{
        servers {
                # Only accept packets from auth main caddy
                trusted_proxies static {{ hostvars['fw']['network4']['auth']['server'] }} {{ hostvars['fw']['network6']['auth']['server'] }}
        }
}
# Private TLS ACME with DNS-01-challenge
(private_tls) {
        tls {
                issuer acme {
                        dir https://{{ services['ca']['domain'] }}.{{ domain['internal'] }}:{{ services['ca']['ports']['https'] }}/acme/acme@{{ domain['internal'] }}/directory
                        dns rfc2136 {
                                server {{ services['bind']['domain'] }}.{{ domain['internal'] }}:{{ services['bind']['ports']['dns'] }}
                                key_name acme-key
                                key_alg hmac-sha256
                                key "{file./run/secrets/CADDY_ACME_KEY}"
                        }
                        resolvers {{ services['bind']['domain'] }}.{{ domain['internal'] }}
                }
        }
}

{{ node['name'] }}.{{ domain['internal'] }} {
        import private_tls
        metrics
}
# test.app.ilnmors.internal {
#         import private_tls
#         root * /usr/share/caddy
#         file_server
# }
{{ services['vaultwarden']['domain']['internal'] }}.{{ domain['internal'] }} {
        import private_tls
        reverse_proxy host.containers.internal:{{ services['vaultwarden']['ports']['http'] }} {
               header_up Host {http.request.header.X-Forwarded-Host}
        }
}
{{ services['gitea']['domain']['internal'] }}.{{ domain['internal'] }} {
        import private_tls
        reverse_proxy host.containers.internal:{{ services['gitea']['ports']['http'] }} {
               header_up Host {http.request.header.X-Forwarded-Host}
        }
}
{{ services['immich']['domain']['internal'] }}.{{ domain['internal'] }} {
        import private_tls
        reverse_proxy host.containers.internal:{{ services['immich']['ports']['http'] }} {
                header_up Host {http.request.header.X-Forwarded-Host}
        }
}
{{ services['actualbudget']['domain']['internal'] }}.{{ domain['internal'] }} {
        import private_tls
        reverse_proxy host.containers.internal:{{ services['actualbudget']['ports']['http'] }} {
                header_up Host {http.request.header.X-Forwarded-Host}
        }
}
{{ services['paperless']['domain']['internal'] }}.{{ domain['internal'] }} {
        import private_tls
        reverse_proxy host.containers.internal:{{ services['paperless']['ports']['http'] }} {
                header_up Host {http.request.header.X-Forwarded-Host}
        }
}
{{ services['vikunja']['domain']['internal'] }}.{{ domain['internal'] }} {
        import private_tls
        reverse_proxy host.containers.internal:{{ services['vikunja']['ports']['http'] }} {
                header_up Host {http.request.header.X-Forwarded-Host}
        }
}