From 95e12df43dfdc7d39c9368ac628842eefacdc072 Mon Sep 17 00:00:00 2001
From: "AB from home.homenet" <home@hexor.cy>
Date: Sun, 12 Oct 2025 13:02:32 +0300
Subject: [PATCH] Changed syncthing access and auth scheme

---
 k8s/apps/syncthing/ingress-route.yaml |  49 ++++++++++++
 k8s/apps/syncthing/kustomization.yaml |   3 +
 k8s/apps/syncthing/landing-page.yaml  | 103 ++++++++++++++++++++++++++
 k8s/apps/syncthing/middleware.yaml    |  46 ++++++++++++
 4 files changed, 201 insertions(+)
 create mode 100644 k8s/apps/syncthing/ingress-route.yaml
 create mode 100644 k8s/apps/syncthing/landing-page.yaml
 create mode 100644 k8s/apps/syncthing/middleware.yaml

diff --git a/k8s/apps/syncthing/ingress-route.yaml b/k8s/apps/syncthing/ingress-route.yaml
new file mode 100644
index 0000000..1b5fe2b
--- /dev/null
+++ b/k8s/apps/syncthing/ingress-route.yaml
@@ -0,0 +1,49 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: syncthing-ingressroute
+  namespace: syncthing
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`ss.hexor.cy`)
+      kind: Rule
+      services:
+        - name: syncthing-landing
+          port: 80
+      middlewares:
+        - name: authentik-forward-auth
+          namespace: syncthing
+    - match: Host(`ss.hexor.cy`) && PathPrefix(`/nas`)
+      kind: Rule
+      services:
+        - name: syncthing-nas
+          port: 8384
+      middlewares:
+        - name: authentik-forward-auth
+          namespace: syncthing
+        - name: strip-prefix-nas
+          namespace: syncthing
+    - match: Host(`ss.hexor.cy`) && PathPrefix(`/master`)
+      kind: Rule
+      services:
+        - name: syncthing-master
+          port: 8384
+      middlewares:
+        - name: authentik-forward-auth
+          namespace: syncthing
+        - name: strip-prefix-master
+          namespace: syncthing
+    - match: Host(`ss.hexor.cy`) && PathPrefix(`/iris`)
+      kind: Rule
+      services:
+        - name: syncthing-khv
+          port: 8384
+      middlewares:
+        - name: authentik-forward-auth
+          namespace: syncthing
+        - name: strip-prefix-iris
+          namespace: syncthing
+  tls:
+    secretName: syncthing-tls
\ No newline at end of file
diff --git a/k8s/apps/syncthing/kustomization.yaml b/k8s/apps/syncthing/kustomization.yaml
index 46688d8..b0aa069 100644
--- a/k8s/apps/syncthing/kustomization.yaml
+++ b/k8s/apps/syncthing/kustomization.yaml
@@ -4,6 +4,9 @@ kind: Kustomization
 
 resources:
   - app.yaml
+  - ingress-route.yaml
+  - middleware.yaml
+  - landing-page.yaml
 
 helmCharts:
   - name: syncthing
diff --git a/k8s/apps/syncthing/landing-page.yaml b/k8s/apps/syncthing/landing-page.yaml
new file mode 100644
index 0000000..50fed59
--- /dev/null
+++ b/k8s/apps/syncthing/landing-page.yaml
@@ -0,0 +1,103 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: syncthing-landing-html
+  namespace: syncthing
+data:
+  index.html: |
+    <!DOCTYPE html>
+    <html>
+    <head>
+        <title>Syncthing Instances</title>
+        <style>
+            body {
+                font-family: Arial, sans-serif;
+                display: flex;
+                justify-content: center;
+                align-items: center;
+                height: 100vh;
+                margin: 0;
+                background-color: #f0f0f0;
+            }
+            .container {
+                text-align: center;
+                background: white;
+                padding: 40px;
+                border-radius: 10px;
+                box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+            }
+            h1 {
+                color: #333;
+                margin-bottom: 30px;
+            }
+            .links {
+                display: flex;
+                flex-direction: column;
+                gap: 15px;
+            }
+            a {
+                display: inline-block;
+                padding: 15px 30px;
+                background-color: #0078e7;
+                color: white;
+                text-decoration: none;
+                border-radius: 5px;
+                transition: background-color 0.3s;
+            }
+            a:hover {
+                background-color: #0056b3;
+            }
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <h1>Syncthing Instances</h1>
+            <div class="links">
+                <a href="/nas">NAS Instance</a>
+                <a href="/master">Master Instance</a>
+                <a href="/iris">Iris Instance</a>
+            </div>
+        </div>
+    </body>
+    </html>
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: syncthing-landing
+  namespace: syncthing
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: syncthing-landing
+  template:
+    metadata:
+      labels:
+        app: syncthing-landing
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: html
+          mountPath: /usr/share/nginx/html
+      volumes:
+      - name: html
+        configMap:
+          name: syncthing-landing-html
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: syncthing-landing
+  namespace: syncthing
+spec:
+  selector:
+    app: syncthing-landing
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
\ No newline at end of file
diff --git a/k8s/apps/syncthing/middleware.yaml b/k8s/apps/syncthing/middleware.yaml
new file mode 100644
index 0000000..598644d
--- /dev/null
+++ b/k8s/apps/syncthing/middleware.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik-forward-auth
+  namespace: syncthing
+spec:
+  forwardAuth:
+    address: http://authentik-server.authentik.svc.cluster.local/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: strip-prefix-nas
+  namespace: syncthing
+spec:
+  stripPrefix:
+    prefixes:
+      - /nas
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: strip-prefix-master
+  namespace: syncthing
+spec:
+  stripPrefix:
+    prefixes:
+      - /master
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: strip-prefix-iris
+  namespace: syncthing
+spec:
+  stripPrefix:
+    prefixes:
+      - /iris
\ No newline at end of file