From d5b54b85513762a85833bbd861b705799cb2e3c6 Mon Sep 17 00:00:00 2001
From: Evie Litherland-Smith <evie@xenia.me.uk>
Date: Thu, 26 Oct 2023 17:22:47 +0100
Subject: [PATCH] Add traefik route with auth for syncthing-webinterface

Add auth to adguardhome and grafana traefik routes as well
---
 services/syncthing/default.nix   | 61 +++++++++++++-------------------
 services/traefik/adguardhome.nix |  1 +
 services/traefik/grafana.nix     | 19 +++++-----
 services/traefik/syncthing.nix   | 16 +++++++++
 4 files changed, 50 insertions(+), 47 deletions(-)
 create mode 100644 services/traefik/syncthing.nix

diff --git a/services/syncthing/default.nix b/services/syncthing/default.nix
index d12f7687..b184a7a6 100644
--- a/services/syncthing/default.nix
+++ b/services/syncthing/default.nix
@@ -1,50 +1,37 @@
 { config, lib, pkgs, user, ... }:
 let devices = [ "Ion" "Legion" "Northstar" "Ronin" "Vanguard" ];
 in {
+  imports = [ ../traefik/syncthing.nix ];
   services.syncthing = {
     enable = true;
     systemService = true;
     overrideDevices = false;
     overrideFolders = true;
     openDefaultPorts = true;
-    settings = {
-      devices = {
-        "Ion".id =
-          "7DD4NPH-6T2ET5A-4FCLFWW-CS6UR2W-IO5XQXC-DM5B2Q4-6X7DGU2-UKKVEAB";
-        "Legion".id =
-          "6OX54CG-EAQMXKA-K7TXB5P-G5A27HB-52JE2FA-XNAYZU6-YMIDBXP-RKPBJQV";
-        "Northstar".id =
-          "HNK5Z72-757G3BP-I4PBWXY-FM5FWCM-ES4XP56-E5ULWB5-RGRCBUI-RHWRXQV";
-        "Ronin".id =
-          "ZOL5YHK-ZZZULIE-UHGVKHW-H5E4BP7-S4CZBOX-OIZVUCV-RZUXOKA-QVBUBAJ";
-        "Vanguard".id =
-          "I366QNQ-D3FTDRX-RNOTXMW-YITZXOF-DSCDMQD-63Q72LI-ME2Y4HZ-T34RMQK";
+    settings.folders = {
+      "Documents" = {
+        inherit devices;
+        id = "gvggx-6telk";
+        path = "~/Documents";
+        ignorePerms = true;
       };
-      folders = {
-        "Documents" = {
-          inherit devices;
-          id = "gvggx-6telk";
-          path = "~/Documents";
-          ignorePerms = true;
-        };
-        "Music" = {
-          inherit devices;
-          id = "munzw-vnxhl";
-          path = "~/Music";
-          ignorePerms = true;
-        };
-        "Pictures" = {
-          inherit devices;
-          id = "ziuj8-rm6dn";
-          path = "~/Pictures";
-          ignorePerms = true;
-        };
-        "Videos" = {
-          inherit devices;
-          id = "mbsop-qteua";
-          path = "~/Videos";
-          ignorePerms = true;
-        };
+      "Music" = {
+        inherit devices;
+        id = "munzw-vnxhl";
+        path = "~/Music";
+        ignorePerms = true;
+      };
+      "Pictures" = {
+        inherit devices;
+        id = "ziuj8-rm6dn";
+        path = "~/Pictures";
+        ignorePerms = true;
+      };
+      "Videos" = {
+        inherit devices;
+        id = "mbsop-qteua";
+        path = "~/Videos";
+        ignorePerms = true;
       };
     };
   };
diff --git a/services/traefik/adguardhome.nix b/services/traefik/adguardhome.nix
index c6ad674c..aa1cd41d 100644
--- a/services/traefik/adguardhome.nix
+++ b/services/traefik/adguardhome.nix
@@ -7,6 +7,7 @@
       rule = "Host(`guard.xenia.me.uk`)";
       entryPoints = [ "http" "https" ];
       service = "adguard-webinterface";
+      middlewares = [ "auth" ];
       tls = { certResolver = "default"; };
     };
     services.adguard-webinterface.loadBalancer.servers =
diff --git a/services/traefik/grafana.nix b/services/traefik/grafana.nix
index b4d375a6..146dac0c 100644
--- a/services/traefik/grafana.nix
+++ b/services/traefik/grafana.nix
@@ -2,16 +2,15 @@
 
 {
   imports = [ ./default.nix ];
-  services.traefik.dynamicConfigOptions = {
-    http = {
-      routers.grafana = {
-        rule = "Host(`grafana.xenia.me.uk`)";
-        entryPoints = [ "http" "https" ];
-        service = "grafana-webinterface";
-        tls = { certResolver = "default"; };
-      };
-      services.grafana-webinterface.loadBalancer.servers =
-        [{ url = "http://localhost:3100"; }];
+  services.traefik.dynamicConfigOptions.http = {
+    routers.grafana = {
+      rule = "Host(`grafana.xenia.me.uk`)";
+      entryPoints = [ "http" "https" ];
+      service = "grafana-webinterface";
+      middlewares = [ "auth" ];
+      tls = { certResolver = "default"; };
     };
+    services.grafana-webinterface.loadBalancer.servers =
+      [{ url = "http://localhost:3100"; }];
   };
 }
diff --git a/services/traefik/syncthing.nix b/services/traefik/syncthing.nix
new file mode 100644
index 00000000..98b2864b
--- /dev/null
+++ b/services/traefik/syncthing.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ./default.nix ];
+  services.traefik.dynamicConfigOptions.http = {
+    routers.syncthing = {
+      rule = "Host(`sync.xenia.me.uk`)";
+      entryPoints = [ "http" "https" ];
+      service = "syncthing-webinterface";
+      middlewares = [ "auth" ];
+      tls = { certResolver = "default"; };
+    };
+    services.syncthing-webinterface.loadBalancer.servers =
+      [{ url = "http://localhost:8384"; }];
+  };
+}