{ config, pkgs, ... }:

{
  services.caddy = {
    enable = true;
    virtualHosts = {
      "extremist.software" = {
        extraConfig = ''
          respond "Hi"
        '';
      };
      
      "git.extremist.software" = {
        extraConfig = ''
          reverse_proxy localhost:3000
        '';
      };

      "mail.extremist.software" = {
        # Stalwart handles its own certs usually, or we can proxy UI here
        # Stalwart UI is usually on 8080
        extraConfig = ''
          reverse_proxy localhost:8080
        '';
      };

      "search.extremist.software" = {
        extraConfig = ''
          reverse_proxy localhost:8082
        '';
      };

      "status.extremist.software" = {
        extraConfig = ''
          reverse_proxy localhost:3001 # Grafana
        '';
      };

      "matrix.extremist.software" = {
        extraConfig = ''
          reverse_proxy /_matrix/* localhost:6167
          reverse_proxy /_synapse/client/* localhost:6167
        '';
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}