{
    email ${{ACME_EMAIL}}

    log {

    }

    metrics {
        per_host
    }

    admin 0.0.0.0:2019

    on_demand_tls {
        ask http://${{PDS_HOST:-pds:3000}}/tls-check
    }

    import /etc/caddy/config/global/* ${{DOMAIN_NAME}}
}

${{MEDIA_DOMAIN}} {
    import /etc/caddy/config/media_domain_pre/* ${{DOMAIN_NAME}} ${{MEDIA_DOMAIN}}

    handle {
        root * /var/www/html/uploads/
        try_files {path} /index.html
        file_server
    }

    import /etc/caddy/config/media_domain_post/* ${{DOMAIN_NAME}} ${{MEDIA_DOMAIN}}
}

${{CACHE_DOMAIN}} {
    import /etc/caddy/config/cache_domain_pre/* ${{DOMAIN_NAME}} ${{CACHE_DOMAIN}}

    handle /api/cache* {
        reverse_proxy ${{CACHE_HOST:-backend:9000}}
    }

    handle /api/v2/cache/* {
        reverse_proxy ${{CACHE_HOST:-backend:9000}}
    }

    import /etc/caddy/config/cache_domain_post/* ${{DOMAIN_NAME}} ${{CACHE_DOMAIN}}
}

${{DOMAIN_NAME}} {
    encode zstd gzip
    
    import /etc/caddy/config/main_domain_pre/* ${{DOMAIN_NAME}}

    header * {
        X-Clacks-Overhead "GNU Terry Pratchett"
        Service-Worker-Allowed: "/",
        # Cache-Control: no-cache, no-store, must-revalidate
        Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}} ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline'; style-src-elem 'self' data: 'unsafe-inline'; style-src-attr 'self' data: 'unsafe-inline'; object-src 'self' https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}} ; frame-src 'self' https://${{CACHE_DOMAIN}} https://${{MEDIA_DOMAIN}}; worker-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'"
    }

    handle_path /api/websocket* {
        reverse_proxy ${{WEBSOCKET_HOST:-backend:9000}}
    }
    
    @api path /api* /fediverse* /contexts* /post* /blog* /.well-known*

    handle @api {
        reverse_proxy ${{BACKEND_HOST:-backend:9000}}
    }


    handle_path /adminer* {
        reverse_proxy ${{ADMINER_HOST:-adminer:8080}}
    }

    import /etc/caddy/config/main_domain_mid/* ${{DOMAIN_NAME}}

    handle {
        root * /var/www/html/frontend/
        try_files {path} /index.html
        file_server
    }

    import /etc/caddy/config/main_domain_post/* ${{DOMAIN_NAME}}
}

monitoring.${{DOMAIN_NAME}} {
    import /etc/caddy/config/monitoring_domain_pre/* ${{DOMAIN_NAME}}

    reverse_proxy ${{GRAFANA_HOST:-grafana:2345}}

    import /etc/caddy/config/monitoring_domain_post/* ${{DOMAIN_NAME}}
}

${{PDS_DOMAIN_NAME}} *.${{PDS_DOMAIN_NAME}} {
    import /etc/caddy/config/pds_domain_pre/* ${{DOMAIN_NAME}} ${{PDS_DOMAIN_NAME}}

    tls {
        on_demand
    }

    handle /favicon.ico {
        root * /var/www/html/frontend/
        try_files {path} /favicon.ico
        file_server
    }

    handle / {
        root * /pds-homepage
        try_files {path} /pds.txt
        file_server
    }

    reverse_proxy ${{PDS_HOST:-pds:3000}}

    import /etc/caddy/config/pds_domain_post/* ${{DOMAIN_NAME}} ${{PDS_DOMAIN_NAME}}
}

import /etc/caddy/config/vhosts/* ${{DOMAIN_NAME}}