{
	acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}

actual.archfox.org {
	reverse_proxy actual:5006
}

searxng.archfox.org {
	reverse_proxy searxng:8080
}

git.archfox.org {
	reverse_proxy gitea:3000
}

jelly.archfox.org {
	reverse_proxy jellyfin:8096 {
		header_up +Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/accentlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/base.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/bottombarprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fixes.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/jf_font.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/overlayprogress.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/smallercast.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/rounding_circlehover.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_floating.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/cornerindicator/indicator_corner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/glassy.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/pan-animation.css https://ctalvio.github.io/Monochromic/backdrop-hack_style.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/hoverglow.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/effects/scrollfade.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_compactlist.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/episodelist/episodes_grid.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_border.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/fields/fields_noborder.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/header/header_transparent-dashboard.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_minimalistic.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/login/login_frame.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/monochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/kaleidochromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/presets/novachromic_preset.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_banner-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/titlepage/title_simple-logo.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/light.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/colorful.css https://cdn.jsdelivr.net/gh/CTalvio/Ultrachromic/type/dark_withaccent.css https://fonts.googleapis.com/css2; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"
	}
}

vault.archfox.org {
	reverse_proxy vaultwarden:80
}

aria.archfox.org {
	reverse_proxy ariang:8080
}

nextcloud.archfox.org {
	reverse_proxy 10.0.1.45:11000
}

bookstack.archfox.org {
	reverse_proxy bookstack:80
}

panel.archfox.org {
	reverse_proxy tpanel:80

	php_fastcgi unix//run/php/php8.3-fpm.sock {
		root /var/www/pterodactyl/public
		index index.php

		env PHP_VALUE "upload_max_filesize = 100M
		post_max_size = 100M"
		env HTTP_PROXY ""
		env HTTPS "on"

		read_timeout 300s
		dial_timeout 300s
		write_timeout 300s
	}

	header Strict-Transport-Security "max-age=16768000; preload;"
	header X-Content-Type-Options "nosniff"
	header X-XSS-Protection "1; mode=block;"
	header X-Robots-Tag "none"
	header Content-Security-Policy "frame-ancestors 'self'"
	header X-Frame-Options "DENY"
	header Referrer-Policy "same-origin"
	header Access-Control-Allow-Origin "*"
	header Access-Control-Allow-Methods "GET, POST, OPTIONS"
	header Access-Control-Allow-Headers "Authorization, Content-Type"

	request_body {
		max_size 100m
	}

	respond /.ht* 403
}

wings.archfox.org {
	reverse_proxy twings:443
}

omada.archfox.org {
	reverse_proxy host.docker.internal:8043  {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

ai.archfox.org {
	reverse_proxy open-webui:8080
}

p.archfox.org {
	reverse_proxy pastefy:80
}

archfox.org {
	root * /srv
	file_server

	@webfinger {
		path /.well-known/webfinger
		method GET HEAD
		query resource=acct:poslop@archfox.org
		query resource=mailto:poslop@archfox.org
		query resource=https://archfox.org
		query resource=https://archfox.org/
	}
	rewrite @webfinger /webfinger.json
	header @webfinger {
		Content-Type "application/jrd+json"
		Access-Control-Allow-Origin "*"
		X-Robots-Tag "noindex"
	}
}

(global) {
	header {
		# disable FLoC tracking
		Permissions-Policy interest-cohort=()

		# enable HSTS
		Strict-Transport-Security max-age=31536000;

		# keep referrer data off
		Referrer-Policy no-referrer

		# prevent for appearing in search engine for private instances (option)
		#X-Robots-Tag noindex
	}
}