x-jellyfin: &jellyfin
  upstream_host: jellyfin.home.mnke.org
  upstream_port: 8096

x-seerr: &seerr
  upstream_host: seerr.jumper.mnke.org
  upstream_port: 443
  pass_host_header: false

proxies:
  - <<: *jellyfin
    service_name: jellyfin-mnke
    tls_secret_name: wildcard-mnke-org-tls
    listen_hosts:
      - media.mnke.org
      - jellyfin.mnke.org
    pass_host_header: false

  - <<: *jellyfin
    service_name: jellyfin-tonydu
    tls_secret_name: wildcard-tonydu-me-tls
    listen_host: media.tonydu.me
    # TODO: Turn this on after an announcement
    # middlewares:
      # - name: redirect-tonydu-me-mnke-org
        # namespace: default

  - <<: *seerr
    service_name: seerr-mnke
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: seerr.mnke.org

  - <<: *seerr
    service_name: seerr-tonydu
    tls_secret_name: wildcard-tonydu-me-tls
    listen_host: seerr.tonydu.me
    # TODO: Turn this on after an announcement
    # middlewares:
      # - name: redirect-tonydu-me-mnke-org
        # namespace: default

    # TODO: Migrate this to redirect to mnke.org. Requires changing an env
    # variable in the container
  - service_name: wizarr-tonydu
    tls_secret_name: wildcard-tonydu-me-tls
    listen_host: wizarr.tonydu.me
    upstream_host: wizarr.jumper.mnke.org
    upstream_port: 443
    pass_host_header: false

  - service_name: dns-dolo-mnke
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: dns.dolo.mnke.org
    middlewares:
      - name: local-allowlist
        namespace: default
    upstream_host: 10.0.123.123
    upstream_port: 5380
    pass_host_header: false

  - service_name: gitea
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: git.mnke.org
    upstream_host: git.jumper.mnke.org
    upstream_port: 443
    pass_host_header: true

  - service_name: vaultwarden
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: vault.mnke.org
    upstream_host: vault.jumper.mnke.org
    upstream_port: 443
    pass_host_header: true

  - service_name: panel
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: panel.mnke.org
    upstream_host: panel.jumper.mnke.org
    upstream_port: 443
    pass_host_header: true

    # The reason why we do clotho_moirai instead of clotho.moirai is because
    # Cloudflare SSL doesn't cover *.moirai.mnke.org by default. I'm not sure
    # if there's any configuration to allow TLS passthrough on Cloudflare
    # (probably not) or to upload my own SSL cert.
    #
    # TODO: Check if we can host this on clotho.moirai.mnke.org with SSL
  - service_name: clotho-moirai
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: clotho_moirai.mnke.org
    upstream_host: clotho.moirai.mnke.org
    upstream_port: 443
    scheme: http

  - service_name: lachesis-moirai
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: lachesis_moirai.mnke.org
    upstream_host: lachesis.moirai.mnke.org
    upstream_port: 443
    scheme: http

  - service_name: atropos-moirai
    tls_secret_name: wildcard-mnke-org-tls
    listen_host: atropos_moirai.mnke.org
    upstream_host: atropos.moirai.mnke.org
    upstream_port: 443
    scheme: http