{
	email {env.EMAIL}
	log default {
		output stdout
		format console
	}
}

*.{$DOMAIN} {
	tls {
		dns netcup {
			customer_number {env.NETCUP_CUSTOMER_NUMBER}
			api_key {env.NETCUP_API_KEY}
			api_password {env.NETCUP_API_PASSWORD}
		}
		propagation_timeout 900s
		propagation_delay 600s
		resolvers 46.38.225.230 46.38.252.230
	}
	header Strict-Transport-Security "max-age=63072000"

	@git host git.{$DOMAIN}
	handle @git {
		reverse_proxy forgejo:3000
	}

	@news host news.{$DOMAIN}
	handle @news {
		reverse_proxy miniflux:8080
	}

	@nc-push expression `(host('cloud.{$DOMAIN}') && path('/push/*'))`
	handle @nc-push {
		reverse_proxy push:7867
	}

	@nextcloud host cloud.{$DOMAIN}
	handle @nextcloud {
		reverse_proxy webserver-nextcloud:80
	}

	@office host office.{$DOMAIN}
	handle @office {
		reverse_proxy collabora:9980
	}

	@drawio host drawio.{$DOMAIN}
	handle @drawio {
		reverse_proxy drawio:8080
	}

	@whoami host whoami.{$DOMAIN}
	handle @whoami {
		reverse_proxy whoami:80
	}

	@push host push.{$DOMAIN}
	handle @push {
		reverse_proxy ntfy:80
	}

	@wallabag host wallabag.{$DOMAIN}
	handle @wallabag {
		reverse_proxy wallabag:80
	}

	@www host www.{$DOMAIN}
	handle @www {
		file_server {
			root /usr/share/caddy
			hide .git Readme.md
		}
	}

	@mail host mail.{$DOMAIN}
	handle @mail {
		reverse_proxy nginx-mailcow:8090
	}

	# Fallback unhandled (sub)domains
	handle {
		error 404
	}

	handle_errors {
		root * /usr/share/caddy
		rewrite * /error.html
		templates
		file_server {
			status {err.status_code}
		}
	}
}

{$DOMAIN} {
	redir https://www.{$DOMAIN}{uri}
}