homelab/k8s/apps/syncthing/ingress-route.yaml

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: syncthing-ingressroute
  namespace: syncthing
spec:
  entryPoints:
    - websecure
  routes:
    # Landing page
    - match: Host(`ss.hexor.cy`) && Path(`/`)
      kind: Rule
      services:
        - name: syncthing-landing
          port: 80
      middlewares:
        - name: authentik-forward-auth
          namespace: syncthing
    
    # NAS instance and its assets
    - match: Host(`ss.hexor.cy`) && PathPrefix(`/nas`)
      kind: Rule
      priority: 100
      services:
        - name: syncthing-nas
          port: 8384
      middlewares:
        - name: authentik-forward-auth
          namespace: syncthing
        - name: syncthing-headers-nas
          namespace: syncthing
        - name: set-cookie-nas
          namespace: syncthing
        - name: strip-prefix-nas
          namespace: syncthing
    
    # Master instance and its assets
    - match: Host(`ss.hexor.cy`) && PathPrefix(`/master`)
      kind: Rule
      priority: 100
      services:
        - name: syncthing-master
          port: 8384
      middlewares:
        - name: authentik-forward-auth
          namespace: syncthing
        - name: syncthing-headers-master
          namespace: syncthing
        - name: set-cookie-master
          namespace: syncthing
        - name: strip-prefix-master
          namespace: syncthing
    
    # Iris instance and its assets
    - match: Host(`ss.hexor.cy`) && PathPrefix(`/iris`)
      kind: Rule
      priority: 100
      services:
        - name: syncthing-khv
          port: 8384
      middlewares:
        - name: authentik-forward-auth
          namespace: syncthing
        - name: syncthing-headers-iris
          namespace: syncthing
        - name: set-cookie-iris
          namespace: syncthing
        - name: strip-prefix-iris
          namespace: syncthing
    
    # Catch all static assets and route based on referer header
    - match: Host(`ss.hexor.cy`) && (PathPrefix(`/vendor`) || PathPrefix(`/theme-assets`) || PathPrefix(`/meta`) || PathPrefix(`/syncthing`))
      kind: Rule
      priority: 50
      services:
        - name: syncthing-router
          namespace: syncthing
          port: 80
      middlewares:
        - name: authentik-forward-auth
          namespace: syncthing
        - name: asset-router
          namespace: syncthing
  tls:
    secretName: syncthing-tls