From cee1c9bc5d55f6e017db7fd9e69c41dd87502728 Mon Sep 17 00:00:00 2001
From: lightly-toasted <tooast@duck.com>
Date: Mon, 8 Dec 2025 17:14:57 +0900
Subject: [PATCH] feat(y2q): add caddy

- Add a runit service for Caddy with a Caddyfile
- Update cloudflared runit service:
  - Add support for multiple subdomains using dynamic YAML generation
  - Each subdomain routes to Caddy running on localhost (port 8080)
---
 home/modules/runit/services/caddy.nix       | 32 +++++++++++++++++++++
 home/modules/runit/services/cloudflared.nix | 14 +++++----
 2 files changed, 41 insertions(+), 5 deletions(-)
 create mode 100644 home/modules/runit/services/caddy.nix

diff --git a/home/modules/runit/services/caddy.nix b/home/modules/runit/services/caddy.nix
new file mode 100644
index 0000000..0b1e1a1
--- /dev/null
+++ b/home/modules/runit/services/caddy.nix
@@ -0,0 +1,32 @@
+{ pkgs, config, ... }:
+
+{
+  home.file.".config/caddy/Caddyfile".text = ''
+    {
+      http_port 8080
+      https_port 8443
+      auto_https off
+    }
+
+    # Cloudflare Tunnel
+    http://gist.toast.name {
+      # Opengist
+      reverse_proxy http://localhost:${config.runit.services.opengist.environment.OG_HTTP_PORT}
+    }
+    
+    # Tailscale
+    http://y2q.ts.toast.name {
+      # Glances
+      reverse_proxy http://localhost:61208
+    }
+  '';
+
+  runit.services.caddy = {
+    script = ''
+      exec ${pkgs.caddy}/bin/caddy run \
+        --config "$HOME/.config/caddy/Caddyfile" \
+        --adapter caddyfile
+    '';
+    log.enable = true;
+  };
+}
diff --git a/home/modules/runit/services/cloudflared.nix b/home/modules/runit/services/cloudflared.nix
index a12f816..6e601bf 100644
--- a/home/modules/runit/services/cloudflared.nix
+++ b/home/modules/runit/services/cloudflared.nix
@@ -1,7 +1,10 @@
-{ pkgs, config, rootPath, ... }:
+{ pkgs, config, rootPath, lib, ... }:
 
 let
   tunnel = "cb0d9c2c-48f9-4bca-9e81-ef92423c5afa";
+  subdomains = [
+    "gist.toast.name"
+  ];
 in
 {
   home.file.".cloudflared/${tunnel}.json".source = rootPath + /secrets/gitcrypt/cloudflared/${tunnel}.json;
@@ -11,10 +14,11 @@ in
     credentials-file: ${config.home.homeDirectory}/.cloudflared/${tunnel}.json
 
     ingress:
-      - hostname: gist.toast.name
-        service: http://${config.runit.services.opengist.environment.OG_HTTP_HOST}:${config.runit.services.opengist.environment.OG_HTTP_PORT}
-
-      - service: http_status:404
+    ${lib.concatMapStringsSep "\n" (host: ''
+      ${"  "}- hostname: ${host}
+      ${"  "}  service: http://localhost:80
+    '') subdomains}
+    ${"  "}- service: http_status:404
   '';
 
   runit.services.cloudflared = {