feat(y2q): add restic rest-server

- Add a runit service for Caddy with a Caddyfile
- Update cloudflared runit service:
  - Add support for multiple subdomains using dynamic YAML generation
  - Each subdomain routes to Caddy running on localhost (port 8080)

home/modules/runit/default.nix

@@ -52,6 +52,7 @@
             source .env
             set +a
           '' else "";
+          stderrToStdout = if sCfg.log.enable then "exec 2>&1" else "";
         in
         lib.mkMerge [
           {
@@ -59,6 +60,7 @@
             "runit/services/${serviceName}/run" = {
               text = ''
                 #!/usr/bin/env bash
+                ${stderrToStdout}
                 ${envExports}
                 ${envFileSetup}
                 ${sCfg.script}
@@ -70,7 +72,8 @@
             "runit/services/${serviceName}/log/run" = lib.mkIf sCfg.log.enable {
               text = ''
                 #!/bin/sh
-                exec svlogd -t ./main
+                mkdir -p main
+                exec svlogd -tt ./main
               '';
               executable = true;
             };

home/modules/runit/services/caddy.nix

@@ -0,0 +1,32 @@
+{ pkgs, config, ... }:
+
+{
+  home.file.".config/caddy/Caddyfile".text = ''
+    {
+      http_port 8080
+      https_port 8443
+      auto_https off
+    }
+
+    # Cloudflare Tunnel
+    http://gist.toast.name {
+      # Opengist
+      reverse_proxy http://localhost:${config.runit.services.opengist.environment.OG_HTTP_PORT}
+    }
+    
+    # Tailscale
+    http://y2q.ts.toast.name {
+      # Glances
+      reverse_proxy http://localhost:61208
+    }
+  '';
+
+  runit.services.caddy = {
+    script = ''
+      exec ${pkgs.caddy}/bin/caddy run \
+        --config "$HOME/.config/caddy/Caddyfile" \
+        --adapter caddyfile
+    '';
+    log.enable = true;
+  };
+}

home/modules/runit/services/cloudflared.nix

@@ -1,7 +1,10 @@
-{ pkgs, config, rootPath, ... }:
+{ pkgs, config, rootPath, lib, ... }:
 
 let
   tunnel = "cb0d9c2c-48f9-4bca-9e81-ef92423c5afa";
+  subdomains = [
+    "gist.toast.name"
+  ];
 in
 {
   home.file.".cloudflared/${tunnel}.json".source = rootPath + /secrets/gitcrypt/cloudflared/${tunnel}.json;
@@ -11,10 +14,11 @@ in
     credentials-file: ${config.home.homeDirectory}/.cloudflared/${tunnel}.json
 
     ingress:
-      - hostname: gist.toast.name
-        service: http://${config.runit.services.opengist.environment.OG_HTTP_HOST}:${config.runit.services.opengist.environment.OG_HTTP_PORT}
-
-      - service: http_status:404
+    ${lib.concatMapStringsSep "\n" (host: ''
+      ${"  "}- hostname: ${host}
+      ${"  "}  service: http://localhost:80
+    '') subdomains}
+    ${"  "}- service: http_status:404
   '';
 
   runit.services.cloudflared = {

home/modules/runit/services/restic-rest-server.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+{
+  runit.services.restic-rest-server = {
+    script = ''
+      DATA_DIR=$HOME/services/restic-rest-server
+      mkdir -p "$DATA_DIR"
+
+      exec ${pkgs.restic-rest-server}/bin/rest-server \
+        --listen "$LISTEN_ADDR" \
+        --log - \
+        --no-auth \
+        --path $DATA_DIR \
+        --prometheus --prometheus-no-auth
+    '';
+
+    environment = {
+      LISTEN_ADDR = "127.0.0.1:9000";
+    };
+  };
+}