[ci skip] Strip Authentik auth headers before forwarding to backend

Add strip-auth-headers Traefik middleware that removes X-authentik-*
headers from requests before they reach the backend. Backends like
iDRAC and TP-Link gateway break when receiving these extra headers.

modules/kubernetes/reverse_proxy/main.tf

@@ -76,28 +76,30 @@ module "nas-files" {
 
 # https://idrac.viktorbarzin.me/
 module "idrac" {
-  source            = "./factory"
-  name              = "idrac"
-  external_name     = "idrac.viktorbarzin.lan"
-  port              = 443
-  tls_secret_name   = var.tls_secret_name
-  backend_protocol  = "HTTPS"
-  extra_annotations = {}
-  depends_on        = [kubernetes_namespace.reverse-proxy]
+  source             = "./factory"
+  name               = "idrac"
+  external_name      = "idrac.viktorbarzin.lan"
+  port               = 443
+  tls_secret_name    = var.tls_secret_name
+  backend_protocol   = "HTTPS"
+  strip_auth_headers = true
+  extra_annotations  = {}
+  depends_on         = [kubernetes_namespace.reverse-proxy]
 }
 
 # Can either listen on https or http; can't do both :/
 # TODO: Not working yet
 module "tp-link-gateway" {
-  source            = "./factory"
-  name              = "gw"
-  external_name     = "gw.viktorbarzin.lan"
-  port              = 443
-  tls_secret_name   = var.tls_secret_name
-  backend_protocol  = "HTTPS"
-  depends_on        = [kubernetes_namespace.reverse-proxy]
-  protected         = true
-  extra_annotations = {}
+  source             = "./factory"
+  name               = "gw"
+  external_name      = "gw.viktorbarzin.lan"
+  port               = 443
+  tls_secret_name    = var.tls_secret_name
+  backend_protocol   = "HTTPS"
+  depends_on         = [kubernetes_namespace.reverse-proxy]
+  protected          = true
+  strip_auth_headers = true
+  extra_annotations  = {}
 }
 
 # https://truenas.viktorbarzin.me/