{
	email {$ACME_EMAIL}
}
### FUNKSJONER ###
(remote-ip) {
	@internal remote_ip 10.10.10.0/24 127.0.0.1/8
	@external remote_ip 0.0.0.0/0
}
(common-auth) {
	basicauth {
		tvh {$HASH}
	}
}
(rate-limit) {
	rate_limit {
		zone git_zone {
			key {remote_host}
			events 30
			window 10s
		}
	}
}
(read-only) {
	@readonly {
		method POST PUT DELETE PATCH
	}
	respond @readonly 403
}
### TJENESTER ###
git.{$DOMENESHOP_DNS} {
	import remote-ip
	handle @external {
		import rate-limit
		reverse_proxy gitea:3000
	}
}
lms.home.{$DOMENESHOP_DNS}  {
	tls internal
	import remote-ip
	handle @internal {
		reverse_proxy lms:9000        
	}
	respond "Forbidden" 403
}

pihole.home.{$DOMENESHOP_DNS} {
	tls internal
	import remote-ip
	handle @internal {
		redir / /admin
		reverse_proxy pihole:80
	}
}
nextcloud.{$DOMENESHOP_DNS}  {
	import remote-ip
	handle @external {
		import rate-limit
		encode gzip zstd
		reverse_proxy nextcloud-app:80
	}
}
portainer.{$DOMENESHOP_DNS} {
	import remote-ip
	handle @external {
		import common-auth
		import rate-limit
		import read-only
		reverse_proxy portainer:9000
	}
	respond "Forbidden" 403
}
portainer.home.{$DOMENESHOP_DNS} {
	import remote-ip
	handle @internal {
		reverse_proxy portainer:9000
	}
        respond "Forbidden" 403
}