user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

error_log syslog:server=unix:/dev/log;

events {
  worker_connections 768;
}

stream {
  # Map of Host -> IP
  # We will route the traffic to this endpoints.
  map $ssl_preread_server_name $selected_upstream {
    hostnames;

    # if not knonw, use some non existing response thingy :shrug:
    default               255.255.255.255:1;

    ## CLOUD
    proxmox.tjo.cloud            batuu.system.tjo.space:4443;
    postgresql.tjo.cloud         batuu.system.tjo.space:4443;
    monitor.tjo.cloud            hetzner.system.tjo.cloud:4443;
    loki.monitor.tjo.cloud       hetzner.system.tjo.cloud:4443;
    prometheus.monitor.tjo.cloud hetzner.system.tjo.cloud:4443;
    grpc.otel.monitor.tjo.cloud  hetzner.system.tjo.cloud:4443;
    http.otel.monitor.tjo.cloud  hetzner.system.tjo.cloud:4443;
    vault.tjo.cloud              batuu.system.tjo.space:4443;

    ## HETZNER
    tjo.space                    hetzner.system.tjo.cloud:4443;
    chat.tjo.space               hetzner.system.tjo.cloud:4443;
    webhook.chat.tjo.space       hetzner.system.tjo.cloud:4443;
    matrix.chat.tjo.space        hetzner.system.tjo.cloud:4443;
    yt.tjo.space                 hetzner.system.tjo.cloud:4443;
    search.tjo.space             hetzner.system.tjo.cloud:4443;
    send.tjo.space               hetzner.system.tjo.cloud:4443;

    ## BATUU
    cloud.tjo.space         batuu.system.tjo.space:4443;
    collabora.tjo.space     batuu.system.tjo.space:4443;
    code.tjo.space          batuu.system.tjo.space:4443;
    vault.tjo.space         batuu.system.tjo.space:4443;
    rss.tjo.space           batuu.system.tjo.space:4443;
    id.tjo.space            batuu.system.tjo.space:4443;
    ldap.id.tjo.space       batuu.system.tjo.space:4443;
    mnts.dev                batuu.system.tjo.space:4443;
    paperless.tjo.space     batuu.system.tjo.space:4443;
    penpot.tjo.space        batuu.system.tjo.space:4443;

    ## JAKKU
    books.tjo.space             jakku.system.tjo.space:4443;
    media.tjo.space             jakku.system.tjo.space:4443;
    next.media.tjo.space        jakku.system.tjo.space:4443;
    request.media.tjo.space     jakku.system.tjo.space:4443;
    tdarr.media.tjo.space       jakku.system.tjo.space:4443;
    stuff.tjo.space             jakku.system.tjo.space:4443;
    auth.media.tjo.space        jakku.system.tjo.space:4443;
    sonarr.media.tjo.space      jakku.system.tjo.space:4443;
    radarr.media.tjo.space      jakku.system.tjo.space:4443;
    lidarr.media.tjo.space      jakku.system.tjo.space:4443;
    prowlarr.media.tjo.space    jakku.system.tjo.space:4443;
    qbittorrent.media.tjo.space jakku.system.tjo.space:4443;
    bazarr.media.tjo.space      jakku.system.tjo.space:4443;
    readarr.media.tjo.space     jakku.system.tjo.space:4443;
  }

  geoip2 /var/geoip.mmdb {
    $geoip2_data_country_iso_code country iso_code;
    $geoip2_data_latitude         location latitude;
    $geoip2_data_longitude        location longitude;
  }

  log_format geoip 'country=$geoip2_data_country_iso_code lat=$geoip2_data_latitude long=$geoip2_data_longitude '
                 'ip=$remote_addr '
                 'protocol=$protocol server_name=$ssl_preread_server_name upstream=$selected_upstream status=$status bytes_sent=$bytes_sent bytes_received=$bytes_received '
                 'session_time=$session_time';


  server {
    listen      0.0.0.0:443;
    listen      [::]:443;
    server_name _;
    proxy_pass  $selected_upstream;
    access_log syslog:server=unix:/dev/log geoip;

    proxy_protocol on;
    include        /etc/nginx/partials/server.conf;
    include        /etc/nginx/partials/blocked.conf;
  }
}