From 1441ae03747f120765d78869002a68acf2784055 Mon Sep 17 00:00:00 2001
From: Tony Du <tonydu121@hotmail.com>
Date: Sat, 8 Mar 2025 14:54:49 -0800
Subject: [PATCH] chore: Protect wizarr

---
 .../external/build/kustomization.yaml         |  1 -
 .../ingressroutes/external/kustomization.yaml |  1 +
 .../external/manual/kustomization.yaml        |  5 +++++
 .../{build => manual}/wizarr-tonydu.yaml      | 21 +++++++++++++++++--
 .../external/templater/values.yaml            |  9 --------
 .../ingressroutes/internal/up-mnke-org.yaml   |  6 +++++-
 6 files changed, 30 insertions(+), 13 deletions(-)
 create mode 100644 k8s/apps/ingressroutes/external/manual/kustomization.yaml
 rename k8s/apps/ingressroutes/external/{build => manual}/wizarr-tonydu.yaml (54%)

diff --git a/k8s/apps/ingressroutes/external/build/kustomization.yaml b/k8s/apps/ingressroutes/external/build/kustomization.yaml
index b832356..a5e2be3 100644
--- a/k8s/apps/ingressroutes/external/build/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/build/kustomization.yaml
@@ -6,7 +6,6 @@ resources:
   - jellyfin-tonydu.yaml
   - seerr-mnke.yaml
   - seerr-tonydu.yaml
-  - wizarr-tonydu.yaml
   - dns-dolo-mnke.yaml
   - gitea.yaml
   - vaultwarden.yaml
diff --git a/k8s/apps/ingressroutes/external/kustomization.yaml b/k8s/apps/ingressroutes/external/kustomization.yaml
index fa6d59c..36d5802 100644
--- a/k8s/apps/ingressroutes/external/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/kustomization.yaml
@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - build
+  - manual
diff --git a/k8s/apps/ingressroutes/external/manual/kustomization.yaml b/k8s/apps/ingressroutes/external/manual/kustomization.yaml
new file mode 100644
index 0000000..77b029d
--- /dev/null
+++ b/k8s/apps/ingressroutes/external/manual/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - wizarr-tonydu.yaml
diff --git a/k8s/apps/ingressroutes/external/build/wizarr-tonydu.yaml b/k8s/apps/ingressroutes/external/manual/wizarr-tonydu.yaml
similarity index 54%
rename from k8s/apps/ingressroutes/external/build/wizarr-tonydu.yaml
rename to k8s/apps/ingressroutes/external/manual/wizarr-tonydu.yaml
index 5c79270..2ad11b2 100644
--- a/k8s/apps/ingressroutes/external/build/wizarr-tonydu.yaml
+++ b/k8s/apps/ingressroutes/external/manual/wizarr-tonydu.yaml
@@ -1,5 +1,4 @@
 ---
-# This file was automatically generated. Do not modify.
 apiVersion: v1
 kind: Service
 metadata:
@@ -14,7 +13,8 @@ spec:
       targetPort: 443
 
 ---
-# This file was automatically generated. Do not modify.
+# TODO: Migrate this to redirect to mnke.org. Requires changing an env
+# variable in the container
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -24,8 +24,25 @@ spec:
   entryPoints:
     - websecure
   routes:
+    - match: >-
+        Host(`wizarr.tonydu.me`) &&
+        (PathPrefix(`/j`) ||
+          PathPrefix(`/join`) ||
+          PathPrefix(`/setup`) ||
+          PathPrefix(`/static`) ||
+          PathPrefix(`/guide`))
+      kind: Rule
+      services:
+        - kind: Service
+          name: wizarr-tonydu-external
+          port: 443
+          passHostHeader: False
+
     - match: Host(`wizarr.tonydu.me`)
       kind: Rule
+      middlewares:
+        - name: authentik
+          namespace: default
       services:
         - kind: Service
           name: wizarr-tonydu-external
diff --git a/k8s/apps/ingressroutes/external/templater/values.yaml b/k8s/apps/ingressroutes/external/templater/values.yaml
index 4d3af37..2449782 100644
--- a/k8s/apps/ingressroutes/external/templater/values.yaml
+++ b/k8s/apps/ingressroutes/external/templater/values.yaml
@@ -39,15 +39,6 @@ proxies:
       # - name: redirect-tonydu-me-mnke-org
         # namespace: default
 
-    # TODO: Migrate this to redirect to mnke.org. Requires changing an env
-    # variable in the container
-  - service_name: wizarr-tonydu
-    tls_secret_name: wildcard-tonydu-me-tls
-    listen_host: wizarr.tonydu.me
-    upstream_host: wizarr.jumper.mnke.org
-    upstream_port: 443
-    pass_host_header: false
-
   - service_name: dns-dolo-mnke
     tls_secret_name: wildcard-mnke-org-tls
     listen_host: dns.dolo.mnke.org
diff --git a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
index 039ed15..8f39f17 100644
--- a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
+++ b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
@@ -10,7 +10,11 @@ spec:
   routes:
     - match: >-
         (Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)) &&
-        (PathRegexp(`^/status/*$`) || PathRegexp(`^/api/*`))
+        (PathPrefix(`/status`) ||
+          PathPrefix(`/api`) ||
+          PathPrefix(`/metrics`) ||
+          PathPrefix(`/assets`) ||
+          PathPrefix(`/upload`))
       kind: Rule
       services:
         - kind: Service