#  _ __   ___ ____     _ __  _ __ _____  ___   _
# | '_ \ / _ \_  /____| '_ \| '__/ _ \ \/ / | | |
# | |_) |  __// /_____| |_) | | | (_) >  <| |_| |
# | .__/ \___/___|    | .__/|_|  \___/_/\_\\__, |
# |_|                 |_|                  |___/
#

{
        admin localhost:2019
        metrics {
                per_host
        }
}

## LONDON-A SERVICES ##

# Proxmox
london-a.pez.sh {
        tracing {
                span proxmox
        }
        reverse_proxy 100.122.180.98:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

## LONDON-B SERVICES ##

# Jellyfin
jellyfin.pez.solutions, jellyfin.pez.sh {
        tracing {
                span jellyfin
        }
        reverse_proxy 100.84.65.101:8096
}

# Plex
plex.pez.solutions, plex.pez.sh {
        tracing {
                span plex
        }
        reverse_proxy 100.84.65.101:32400
}

# Radarr
radarr.pez.solutions, radarr.pez.sh {
        tracing {
                span radarr
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:7878
}

# Sonarr
sonarr.pez.solutions, sonarr.pez.sh {
        tracing {
                span sonarr
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:8989
}

# Lidarr
lidarr.pez.solutions, lidarr.pez.sh {
        tracing {
                span lidarr
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:8686
}

# Readarr hostname, now serving the bookshelf service (Readarr revival)
readarr.pez.solutions, readarr.pez.sh {
        tracing {
                span readarr
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:8787
}

# slskd
soulseek.pez.solutions, soulseek.pez.sh {
        tracing {
                span soulseek
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:5030
}

# Prowlarr
prowlarr.pez.solutions, prowlarr.pez.sh {
        tracing {
                span prowlarr
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:9696
}

# Transmission
download.pez.solutions, download.pez.sh {
        tracing {
                span transmission
        }
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        reverse_proxy 100.84.65.101:9091
}

# Overseerr
request.pez.solutions, request.pez.sh {
        tracing {
                span overseerr
        }
        reverse_proxy 100.84.65.101:5055
}

# Jellyfin Requests
jellyfin-requests.pez.solutions, jellyfin-requests.pez.sh {
        tracing {
                span jellyfin-requests
        }
        reverse_proxy 100.84.65.101:5056
}

music.pez.sh {
        tracing {
                span navidrome
        }
        reverse_proxy 100.84.65.101:4533
}

## COPENHAGEN-A SERVICES ##

## NUREMBERG-A SERVICES ##

# n8n (own auth)
n8n.pez.sh {
        tracing {
                span n8n
        }
        reverse_proxy 100.70.180.24:5678
}

## HELSINKI-A SERVICES ##

# Bitwarden (requires HTTPS tweaking)
https://bitwarden.pez.sh {
        tracing {
                span bitwarden
        }
        reverse_proxy localhost:8443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

# Authelia (requires HTTPS tweaking)
auth.pez.solutions, auth.pez.sh {
        tracing {
                span authelia
        }
        reverse_proxy localhost:9091
}

ldap.pez.sh {
        tracing {
                span lldap
        }
        reverse_proxy 127.0.0.1:17170
}

# Apps dashboard
apps.pez.solutions, apps.pez.sh {
        tracing {
                span apps-dashboard
        }
        root * /srv/apps
        forward_auth localhost:9091 {
                uri /api/authz/forward-auth
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
        file_server
}

# Pez.solutions
pez.solutions {
        tracing {
                span pez-solutions
        }
        root * /srv/pez.solutions
        file_server
}

# Pez.sh
pez.sh {
        tracing {
                span pez-sh
        }
        root * /srv/pez.sh
        file_server
}

# Pez-signup
signup.pez.solutions {
        tracing {
                span pez-signup
        }
        root * /srv/pez-signup
        file_server
}

# Naveen
naveen.pez.sh {
        tracing {
                span naveen
        }
        root * /srv/naveen
        file_server
}

## HELSINKI-A SERVICES ##

# Status page
status.pez.sh {
        tracing {
                span status
        }
        root * /srv/status
        file_server
}

# Forgejo Git Server (auth handled by Forgejo itself)
git.pez.sh {
        tracing {
                span forgejo
        }
        reverse_proxy localhost:3000
}
