# code: language=ansible-jinja
{
    admin off
}

{% for env in ['production', 'staging'] %}
# Environment: {{ env }}

{{ proxy_vars[env].app01.apps_vars.ipfs.domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        -Server
    }

    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
}

{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
*.ipfs.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
*.ipns.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        -Server
    }

    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}

{{ proxy_vars[env].app01.apps_vars.monerod.domain }} {
    tls {{ tls_email }} {
        dns njalla {{ njalla_api_token }}
    }

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        -Server
    }

    @local {
        remote_ip {{ proxy_trusted_subnets | join(' ') }}
    }

    handle @local {
        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
    }

    respond 403
}

{{ proxy_vars[env].app01.apps_vars.nextcloud.domain }} {
    tls {{ tls_email }}

    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        -Server
    }

    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}

{% endfor %}