{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE

{% for env in proxy_environments %}
# BEGIN Environment: {{ env }}

cloud.{{ proxy_vars[env].app01.base_domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }

{% if env == 'production' %}
    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
{% else %}
    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
{% endif %}
}

ipfs-gateway.{{ proxy_vars[env].app01.base_domain }},
*.ipfs.ipfs-gateway.{{ proxy_vars[env].app01.base_domain }},
*.ipns.ipfs-gateway.{{ proxy_vars[env].app01.base_domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }

{% if env == 'production' %}
    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
{% else %}
    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
{% endif %}
}

ipfs.local.{{ proxy_vars[env].app01.base_domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }

    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
}

meet.{{ proxy_vars[env].app01.base_domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }

{% if env == 'production' %}
    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
{% else %}
    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
{% endif %}
}

xmr.local.{{ proxy_vars[env].app01.base_domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }

    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
}

# END Environment: {{ env }}
{% endfor %}