# Global config
{
    email me@sauravdhakal.com.np
    acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}

# -----------------------------------------------
# PUBLIC services (resolves to your public VPS IP)
# -----------------------------------------------

# blog.sauravdhakal.com.np {
#    reverse_proxy blog:3000
# }

#n8n-webhook.sauravdhakal.com.np {
#    reverse_proxy n8n:5678
#}

# Public — only webhook endpoint, no UI
n8n.sauravdhakal.com.np {
    reverse_proxy n8n:5678 {
        # Only allow webhook paths publicly
        header_up Host {host}
    }
    @public path /webhook/* /webhook-test/*
    handle @public {
        reverse_proxy n8n:5678
    }
    handle {
        abort   # block everything else (UI, API, etc)
    }
}

# Private — full n8n UI through VPN
n8n-admin.sauravdhakal.com.np {
    bind 100.81.85.182
    reverse_proxy n8n:5678
}

# -----------------------------------------------
# VPN-ONLY services (resolves to 100.81.85.182)
# bind tells Caddy to only listen on Netbird interface
# -----------------------------------------------

vault.sauravdhakal.com.np {
    bind 100.81.85.182
    reverse_proxy vaultwarden:80
}

actual.sauravdhakal.com.np {
    bind 100.81.85.182
    reverse_proxy actual:5006
}

immich.sauravdhakal.com.np {
    bind 100.81.85.182
    reverse_proxy immich-server:2283
}

filebrowser.sauravdhakal.com.np {
    bind 100.81.85.182
    reverse_proxy filebrowser:80
}