feat: move internal apps to local dns domains

Caddyfile

@@ -1,15 +1,5 @@
 # Components
 
-(private_network_only) {
-    @ipfilter {
-        not header X-Forwarded-For {$PRIVATE_NET_IP}
-    }
-
-    route @ipfilter {
-        respond "nty. :3" 418
-    }
-}
-
 (application_logging) {
 	log {
 		level INFO
@@ -24,12 +14,16 @@
 }
 
 (reverse_proxy_host) {
-	reverse_proxy host.containers.internal:{args[0]}
 }
 
 (application_base) {
 	import application_logging {args[0]}
-	import reverse_proxy_host {args[1]}
+	reverse_proxy host.containers.internal:{args[1]}
+}
+
+(internal_base) {
+	import application_base {args[0]} {args[1]}
+	tls internal
 }
 
 {
@@ -50,13 +44,26 @@
 	admin :2019
 }
 
-# Routes
+# Internal routes
+# 
+# Local DNS is expected to set up and map
+# these routes.
 
-:53100 {
+https://deluge.home.karnov.club {
-    import private_network_only
+	import internal_base "deluge-web" 8112
-	import application_base "grafana" 3100
 }
 
+https://panopticon.home.karnov.club {
+	import internal_base "grafana" 3100
+}
+
+https://cr.home.karnov.club {
+	import internal_base "registry" 5000
+}
+
+# External routes
+#
+# Port-based routes face the outside world.
 :53000 {
 	import application_base "forgejo" 3000
 }
@@ -65,11 +72,6 @@
 	import application_base "forgejo-pg-exporter" 3001
 }
 
-:55000 {
-    import private_network_only
-	import application_base "registry" 5000
-}
-
 :58082 {
 	import application_base "vault-web" 8082
 }
@@ -77,8 +79,3 @@
 :53010 {
 	import application_base "bookstack-web" 3010
 }
-
-:58112 {
-    import private_network_only
-	import application_base "deluge-web" 8112
-}

service.yml

@@ -1,18 +1,12 @@
 name: sesame
 ports:
   # Reverse proxied ports.
-  - host: 53100
-    container: 53100
   - host: 53000
     container: 53000
   - host: 53001
     container: 53001
-  - host: 55000
-    container: 55000
   - host: 53010
     container: 53010
-  - host: 58112
-    container: 58112
   - host: 58082
     container: 58082
   # Caddy admin API