# Private TLS ACME with DNS-01-challenge
(private_tls) {
        tls {
                issuer acme {
                        dir https://{{ services['ca']['domain'] }}.{{ domain['internal'] }}:{{ services['ca']['ports']['https'] }}/acme/acme@{{ domain['internal'] }}/directory
                        dns rfc2136 {
                                server {{ services['bind']['domain'] }}.{{ domain['internal'] }}:{{ services['bind']['ports']['dns'] }}
                                key_name acme-key
                                key_alg hmac-sha256
                                key "{file./run/secrets/CADDY_ACME_KEY}"
                        }
                        resolvers {{ services['bind']['domain'] }}.{{ domain['internal'] }}
                }
        }
}

{{ node['name'] }}.{{ domain['internal'] }} {
        import private_tls
        metrics
}

{{ services['ldap']['domain'] }}.{{ domain['internal'] }} {
        import private_tls
        route {
            reverse_proxy host.containers.internal:{{ services['ldap']['ports']['http'] }}
        }
}

{{ services['prometheus']['domain'] }}.{{ domain['internal'] }} {
        import private_tls
        route {
                reverse_proxy https://{{ services['prometheus']['domain'] }}.{{ domain['internal'] }}:{{ services['prometheus']['ports']['https'] }}
        }
}

{{ services['grafana']['domain'] }}.{{ domain['internal'] }} {
        import private_tls
        route {
                reverse_proxy host.containers.internal:{{ services['grafana']['ports']['http'] }}
        }
}