Add kopia access to traefik

2-nomad-config/secrets.enc.json

@@ -27,7 +27,8 @@
 		"magic-token": "ENC[AES256_GCM,data:3mKbPFgvtX+hWYEZ0q4jBjnR8KM+E/1DqmkVzoV6ROY=,iv:9L748apqK1TcsW0Y0HvU9QHVD/eSh56c/uN/K4KNct4=,tag:ZmXiaPz7MEvaQ0yu3byiKQ==,type:str]"
 	},
 	"traefik": {
-		"cf_tunnel_token": "ENC[AES256_GCM,data:IgrmKwdeipix1dIXNuXnTWN5rCZjClbKZQJfgr5c2IP/n8bcc/nG5Wb42WL2C4hTeVqhG5p62ZXoz0j4dNAjxvuzcW/P0XeSYaiDRXMNWKhNIcK7jOexgswio0sUC+F7f3fa6HH4C02Mx8dWoFZChYtM5EhGdcEwVwspyBlMhTSHTz+/w5T9OqH18o132ZTM6kMQY85sgH36azWoSw73N+aC4ANhgybuok06z6R5D2jMdDX47Bo5bg==,iv:yOcUDTYHh58iejbl0wxNJO1hcDypcBq6KlHKyqnMSVk=,tag:CMyHKgahkIGdXItMJ1/hOg==,type:str]"
+		"cf_tunnel_token": "ENC[AES256_GCM,data:IgrmKwdeipix1dIXNuXnTWN5rCZjClbKZQJfgr5c2IP/n8bcc/nG5Wb42WL2C4hTeVqhG5p62ZXoz0j4dNAjxvuzcW/P0XeSYaiDRXMNWKhNIcK7jOexgswio0sUC+F7f3fa6HH4C02Mx8dWoFZChYtM5EhGdcEwVwspyBlMhTSHTz+/w5T9OqH18o132ZTM6kMQY85sgH36azWoSw73N+aC4ANhgybuok06z6R5D2jMdDX47Bo5bg==,iv:yOcUDTYHh58iejbl0wxNJO1hcDypcBq6KlHKyqnMSVk=,tag:CMyHKgahkIGdXItMJ1/hOg==,type:str]",
+		"kopia_basic_auth": "ENC[AES256_GCM,data:GKJKTtFqW2f8L6VYsBIuNsssUk8vBn74A4TIFw==,iv:rjV0o+CKUtZi8nVsVv0m17OPkYW5ymje9QoWvlRHa7g=,tag:CqEf6n5xgc2RWddbZoNqBQ==,type:str]"
 	},
 	"immich": {
 		"database_pw": "ENC[AES256_GCM,data:SUyMGqu7deZyZpVt,iv:asZehOvn/JamwFyS+Xl9Xpr4JFkKlJjHVw7LywYOxTc=,tag:plRvuv7+ievfEhxurBl7YQ==,type:str]"
@@ -39,8 +40,8 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-10-11T03:45:25Z",
-		"mac": "ENC[AES256_GCM,data:GfOzYXFJVo6GTVyw2LOXOwrwBV27GN7SGNi3AZpiQUvLMZZQrC0swuH+/xmXzvOhVTdvAmW8tuR9Ue3yaK0orTIvhCb4rURitjyTu6cnVdmPYA5RGLLjt97sUcuqaafESwPGJSdjWUK/Ff6pqlPkQNU53/MScv53xGbpGYEfSho=,iv:0px5+uUXd6UkSoKaX7siPr/3gkitwzGr/BUxvZ9Y6Jo=,tag:ln31oDutGKK+rgaWrEPV2g==,type:str]",
+		"lastmodified": "2025-10-13T12:19:46Z",
+		"mac": "ENC[AES256_GCM,data:QJ1Prqf37xMZbvyMvjBVxZOiOr07CmCYrWmr+5hwDsEmG4eEC9sPF/UY+/Cy2OTzsMp+cHb6C3maAo09O171wj6nJIZucg3B9fjEW2+4AoO217G4vmauMl3FFkut2CuvVV9zt2B/fLAskRg/yeYYOhjzPkWA6lyeV31sV5ZQ6Kw=,iv:5WfkmNr5vdfTqp6+INjQN/Zmc7/iJNc/2auO9h3En08=,tag:snBgJyMzBXVAkV3zERkK8g==,type:str]",
 		"encrypted_regex": "^(.*)$",
 		"version": "3.10.2"
 	}

2-nomad-config/traefik.nomad.hcl

@@ -128,6 +128,10 @@ http:
       stripPrefix:
         prefixes:
           - "/magic-token/{token:[A-Z0-9]+}"
+    inject-kopia-basic-auth:
+      headers:
+        customRequestHeaders:
+          Authorization: "Basic {{ with nomadVar "nomad/jobs/traefik" }}{{ .kopia_basic_auth }}{{ end }}"
   routers:
     fallback:
       rule: "HostRegexp(`^.+$`)"
@@ -162,6 +166,12 @@ http:
       service: frigate
       middlewares:
         - auth
+    kopia:
+      rule: "Host(`kopia.othrayte.one`)"
+      service: kopia
+      middlewares:
+        - auth
+        - inject-kopia-basic-auth
     hass:
       rule: "Host(`hass.othrayte.one`)"
       service: hass
@@ -192,6 +202,10 @@ http:
       loadBalancer:
         servers:
           - url: "http://192.168.1.192:5000"
+    kopia:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.1.192:51515"
     hass:
       loadBalancer:
         servers:

2-nomad-config/traefik.tf

@@ -21,7 +21,8 @@ resource "cloudflare_dns_record" "star-othrayte-one" {
 resource "nomad_variable" "traefik" {
   path = "nomad/jobs/traefik"
   items = {
-    cf_tunnel_token = data.sops_file.secrets.data["traefik.cf_tunnel_token"]
+    cf_tunnel_token  = data.sops_file.secrets.data["traefik.cf_tunnel_token"]
+    kopia_basic_auth = data.sops_file.secrets.data["traefik.kopia_basic_auth"]
   }
 }