{
    # use pinned CA from ./localinfra/certs
    pki {
        ca local {
            name "Tangled Dev"
            root_cn "Tangled Dev Root"
            root {
                format pem_file
                cert /etc/caddy/certs/root.crt
                key /etc/caddy/certs/root.key
            }
        }
    }
}

# did-method-plc
plc.tngl.boltless.dev {
    tls internal
    reverse_proxy plc:8080
}

# pds
*.pds.tngl.boltless.dev, pds.tngl.boltless.dev {
    tls internal
    reverse_proxy pds:3000
}

# jetstream
jetstream.tngl.boltless.dev {
    tls internal
    reverse_proxy jetstream:6008
}

# knot
knot.tngl.boltless.dev {
    tls internal
    reverse_proxy knot:5555
}

# spindle
http://spindle.tngl.boltless.dev {
    reverse_proxy spindle:6555
}

spindle.tngl.boltless.dev {
    tls internal
    reverse_proxy spindle:6555
}

# knotmirror
mirror.tngl.boltless.dev {
    tls internal
    reverse_proxy knotmirror:7000
}

# zoekt (internal service)
zoekt.tngl.boltless.dev {
    tls internal

    # TODO: replace this with -indexserver_proxy flag
    handle_path /indexserver/* {
        reverse_proxy zoekt-tngl-indexserver:6060
    }

    handle {
        reverse_proxy zoekt-webserver:6070
    }
}

# appview
tngl.boltless.dev {
    tls internal
    reverse_proxy appview:3000
}
