stacks/homelab/Caddyfile

{
	email neale@woozle.org
  #debug
}

(authelia) {
  uri /api/verify?rd=https://auth.woozle.org/
  copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}

# This has to be at the same level as other `handle` directives,
# since `handle` is a mutually-exclusive thingy.
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
(restricted-access) {
  handle {
    @noauth header !Authorization
    handle @noauth {
      forward_auth authelia:9091 {
        import authelia
      }
    }
    handle {
      forward_auth authelia:9091 {
        import authelia
        header_up Proxy-Authorization {header.authorization}
      }
    }
  }
}

auth.woozle.org {
  reverse_proxy authelia:9091
}

git.woozle.org {
  reverse_proxy forgejo:3000
}

drive.woozle.org {
  import restricted-access

  # XXX: browsing says method not allowed
  @nondav {
    method HEAD GET
  }
  # route overrides built-in ordering
  route {
    file_server @nondav {
      root /srv/
      browse /browser.html
    }
    reverse_proxy webdav:8000
  }
}

media.woozle.org {
  reverse_proxy jellyfin:8096
}

# XXX: have this use caddy auth
ancestry.woozle.org {
  reverse_proxy geneweb:2317
}

##
## handle sends original path
## handle_path truncates path
##

deergrove.woozle.org {
  import restricted-access

  handle_path /ddns/* {
    reverse_proxy ddns:8000
  }

  handle /transmission/* {
    reverse_proxy transmission:9091
  }

  handle /nzbget/* {
    reverse_proxy nzbget:6789
  }

  handle /sonarr/* {
    reverse_proxy sonarr:8989
  }
  handle /radarr/* {
    reverse_proxy radarr:7878
  }
  handle /readarr/* {
    reverse_proxy readarr:8787
  }
  handle /lidarr/* {
    reverse_proxy lidarr:8686
  }
  handle /prowlarr/* {
    reverse_proxy prowlarr:9696
  }

  handle_path /sucker/* {
    reverse_proxy host.lan:5801
  }

  # Octoprint serves up broken webcam URLs
  uri replace /webcam/ /octoprint/webcam/
  handle_path /octoprint/* {
    reverse_proxy {
      to 192.168.86.20:80
      header_up X-Script-Name "/octoprint"
    }
  }

  handle {
    file_server {
      root /www
    }
  }
}