From 6b7bd105a3cbf012e66ed87bacf7106c3b57dedf Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Sun, 31 Dec 2023 18:37:20 +0100
Subject: [PATCH] Move stuff around

---
 roles/proxy/defaults/main.yml            |  4 ++
 roles/proxy/templates/caddy/Caddyfile.j2 | 54 ++++++++++++------------
 2 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/roles/proxy/defaults/main.yml b/roles/proxy/defaults/main.yml
index 696f533..010cf2e 100644
--- a/roles/proxy/defaults/main.yml
+++ b/roles/proxy/defaults/main.yml
@@ -4,6 +4,10 @@
 proxy_data_root: "{{ data_fs }}/proxy"
 proxy_caddy_version: '2.7.6'
 
+proxy_environments:
+  - production
+  - staging
+
 proxy_trusted_subnets:
   - 192.168.1.0/24
   - 192.168.8.0/24
diff --git a/roles/proxy/templates/caddy/Caddyfile.j2 b/roles/proxy/templates/caddy/Caddyfile.j2
index ec1c209..7032dbd 100644
--- a/roles/proxy/templates/caddy/Caddyfile.j2
+++ b/roles/proxy/templates/caddy/Caddyfile.j2
@@ -1,10 +1,10 @@
 {# code: language=ansible-jinja #}
 # THIS FILE IS MANAGED BY ANSIBLE
 
-{% for env in ['production', 'staging'] %}
+{% for env in proxy_environments %}
 # BEGIN Environment: {{ env }}
 
-ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
+cloud.{{ proxy_vars[env].app01.apps_base_domain }} {
     tls {{ tls_email }} {
         dns njalla {{ njalla_api_token }}
     }
@@ -14,6 +14,9 @@ ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
         -Server
     }
 
+{% if env == 'production' %}
+    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
+{% else %}
     @local {
         remote_ip {{ proxy_trusted_subnets | join(' ') }}
     }
@@ -23,6 +26,7 @@ ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
     }
 
     respond 403
+{% endif %}
 }
 
 ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
@@ -52,6 +56,27 @@ ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
 {% endif %}
 }
 
+ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
+    tls {{ tls_email }} {
+        dns njalla {{ njalla_api_token }}
+    }
+
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        -Server
+    }
+
+    @local {
+        remote_ip {{ proxy_trusted_subnets | join(' ') }}
+    }
+
+    handle @local {
+        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
+    }
+
+    respond 403
+}
+
 xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} {
     tls {{ tls_email }} {
         dns njalla {{ njalla_api_token }}
@@ -73,30 +98,5 @@ xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} {
     respond 403
 }
 
-cloud.{{ proxy_vars[env].app01.apps_base_domain }} {
-    tls {{ tls_email }} {
-        dns njalla {{ njalla_api_token }}
-    }
-
-    header {
-        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-        -Server
-    }
-
-{% if env == 'production' %}
-    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
-{% else %}
-    @local {
-        remote_ip {{ proxy_trusted_subnets | join(' ') }}
-    }
-
-    handle @local {
-        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
-    }
-
-    respond 403
-{% endif %}
-}
-
 # END Environment: {{ env }}
 {% endfor %}