# Per-site fragments — one file per service under sites/.
# Each service ships its own templates/caddy-site.j2 (a Jinja2 template),
# which Ansible renders on the service host and distributes here via
# platform/playbooks/tasks/distribute-caddy-site.yml. Caddy is then reloaded.
#
# Patterns:
#   - The legacy {$VAR}-driven routes below stay as-is during the transition.
#   - New services (UhhCraft etc.) land as sites/<name>.caddy fragments.
#   - See plan/architecture/CADDY-REVERSE-PROXY.md for the full convention.
import sites/*.caddy

# ── Legacy {$VAR}-driven routes ─────────────────────────────────────────
{$CLOUD_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}

	header {
		# enable HSTS
	  Strict-Transport-Security max-age=15552000;
	}

	@ws {
		header Connection *Upgrade*
		header Upgrade websocket
	}

	@collabora {
    path /loleaflet/* # Loleaflet is the client part of LibreOffice Online
    path /hosting/discovery # WOPI discovery URL
    path /hosting/capabilities # Show capabilities as json
    path /lool/* # Main websocket, uploads/downloads, presentations
  }

	reverse_proxy {$CLOUD_IP}:{$CLOUD_PORT_MAIN}
	reverse_proxy @ws {$CLOUD_IP}:{$CLOUD_PORT_WS}
	reverse_proxy @collabora {$CLOUD_IP}:{$CLOUD_PORT_COLLABORA}
}

{$NOCODB_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$NOCODB_IP}:{$NOCODB_PORT}
}

{$WISBOT_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$WISBOT_IP}:{$WISBOT_PORT}
}

{$MIXPOST_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$MIXPOST_IP}:{$MIXPOST_PORT}
}

{$O11Y_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$O11Y_IP}:{$O11Y_PORT}
}

{$N8N_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$N8N_IP}:{$N8N_PORT}
}

{$SUPERSET_DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$SUPERSET_IP}:{$SUPERSET_PORT}
}

{$POSTIZ_DOMAIN} {
    tls {
		dns cloudflare {$CLOUDFLARE_API_KEY}
		resolvers 1.1.1.1 1.0.0.1
	}
	reverse_proxy {$POSTIZ_IP}:{$POSTIZ_PORT}
}

# rustdesk.example.com {
# 	tls {
# 		dns cloudflare {$CLOUDFLARE_API_KEY}
# 		resolvers 1.1.1.1 1.0.0.1
# 	}
# 	reverse_proxy http://MY.IP.ADD.111:21114-21119
# }