{
	email {$ACME_EMAIL}
}
### FUNKSJONER ###
(remote-ip) {
	@internal remote_ip 10.10.10.0/24 172.16.0.0/12 127.0.0.1/8
	@external remote_ip 0.0.0.0/0
}
(common-auth) {
	basicauth {
		tvh {$HASH}
	}
}
(rate-limit) {
	rate_limit {
		zone git_zone {
			key {remote_host}
			events 30
			window 10s
		}
	}
}
(read-only) {
	@readonly {
		method POST PUT DELETE PATCH
	}
	respond @readonly 403
}
(dns-tls) {
	tls {
		dns domainnameshop {$DOMENESHOP_API_TOKEN} {$DOMENESHOP_API_SECRET}
		propagation_delay 90s
	}
}
### TJENESTER ###
git.{$DOMENESHOP_DNS} {
	import remote-ip
	handle @external {
		import rate-limit
		reverse_proxy gitea:3000
	}
}
lms.home.{$DOMENESHOP_DNS}  {
	import dns-tls
	import remote-ip
	handle @internal {
		reverse_proxy lms:9000        
	}
	respond "Forbidden" 403
}

pihole.home.{$DOMENESHOP_DNS} {
	import dns-tls
	import remote-ip
	handle @internal {
		redir / /admin
		reverse_proxy pihole:80
	}
}
nextcloud.{$DOMENESHOP_DNS}  {
	import remote-ip
	handle @external {
		import rate-limit
		encode gzip zstd
		reverse_proxy nextcloud-app:80
	}
}
portainer.{$DOMENESHOP_DNS} {
	import remote-ip
	handle @external {
		import common-auth
		import rate-limit
		import read-only
		reverse_proxy portainer:9000
	}
	respond "Forbidden" 403
}
portainer.home.{$DOMENESHOP_DNS} {
	import dns-tls
	import remote-ip
	handle @internal {
		reverse_proxy portainer:9000
	}
        respond "Forbidden" 403
}
kuma.home.{$DOMENESHOP_DNS} {
        import dns-tls
        import remote-ip
        handle @internal {
                reverse_proxy kuma:3001
        }
        respond "Forbidden" 403
}
vault.home.{$DOMENESHOP_DNS} {
        import dns-tls
        import remote-ip
        handle @internal {
                reverse_proxy vaultwarden:80
        }
        respond "Forbidden" 403
}