Migrate admin middleware to internal

nixos/viridian/containers/lidarr.nix

@@ -34,7 +34,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "lidarr";
     };

nixos/viridian/containers/prowlarr.nix

@@ -31,7 +31,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "prowlarr";
     };

nixos/viridian/containers/qbittorrent.nix

@@ -34,7 +34,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "qbittorrent";
     };

nixos/viridian/containers/radarr.nix

@@ -33,7 +33,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "radarr";
     };

nixos/viridian/containers/sonarr.nix

@@ -34,7 +34,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "sonarr";
     };

nixos/viridian/services/grafana.nix

@@ -41,7 +41,7 @@
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "grafana";
     };

nixos/viridian/services/traefik/middlewares.nix

@@ -10,18 +10,10 @@
 
   # Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service
   services.traefik.dynamicConfigOptions.http.middlewares = {
-    # Restrict access to admin devices only
-    admin.ipwhitelist.sourcerange = [
-      "127.0.0.1/32"    # localhost
-      "192.168.1.101"   # fuchsia
-      "10.100.0.2"      # Pixel 6 Pro
-    ];
-
     # Restrict access to internal networks
     internal.ipwhitelist.sourcerange = [
       "127.0.0.1/32"    # localhost
-      "192.168.1.1/24"  # lan
+      "192.168.20.1/24" # lan
-      "10.100.0.0/24"   # wireguard clients
     ];
 
     # Restrict access based on geo-location