# Global Config
{
	email certs@tremendousturtle.tools
	default_sni tremendousturtle.tools
	acme_ca https://acme-v02.api.letsencrypt.org/directory
	admin :2019
	# debug
	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory

	servers {
		trusted_proxies cloudflare {
			interval 12h
			timeout 15s
		}
		client_ip_headers Cf-Connecting-Ip X-Forwarded-For X-Real-IP
	}
}

# Global Reusable Blocks
(tls) {
	tls {
		dns cloudflare {
			zone_token {env.CF_ZONE_TOKEN}
			api_token {env.CF_API_TOKEN}
		}
		resolvers 1.1.1.1 1.0.0.1
	}
}
(secure) {
	forward_auth {args[0]} authelia-app-1:9091 {
		uri /api/authz/forward-auth
		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
	}
}
(secure-external) {
	forward_auth {args[0]} https://auth.tremendousturtle.tools {
		uri /api/authz/forward-auth
		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
		header_up Host {upstream_hostport}
	}
}
(ttt-log) {
	log {
		output file /logs/{args[0]}.tremendousturtle.tools.log
	}
}
(ttt-proxy) {
	reverse_proxy {args[0]}:{args[1]} {
		header_up X-Real-IP {http.request.header.CF-Connecting-IP}
		header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
	}
}
(ttt-app) {
	{args[0]}.tremendousturtle.tools {
		import ttt-log {args[0]}
		import tls
		import secure *
		import ttt-proxy {args[0]}-app-1 {args[1]}
	}
}
(ttt-app-local) {
	{args[0]}.tremendousturtle.tools {
		import ttt-log {args[0]}
		import tls
		import secure *
		import ttt-proxy host.docker.internal {args[1]}
	}
}
(ttt-app-alt) {
	{args[0]}.tremendousturtle.tools {
		import ttt-log {args[0]}
		import tls
		import secure *
		import ttt-proxy {args[1]} {args[2]}
	}
}

# Web Config
tremendousturtle.tools {
	import tls
	respond "I'm Alive!"
}

auth.tremendousturtle.tools {
	import tls
	reverse_proxy authelia-app-1:9091
}

authentik.tremendousturtle.tools {
	import tls
	reverse_proxy authentik-app-1:9000
}

# Define code.tremendousturtle.tools
# Locally hosted non-docker apps (proxies to 192.168.1.234 instead of localhost)
import ttt-app-local code 8020
import ttt-app-local pihole 1080
import ttt-app-local sonarr 8989
import ttt-app-local radarr 7878
import ttt-app-local prowlarr 9696
import ttt-app-local cockpit 9090

# Docker apps with same subdomain as docker compose project name
import ttt-app frigate 8971
import ttt-app overseerr 5055
import ttt-app openobserve 5080
import ttt-app gitea 3000
import ttt-app homepage 3000
import ttt-app requestrr 4545

# Alternate configuration (different subdomain and docker compose project name)
import ttt-app-alt budget actual-server-app-1 5006
import ttt-app-alt trilium triliumnext-notes-app-1 8080
import ttt-app-alt notes triliumnext-notes-app-1 8080
import ttt-app-alt stash stashapp-app-1 9999
import ttt-app-alt pihole1 192.168.1.116 80