# Synops — Caddyfile
#
# Eneste tjeneste med eksponerte porter (80/443).
# Alt annet rutes internt via Docker-nettverket sidelinja-net.
# Auto-TLS via Let's Encrypt for alle domener.

# === Felles favicon-snippet ===
(favicon) {
	handle /favicon.ico {
		root * /srv/static
		file_server
	}
	handle /apple-touch-icon.png {
		root * /srv/static
		file_server
	}
	handle /icon-*.png {
		root * /srv/static
		file_server
	}
}

# === SSO ===
auth.sidelinja.org {
	reverse_proxy authentik-server:9000
}

# === Sidelinja (hovedapplikasjon) ===
sidelinja.org {
	import favicon

	# Podcast media (statiske filer med byte-range support)
	handle_path /media/* {
		root * /srv/media
		file_server {
			browse
		}
	}

	# SvelteKit (frontend + SSR API)
	# Aktiveres når SvelteKit-containeren er klar (fase 3)
	# reverse_proxy sveltekit:3000

	header Content-Type text/html
	respond `<!DOCTYPE html><html><head><meta charset="utf-8"><title>sidelinja.org</title><link rel="icon" href="/favicon.ico" sizes="32x32"><link rel="icon" href="/icon-192.png" type="image/png" sizes="192x192"><link rel="apple-touch-icon" href="/apple-touch-icon.png"></head><body><p>sidelinja.org — underveis!</p></body></html>` 200
}

# === Maskinrommet API ===
api.sidelinja.org {
	reverse_proxy host.docker.internal:3100
}

# === Forgejo (Git) ===
git.sidelinja.org {
	reverse_proxy forgejo:3000
}

# === Synops (plattformdomene) ===
# Subdomener (api.synops.no, auth.synops.no osv.) legges til individuelt
# etter behov — HTTP-challenge fungerer per subdomain uten DNS-plugin.
synops.no {
	import favicon

	header Content-Type text/html
	respond `<!DOCTYPE html><html><head><meta charset="utf-8"><title>synops.no</title><link rel="icon" href="/favicon.ico" sizes="32x32"><link rel="icon" href="/icon-192.png" type="image/png" sizes="192x192"><link rel="apple-touch-icon" href="/apple-touch-icon.png"></head><body><p>synops.no — underveis!</p></body></html>` 200
}

# === Vegard.info ===
vegard.info {
	import favicon

	header Content-Type text/html
	respond `<!DOCTYPE html><html><head><meta charset="utf-8"><title>vegard.info</title><link rel="icon" href="/favicon.ico" sizes="32x32"><link rel="icon" href="/icon-192.png" type="image/png" sizes="192x192"><link rel="apple-touch-icon" href="/apple-touch-icon.png"></head><body><p>vegard.info — underveis!</p></body></html>` 200
}

# === Custom domains for publiseringssamlinger ===
# On-demand TLS: Caddy henter sertifikat kun for domener som maskinrommet
# bekrefter via /internal/verify-domain. Forespørsler rutes til
# maskinrommets /custom-domain/-ruter med Host-headeren bevart.
# Ref: docs/concepts/publisering.md § "Custom domain-mekanisme"
:443 {
	tls {
		on_demand {
			ask http://host.docker.internal:3100/internal/verify-domain
		}
	}

	# RSS/Atom feed
	handle /feed.xml {
		rewrite * /custom-domain/feed.xml
		reverse_proxy host.docker.internal:3100
	}

	# Forside
	handle / {
		rewrite * /custom-domain/index
		reverse_proxy host.docker.internal:3100
	}

	# Artikler (alt annet)
	handle {
		rewrite * /custom-domain{uri}
		reverse_proxy host.docker.internal:3100
	}
}