---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: syncthing-ingressroute
  namespace: syncthing
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`ss.hexor.cy`)
      kind: Rule
      services:
        - name: syncthing-router
          port: 80
      middlewares:
        - name: authentik-forward-auth
          namespace: syncthing
  tls:
    secretName: syncthing-tls
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: authentik-forward-auth
  namespace: syncthing
spec:
  forwardAuth:
    address: http://authentik-server.authentik.svc.cluster.local/outpost.goauthentik.io/auth/traefik
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
      - X-authentik-groups
      - X-authentik-email
      - X-authentik-name
      - X-authentik-uid