{
#  acme_ca https://acme-v02.api.letsencrypt.org/directory	
  email {env.EMAIL}
  log {
    format console
  }
}

*.{$DOMAIN} {
  tls {
    dns netcup {
      customer_number {env.NETCUP_CUSTOMER_NUMBER}
      api_key {env.NETCUP_API_KEY}
      api_password {env.NETCUP_API_PASSWORD}
    }
    propagation_timeout 900s
    propagation_delay 600s
    resolvers 46.38.225.230 46.38.252.230
  }
  # header Strict-Transport-Security "max-age=63072000"

  @git host git.{$DOMAIN}
  handle @git {
    reverse_proxy forgejo:3000
  }

  @news host news.{$DOMAIN}
  handle @news {
    reverse_proxy miniflux:8080
  }

  @nc-push expression `(host('cloud.{$DOMAIN}') && path('/push/*'))`
  handle @nc-push {
    reverse_proxy push:7867
  }

  @nextcloud host cloud.{$DOMAIN}
  handle @nextcloud {
    reverse_proxy webserver-nextcloud:80
  }

  @office host office.{$DOMAIN}
  handle @office {
    reverse_proxy collabora:9980
  }

  @drawio host drawio.{$DOMAIN}
  handle @drawio {
    reverse_proxy drawio:8080
  }

  @whoami host whoami.{$DOMAIN}
  handle @whoami {
    reverse_proxy whoami:80
  }

  @push host push.{$DOMAIN}
  handle @push {
    reverse_proxy ntfy:80
  }

  @wallabag host wallabag.{$DOMAIN}
  handle @wallabag {
    reverse_proxy wallabag:80
  }

  @www host www.{$DOMAIN}
  handle @www {
    reverse_proxy webserver-www:80
  }

  @mail host mail.{$DOMAIN}
  handle @mail {
    reverse_proxy nginx-mailcow:8090
  }

  # Fallback for otherwise unhandled domains
  handle {
    respond 404
  }
}

{$DOMAIN} {
  redir https://www.{$DOMAIN}{uri}
}