chore: Protect wizarr

2025-03-08 14:54:49 -08:00 · 2025-03-08 14:54:49 -08:00 · 1441ae0374
commit 1441ae0374
parent a3f97b6d75
6 changed files with 30 additions and 13 deletions
--- a/k8s/apps/ingressroutes/external/build/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/build/kustomization.yaml
@ -6,7 +6,6 @@ resources:
  - jellyfin-tonydu.yaml
  - seerr-mnke.yaml
  - seerr-tonydu.yaml
-  - wizarr-tonydu.yaml
  - dns-dolo-mnke.yaml
  - gitea.yaml
  - vaultwarden.yaml
--- a/k8s/apps/ingressroutes/external/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/kustomization.yaml
@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - build
+  - manual
--- a/k8s/apps/ingressroutes/external/manual/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/manual/kustomization.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - wizarr-tonydu.yaml
--- a/k8s/apps/ingressroutes/external/manual/wizarr-tonydu.yaml
+++ b/k8s/apps/ingressroutes/external/manual/wizarr-tonydu.yaml
@ -1,5 +1,4 @@
 ---
-# This file was automatically generated. Do not modify.
 apiVersion: v1
 kind: Service
 metadata:
@ -14,7 +13,8 @@ spec:
      targetPort: 443

 ---
-# This file was automatically generated. Do not modify.
+# TODO: Migrate this to redirect to mnke.org. Requires changing an env
+# variable in the container
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@ -24,8 +24,25 @@ spec:
  entryPoints:
    - websecure
  routes:
+    - match: >-
+        Host(`wizarr.tonydu.me`) &&
+        (PathPrefix(`/j`) ||
+          PathPrefix(`/join`) ||
+          PathPrefix(`/setup`) ||
+          PathPrefix(`/static`) ||
+          PathPrefix(`/guide`))
+      kind: Rule
+      services:
+        - kind: Service
+          name: wizarr-tonydu-external
+          port: 443
+          passHostHeader: False
+
    - match: Host(`wizarr.tonydu.me`)
      kind: Rule
+      middlewares:
+        - name: authentik
+          namespace: default
      services:
        - kind: Service
          name: wizarr-tonydu-external
--- a/k8s/apps/ingressroutes/external/templater/values.yaml
+++ b/k8s/apps/ingressroutes/external/templater/values.yaml
@ -39,15 +39,6 @@ proxies:
      # - name: redirect-tonydu-me-mnke-org
        # namespace: default

-    # TODO: Migrate this to redirect to mnke.org. Requires changing an env
-    # variable in the container
-  - service_name: wizarr-tonydu
-    tls_secret_name: wildcard-tonydu-me-tls
-    listen_host: wizarr.tonydu.me
-    upstream_host: wizarr.jumper.mnke.org
-    upstream_port: 443
-    pass_host_header: false
-
  - service_name: dns-dolo-mnke
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: dns.dolo.mnke.org
--- a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
+++ b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
@ -10,7 +10,11 @@ spec:
  routes:
    - match: >-
        (Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)) &&
-        (PathRegexp(`^/status/*$`) || PathRegexp(`^/api/*`))
+        (PathPrefix(`/status`) ||
+          PathPrefix(`/api`) ||
+          PathPrefix(`/metrics`) ||
+          PathPrefix(`/assets`) ||
+          PathPrefix(`/upload`))
      kind: Rule
      services:
        - kind: Service