korhonen.cc, *.korhonen.cc {
	tls {$CLOUDFLARE_EMAIL} {
		dns cloudflare {$CLOUDFLARE_API_TOKEN}
		resolvers 1.1.1.1
	}

	encode zstd gzip

	@static {
		file
		path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2 *.pdf *.webmanifest
	}

	header {
		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	}

	@homepage-www-redir host www.korhonen.cc
	handle @homepage-www-redir {
		redir https://korhonen.cc
	}

	@homepage host korhonen.cc
	handle @homepage {
		header @static Cache-Control max-age=5184000
		root * /var/www/korhonen.cc
		file_server
	}

	@wkd host openpgpkey.korhonen.cc
	handle @wkd {
		root * /var/www/wkd
		file_server browse
		header Access-Control-Allow-Origin "*"
	}

	@index host index.korhonen.cc
	handle @index {
		root * /var/www/index.korhonen.cc
		file_server browse
	}

	@home-assistant host home.korhonen.cc
	handle @home-assistant {
		reverse_proxy home-assistant:8123
	}

	@authentik host sso.korhonen.cc
	handle @authentik {
		reverse_proxy authentik:9000
	}

	@forgejo host git.korhonen.cc
	handle @forgejo {
    rewrite /user/login /user/oauth2/authentik
		reverse_proxy forgejo:3000
	}

	@woodpecker host ci.korhonen.cc
	handle @woodpecker {
		reverse_proxy woodpecker:8000
	}

	@searx host search.korhonen.cc
	handle @searx {
		reverse_proxy searx:8080
	}

	@freshrss host rss.korhonen.cc
	handle @freshrss {
		reverse_proxy freshrss
	}

	@jellyfin host jellyfin.korhonen.cc
	handle @jellyfin {
		reverse_proxy jellyfin:8096
	}

	@pihole host pihole.korhonen.cc
	handle @pihole {
		reverse_proxy pihole
	}

	@umami host umami.korhonen.cc
	handle @umami {
		reverse_proxy umami:3000
		rewrite /ua9quuaW.js /script.js
	}

	@nextcloud host cloud.korhonen.cc
	handle @nextcloud {
		# .htaccess / data / config / ... shouldn't be accessible from outside
		@forbidden {
			path /.htaccess
			path /data/*
			path /config/*
			path /db_structure
			path /.xml
			path /README
			path /3rdparty/*
			path /lib/*
			path /templates/*
			path /occ
			path /console.php
		}
		handle @forbidden {
			respond 404
		}

		redir /.well-known/carddav /remote.php/dav 301
		redir /.well-known/caldav /remote.php/dav 301

		root * /var/www/nextcloud
		php_fastcgi nextcloud:9000 {
			root /var/www/html
			# Tells nextcloud to remove /index.php from URLs in links
			env front_controller_active true
		}
		file_server
	}

	@tvheadend host tvheadend.korhonen.cc
	handle @tvheadend {
		reverse_proxy tvheadend:9981
	}

	@collabora host collabora.korhonen.cc
	handle @collabora {
		reverse_proxy collabora:9980
	}

	@grafana host grafana.korhonen.cc
	handle @grafana {
		reverse_proxy grafana:3000
	}

	@drop host drop.korhonen.cc
	handle @drop {
		reverse_proxy drop:3000
	}

	# Redirect to new fediverse host
	@misskey host social.korhonen.cc
	handle @misskey {
		redir https://korhonen.social
	}

	# Fallback for unhandled domains
	handle {
		redir https://korhonen.cc/404.html 301
	}
}

korhonen.social, *.korhonen.social {
	tls {$CLOUDFLARE_EMAIL} {
		dns cloudflare {$CLOUDFLARE_API_TOKEN}
		resolvers 1.1.1.1
	}

	encode zstd gzip

	header {
		Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
	}

	@firefish-www-redir host www.korhonen.social
	handle @firefish-www-redir {
		redir https://korhonen.social
	}

	@firefish host korhonen.social
	handle @firefish {
		reverse_proxy firefish:3000
	}
}