# --------------------------------------------------
# global options
# --------------------------------------------------

{
        acme_dns cloudflare {env.DNS_PROVIDER_TOKEN}

#       log {
#                output file caddy.log
#                level info
#        }

}

# --------------------------------------------------
# auth snippet for authentik
# --------------------------------------------------

(auth) {
        reverse_proxy /outpost.goauthentik.io/* authentik-server:9000

        forward_auth authentik-server:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
                trusted_proxies private_ranges
        }
}

# --------------------------------------------------
# akanealw.com root domain
# --------------------------------------------------

akanealw.com {
        @homepage host akanealw.com
        handle @homepage {
                import auth
                reverse_proxy 192.168.1.30:3005
        }
}

# --------------------------------------------------
# authentik subdomain
# --------------------------------------------------

authentik.akanealw.com {
        reverse_proxy authentik-server:9000
}

# --------------------------------------------------
# *.akanealw.com subdomains
# --------------------------------------------------

*.akanealw.com {
# --------------------------------------------------
# internal only subdomains
# --------------------------------------------------

        @allowed client_ip private_ranges

        @dockge host dockge.akanealw.com
        handle @dockge {
                        handle @allowed {
                                reverse_proxy dockge:5001
                }
                respond "ip range not allowed"
        }

        @dozzle host dozzle.akanealw.com
        handle @dozzle {
                        handle @allowed {
                                reverse_proxy dozzle:8080
                }
                respond "ip range not allowed"
        }

        @adguard1 host adguard1.akanealw.com
        handle @adguard1 {
                        handle @allowed {
                                reverse_proxy 192.168.1.2:80
                }
                respond "ip range not allowed"
        }


# --------------------------------------------------
# external subdomains
# --------------------------------------------------

        @adguard2 host adguard2.akanealw.com
        handle @adguard2 {
                import auth
                reverse_proxy 192.168.1.3:80
        }

        @filebrowser host filebrowser.akanealw.com
        handle @filebrowser {
                import auth
                reverse_proxy 192.168.1.30:8484
        }
}

# --------------------------------------------------
# aknlw.com root domain
# --------------------------------------------------

aknlw.com {

        @shlink host aknlw.com
        handle @shlink {
                reverse_proxy 192.168.1.30:8380
        }
}

# --------------------------------------------------
# *.aknlw.com subdomains
# --------------------------------------------------

repo.aknlw.com {

        reverse_proxy 192.168.1.50:3000
}