# ─────────────────────────────────────────────────────────────────────────────
# GLOBAL BLOCK — add this at the very top before any snippets
# ─────────────────────────────────────────────────────────────────────────────

{
    crowdsec {
        api_url http://crowdsec:8080
        api_key {$CROWDSEC_API_KEY}
    }
    log {
        output file /var/log/caddy/access.log {
            roll_size 50mb
            roll_keep 5
        }
        format json
    }
}

# ─────────────────────────────────────────────────────────────────────────────
# CROWDSEC SNIPPET — add alongside existing auth snippets
# ─────────────────────────────────────────────────────────────────────────────

(crowdsec) {
    route {
        crowdsec
    }
}


(authentik) {
    route /outpost.goauthentik.io/* {
        reverse_proxy http://authentik:9000
    }

    forward_auth http://authentik:9000 {
        uri /outpost.goauthentik.io/auth/caddy
      #  header_up X-Forwarded-Host {http.request.host}
       # header_up X-Forwarded-Proto {http.request.scheme}
        header_up X-Forwarded-URI {http.request.uri}
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
    }
}

(authelia) {
  forward_auth http://authelia:9091 {
    uri /api/verify?rd=https://login.wasted-bandwidth.net/
    copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
  }
}




(email-proxy) {
    redir https://mail.netgrimoire.com/sogo 301
}

(mailcow-proxy) {
    reverse_proxy nginx-mailcow:80
}


cloud.netgrimoire.com {
    reverse_proxy http://nextcloud-aio-apache:11000
}

log.netgrimoire.com {
    reverse_proxy http://graylog:9000
}

win.netgrimoire.com {
    reverse_proxy http://192.168.5.10:8006
}


#jellyfin.netgrimoire.com {
#    reverse_proxy http://jellyfin:8096
#}

docker.netgrimoire.com {
    reverse_proxy http://portainer:9000
}

immich.netgrimoire.com {
    reverse_proxy http://192.168.5.10:2283
}

npm.netgrimoire.com {
    reverse_proxy http://librenms:8000
}


dozzle.netgrimoire.com {
    import authentik
    reverse_proxy http://192.168.4.72:8043
}


dns.netgrimoire.com {
    import authentik
    reverse_proxy http://192.168.5.7:5380
}

webtop.netgrimoire.com {
    import authentik
    reverse_proxy http://webtop:3000
}


jackett.netgrimoire.com {
    import authentik
    reverse_proxy http://gluetun:9117
}

transmission.netgrimoire.com {
    import authentik
    reverse_proxy http://gluetun:9091
}

stash.wasted-bandwidth.net  {
    import authelia
    reverse_proxy http://192.168.5.10:9999
}

namer.wasted-bandwidth.net  {
    import authelia
    reverse_proxy http://192.168.5.10:6980
}

fish.pncharris.com {
    reverse_proxy http://web
}

www.wasted-bandwidth.net {
    reverse_proxy http://web
}

scrutiny.netgrimoire.com  {
    import authentik
    reverse_proxy http://192.168.5.10:8081
}




mail.netgrimoire.com, autodiscover.netgrimoire.com, autoconfig.netgrimoire.com, \
mail.wasted-bandwidth.net, autodiscover.wasted-bandwidth.net, autoconfig.wasted-bandwidth.net, \
mail.gnarlypandaproductions.com, autodiscover.gnarlypandaproductions.com, autoconfig.gnarlypandaproductions.com, \
mail.pncfishandmore.com, autodiscover.pncfishandmore.com, autoconfig.pncfishandmore.com, \
mail.pncharrisenterprises.com, autodiscover.pncharrisenterprises.com, autoconfig.pncharrisenterprises.com, \
mail.pncharris.com, autodiscover.pncharris.com, autoconfig.pncharris.com, \
mail.florosafd.org, autodiscover.florosafd.org, autoconfig.florosafd.org {
    import mailcow-proxy
}









