-2020c-r0
+tzdata-2020c-r1
 unixodbc-2.3.7-r2
 whois-5.5.6-r0
 xz-5.2.5-r0

From 723289018671615f32f156504a5817267120fea0 Mon Sep 17 00:00:00 2001
From: LinuxServer-CI <ci@linuxserver.io>
Date: Tue, 8 Dec 2020 11:09:05 +0000
Subject: [PATCH 2/3] Bot Updating Package Versions

---
 package_versions.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package_versions.txt b/package_versions.txt
index 65e4f5c..5a483f7 100755
--- a/package_versions.txt
+++ b/package_versions.txt
@@ -1,6 +1,6 @@
 alpine-baselayout-3.2.0-r7
 alpine-keys-2.2-r0
-apache2-utils-2.4.46-r0
+apache2-utils-2.4.46-r1
 apk-tools-2.10.5-r1
 apr-1.7.0-r0
 apr-util-1.6.1-r6

From 1bdf9a98e251b3e9c2abb6d7ab444282665185b6 Mon Sep 17 00:00:00 2001
From: aptalca <aptalca@linuxserver.io>
Date: Wed, 9 Dec 2020 11:39:01 -0500
Subject: [PATCH 3/3] add new dns methods, check confs, add workflows add
 gehirn and sakuracloud dns validation add conf checker add trigger workflows
 remove deprecated certbot option for public ip logging

---
 .github/workflows/external_trigger.yml        | 90 +++++++++++++++++++
 .../workflows/external_trigger_scheduler.yml  | 43 +++++++++
 .github/workflows/package_trigger.yml         | 38 ++++++++
 .../workflows/package_trigger_scheduler.yml   | 50 +++++++++++
 README.md                                     |  3 +-
 readme-vars.yml                               |  3 +-
 root/defaults/dns-conf/gehirn.ini             |  4 +
 root/defaults/dns-conf/sakuracloud.ini        |  4 +
 root/etc/cont-init.d/50-config                | 20 ++---
 root/etc/cont-init.d/70-templates             | 42 +++++++++
 10 files changed, 284 insertions(+), 13 deletions(-)
 create mode 100644 .github/workflows/external_trigger.yml
 create mode 100644 .github/workflows/external_trigger_scheduler.yml
 create mode 100644 .github/workflows/package_trigger.yml
 create mode 100644 .github/workflows/package_trigger_scheduler.yml
 create mode 100644 root/defaults/dns-conf/gehirn.ini
 create mode 100644 root/defaults/dns-conf/sakuracloud.ini
 create mode 100644 root/etc/cont-init.d/70-templates

diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml
new file mode 100644
index 0000000..c65b7fa
--- /dev/null
+++ b/.github/workflows/external_trigger.yml
@@ -0,0 +1,90 @@
+name: External Trigger Main
+
+on:
+  workflow_dispatch:
+
+jobs:
+  external-trigger-master:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.3
+
+      - name: External Trigger
+        if: github.ref == 'refs/heads/master'
+        run: |
+          if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
+            echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
+            exit 0
+          fi
+          echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
+          echo "**** Retrieving external version ****"
+          EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
+          if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
+            echo "**** Can't retrieve external version, exiting ****"
+            FAILURE_REASON="Can't retrieve external version for swag branch master"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            exit 1
+          fi
+          echo "**** External version: ${EXT_RELEASE} ****"
+          echo "**** Retrieving last pushed version ****"
+          image="linuxserver/swag"
+          tag="latest"
+          token=$(curl -sX GET \
+            "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fswag%3Apull" \
+            | jq -r '.token')
+            multidigest=$(curl -s \
+              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Authorization: Bearer ${token}" \
+              "https://ghcr.io/v2/${image}/manifests/${tag}" \
+              | jq -r 'first(.manifests[].digest)')
+            digest=$(curl -s \
+              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Authorization: Bearer ${token}" \
+              "https://ghcr.io/v2/${image}/manifests/${multidigest}" \
+              | jq -r '.config.digest')
+          image_info=$(curl -sL \
+            --header "Authorization: Bearer ${token}" \
+            "https://ghcr.io/v2/${image}/blobs/${digest}" \
+            | jq -r '.container_config')
+          IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
+          IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
+          if [ -z "${IMAGE_VERSION}" ]; then
+            echo "**** Can't retrieve last pushed version, exiting ****"
+            FAILURE_REASON="Can't retrieve last pushed version for swag tag latest"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
+              "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+            exit 1
+          fi
+          echo "**** Last pushed version: ${IMAGE_VERSION} ****"
+          if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
+            echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
+            exit 0
+          elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+            echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
+            exit 0
+          else
+            echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
+            response=$(curl -iX POST \
+              https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
+              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+            echo "**** Jenkins job queue url: ${response%$'\r'} ****"
+            echo "**** Sleeping 10 seconds until job starts ****"
+            sleep 10
+            buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+            buildurl="${buildurl%$'\r'}"
+            echo "**** Jenkins job build url: ${buildurl} ****"
+            echo "**** Attempting to change the Jenkins job description ****"
+            curl -iX POST \
+              "${buildurl}submitDescription" \
+              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+              --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+              --data-urlencode "Submit=Submit"
+            echo "**** Notifying Discord ****"
+            TRIGGER_REASON="A version change was detected for swag tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+              "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
+          fi
diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml
new file mode 100644
index 0000000..bdd8245
--- /dev/null
+++ b/.github/workflows/external_trigger_scheduler.yml
@@ -0,0 +1,43 @@
+name: External Trigger Scheduler
+
+on:
+  schedule:
+    - cron:  '50 * * * *'
+  workflow_dispatch:
+
+jobs:
+  external-trigger-scheduler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.3
+        with:
+          fetch-depth: '0'
+        
+      - name: External Trigger Scheduler
+        run: |
+          echo "**** Branches found: ****"
+          git for-each-ref --format='%(refname:short)' refs/remotes
+          echo "**** Pulling the yq docker image ****"
+          docker pull ghcr.io/linuxserver/yq
+          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          do
+            br=$(echo "$br" | sed 's|origin/||g')
+            echo "**** Evaluating branch ${br} ****"
+            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
+              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
+            if [ "$br" == "$ls_branch" ]; then
+              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+              if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
+                echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
+                curl -iX POST \
+                  -H "Authorization: token ${{ secrets.CR_PAT }}" \
+                  -H "Accept: application/vnd.github.v3+json" \
+                  -d "{\"ref\":\"refs/heads/${br}\"}" \
+                  https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
+              else
+                echo "**** Workflow doesn't exist; skipping trigger. ****"
+              fi
+            else
+              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
+            fi
+          done
diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml
new file mode 100644
index 0000000..a122e53
--- /dev/null
+++ b/.github/workflows/package_trigger.yml
@@ -0,0 +1,38 @@
+name: Package Trigger Main
+
+on:
+  workflow_dispatch:
+
+jobs:
+  package-trigger-master:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.3
+
+      - name: Package Trigger
+        if: github.ref == 'refs/heads/master'
+        run: |
+          if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
+            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
+            exit 0
+          fi
+          if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+            echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
+            exit 0
+          fi
+          echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
+          response=$(curl -iX POST \
+            https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
+            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+          echo "**** Jenkins job queue url: ${response%$'\r'} ****"
+          echo "**** Sleeping 10 seconds until job starts ****"
+          sleep 10
+          buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+          buildurl="${buildurl%$'\r'}"
+          echo "**** Jenkins job build url: ${buildurl} ****"
+          echo "**** Attempting to change the Jenkins job description ****"
+          curl -iX POST \
+            "${buildurl}submitDescription" \
+            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+            --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            --data-urlencode "Submit=Submit"
diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml
new file mode 100644
index 0000000..4a8d36c
--- /dev/null
+++ b/.github/workflows/package_trigger_scheduler.yml
@@ -0,0 +1,50 @@
+name: Package Trigger Scheduler
+
+on:
+  schedule:
+    - cron:  '55 13 * * 5'
+  workflow_dispatch:
+
+jobs:
+  package-trigger-scheduler:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.3
+        with:
+          fetch-depth: '0'
+        
+      - name: Package Trigger Scheduler
+        run: |
+          echo "**** Branches found: ****"
+          git for-each-ref --format='%(refname:short)' refs/remotes
+          echo "**** Pulling the yq docker image ****"
+          docker pull ghcr.io/linuxserver/yq
+          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
+          do
+            br=$(echo "$br" | sed 's|origin/||g')
+            echo "**** Evaluating branch ${br} ****"
+            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
+              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
+            if [ "${br}" == "${ls_branch}" ]; then
+              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+              if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
+                echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
+                triggered_branches="${triggered_branches}${br} "
+                curl -iX POST \
+                  -H "Authorization: token ${{ secrets.CR_PAT }}" \
+                  -H "Accept: application/vnd.github.v3+json" \
+                  -d "{\"ref\":\"refs/heads/${br}\"}" \
+                  https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/package_trigger.yml/dispatches
+                sleep 30
+              else
+                echo "**** Workflow doesn't exist; skipping trigger. ****"
+              fi
+            else
+              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
+            fi
+          done
+          echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
+          echo "**** Notifying Discord ****"
+          curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+            "description": "**Package Check Build(s) Triggered for swag** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-swag/activity/"' \n"}],
+            "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
diff --git a/README.md b/README.md
index 437dbf7..ac44fbc 100644
--- a/README.md
+++ b/README.md
@@ -139,7 +139,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e DUCKDNSTOKEN=` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications. |
@@ -323,6 +323,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **09.11.20:** - Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation.
 * **01.11.20:** - Add support for netcup dns validation
 * **29.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy.
 * **04.10.20:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering.
diff --git a/readme-vars.yml b/readme-vars.yml
index 3caa6f2..ef6e511 100755
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -50,7 +50,7 @@ cap_add_param_vars:
 # optional container parameters
 opt_param_usage_include_env: true
 opt_param_env_vars:
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`,`gehirn`, `google`, `inwx`, `linode`, `luadns`, `netcup`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
   - { env_var: "DUCKDNSTOKEN", env_value: "", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
   - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications." }
@@ -150,6 +150,7 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "09.11.20:", desc: "Check for template/conf updates and notify in the log. Add support for gehirn and sakuracloud dns validation." }
   - { date: "01.11.20:", desc: "Add support for netcup dns validation" }
   - { date: "29.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) ssl.conf - Add frame-ancestors to Content-Security-Policy." }
   - { date: "04.10.20:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, proxy.conf, and ssl.conf - Minor cleanups and reordering." }
diff --git a/root/defaults/dns-conf/gehirn.ini b/root/defaults/dns-conf/gehirn.ini
new file mode 100644
index 0000000..e1ac409
--- /dev/null
+++ b/root/defaults/dns-conf/gehirn.ini
@@ -0,0 +1,4 @@
+# Instructions: https://certbot-dns-gehirn.readthedocs.io/en/stable/
+# Replace with your values
+dns_gehirn_api_token  = 00000000-0000-0000-0000-000000000000
+dns_gehirn_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/root/defaults/dns-conf/sakuracloud.ini b/root/defaults/dns-conf/sakuracloud.ini
new file mode 100644
index 0000000..17f3ac8
--- /dev/null
+++ b/root/defaults/dns-conf/sakuracloud.ini
@@ -0,0 +1,4 @@
+# Instructions: https://certbot-dns-sakuracloud.readthedocs.io/en/stable/
+# Replace with your values
+dns_sakuracloud_api_token  = 00000000-0000-0000-0000-000000000000
+dns_sakuracloud_api_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
index f1d925f..6a54010 100644
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@@ -45,8 +45,6 @@ chown -R abc:abc /config/dns-conf
 
 # copy reverse proxy configs
 cp -R /defaults/proxy-confs /config/nginx/
-# remove outdated files (remove this action after 2020/10/17)
-rm -f /config/nginx/proxy-confs/seafile.subdomain.config.sample /config/nginx/proxy-confs/librespeed.subdomain.com.sample
 
 # copy/update the fail2ban config defaults to/in /config
 cp -R /defaults/fail2ban/filter.d /config/fail2ban/
@@ -92,7 +90,7 @@ if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
 fi
 
 # check to make sure DNSPLUGIN is selected if dns validation is used
-[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|transip)$ ]] && \
+[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|inwx|linode|luadns|netcup|nsone|ovh|rfc2136|route53|sakuracloud|transip)$ ]] && \
   echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \
   sleep infinity
 
@@ -176,32 +174,32 @@ fi
 if [ "$VALIDATION" = "dns" ]; then
   if [ "$DNSPLUGIN" = "route53" ]; then
     if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-    PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
+    PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
   elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then
     if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-    PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
+    PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
   elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then
     if [ -n "$PROPAGATION" ];then echo "Gandi dns plugin does not support setting propagation time"; fi
-    PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini --manual-public-ip-logging-ok"
+    PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini"
   elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
     if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
+    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
   elif [[ "$DNSPLUGIN" =~ ^(aliyun|domeneshop|inwx|transip)$ ]]; then
     if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-    PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
+    PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
   elif [[ "$DNSPLUGIN" =~ ^(netcup)$ ]]; then
     if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-    PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
+    PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
   else
     if [ -n "$PROPAGATION" ];then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM} --manual-public-ip-logging-ok"
+    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
   fi
   echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
 elif [ "$VALIDATION" = "tls-sni" ]; then
   PREFCHAL="--non-interactive --standalone --preferred-challenges http"
   echo "*****tls-sni validation has been deprecated, attempting http validation instead"
 elif [ "$VALIDATION" = "duckdns" ]; then
-  PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook /app/duckdns-txt"
+  PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
   chmod +x /app/duckdns-txt
   echo "duckdns validation is selected"
   if [ "$SUBDOMAINS" = "wildcard" ]; then
diff --git a/root/etc/cont-init.d/70-templates b/root/etc/cont-init.d/70-templates
new file mode 100644
index 0000000..53b9f95
--- /dev/null
+++ b/root/etc/cont-init.d/70-templates
@@ -0,0 +1,42 @@
+#!/usr/bin/with-contenv bash
+
+nginx_confs=( \
+    authelia-location.conf \
+    authelia-server.conf \
+    geoip2.conf \
+    ldap.conf \
+    nginx.conf \
+    proxy.conf \
+    site-confs/default \
+    ssl.conf )
+
+for i in ${nginx_confs[@]}; do
+    if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /config/nginx/${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' /defaults/$(basename ${i}))" ]; then
+        nginx_confs_changed="/config/nginx/${i}\n${nginx_confs_changed}"
+    fi
+done
+
+if [ -n "$nginx_confs_changed" ]; then
+    echo "**** The following nginx confs have different version dates than the defaults that are shipped. ****"
+    echo "**** This may be due to user customization or an update to the defaults. ****"
+    echo "**** To update them to the latest defaults shipped within the image, delete these files and restart the container. ****"
+    echo "**** If they are user customized, check the date version at the top and compare to the upstream changelog via the link. ****"
+    echo -e "${nginx_confs_changed}"
+fi
+
+proxy_confs=$(ls /config/nginx/proxy-confs/*.conf)
+
+for i in $proxy_confs; do
+    if [ -f "${i}.sample" ]; then
+        if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i})" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' ${i}.sample)" ]; then
+            proxy_confs_changed="${i}\n${proxy_confs_changed}"
+        fi
+    fi
+done
+
+if [ -n "$proxy_confs_changed" ]; then
+    echo "**** The following reverse proxy confs have different version dates than the samples that are shipped. ****"
+    echo "**** This may be due to user customization or an update to the samples. ****"
+    echo "**** You should compare them to the samples in the same folder to make sure you have the latest updates. ****"
+    echo -e "${proxy_confs_changed}"
+fi