add Gitea Bot interface: webhook server, API tool, Caddy ingress

- Add src/gitea.rs: axum webhook server on :9800, handles @mention in
  issues and PRs, spawns claude -p for review, posts result as comment
- Add call_gitea_api tool: LLM can directly call Gitea REST API with
  pre-configured admin token (noc_bot identity)
- Add Caddy to Docker image as ingress layer (subdomain/path routing)
- Config: add gitea section with token_file support for auto-provisioned token
- Update suite.md: VPS-first deployment, SubAgent architecture, Caddy role

deploy/Caddyfile

@@ -0,0 +1,15 @@
+# Suite Ingress — 按需修改域名
+# 复制到 /data/caddy/Caddyfile 后自定义
+# Caddy 自动申请 HTTPS 证书（需要域名解析到本机）
+
+# Gitea
+{$SUITE_DOMAIN:localhost}:80 {
+	reverse_proxy localhost:3000
+}
+
+# 静态站点 / 生成的 web app（放到 /data/www/<name>/ 下）
+# 取消注释并改域名即可：
+# app1.example.com {
+# 	root * /data/www/app1
+# 	file_server
+# }

deploy/Dockerfile

@@ -10,17 +10,24 @@ RUN curl -fSL "https://dl.gitea.com/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION
         -o /usr/local/bin/gitea \
     && chmod +x /usr/local/bin/gitea
 
+# install caddy
+ARG CADDY_VERSION=2.9.1
+RUN curl -fSL "https://github.com/caddyserver/caddy/releases/download/v${CADDY_VERSION}/caddy_${CADDY_VERSION}_linux_amd64.tar.gz" \
+        | tar -xz -C /usr/local/bin caddy \
+    && chmod +x /usr/local/bin/caddy
+
 # noc binary (pre-built musl static binary)
 COPY noc /usr/local/bin/noc
 RUN chmod +x /usr/local/bin/noc
 
 COPY tools/ /opt/noc/tools/
 COPY config.example.yaml /opt/noc/config.example.yaml
+COPY Caddyfile /opt/noc/Caddyfile
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
 RUN useradd -m -s /bin/bash noc \
-    && mkdir -p /data/gitea /data/noc \
+    && mkdir -p /data/gitea /data/noc /data/caddy /data/www \
     && chown -R noc:noc /data /opt/noc
 VOLUME ["/data"]
 USER noc
@@ -28,8 +35,9 @@ USER noc
 ENV RUST_LOG=noc=info \
     NOC_CONFIG=/data/noc/config.yaml \
     NOC_STATE=/data/noc/state.json \
-    GITEA_WORK_DIR=/data/gitea
+    GITEA_WORK_DIR=/data/gitea \
+    XDG_DATA_HOME=/data/caddy
 
-EXPOSE 3000
+EXPOSE 80 443
 
 ENTRYPOINT ["/entrypoint.sh"]

deploy/entrypoint.sh

@@ -3,16 +3,24 @@ set -euo pipefail
 
 GITEA_DATA="/data/gitea"
 NOC_DATA="/data/noc"
+CADDY_DATA="/data/caddy"
 GITEA_DB="$GITEA_DATA/gitea.db"
 GITEA_INI="$GITEA_DATA/app.ini"
 GITEA_TOKEN_FILE="$NOC_DATA/gitea-token"
+CADDYFILE="$CADDY_DATA/Caddyfile"
 
 GITEA_ADMIN_USER="${GITEA_ADMIN_USER:-noc}"
 GITEA_ADMIN_PASS="${GITEA_ADMIN_PASS:-noc-admin-changeme}"
 GITEA_ADMIN_EMAIL="${GITEA_ADMIN_EMAIL:-noc@localhost}"
 GITEA_HTTP_PORT="${GITEA_HTTP_PORT:-3000}"
 
-mkdir -p "$GITEA_DATA" "$NOC_DATA"
+mkdir -p "$GITEA_DATA" "$NOC_DATA" "$CADDY_DATA" /data/www
+
+# ── caddy config ───────────────────────────────────────────────────
+if [ ! -f "$CADDYFILE" ]; then
+    cp /opt/noc/Caddyfile "$CADDYFILE"
+    echo "[caddy] created $CADDYFILE"
+fi
 
 # ── gitea config ────────────────────────────────────────────────────
 if [ ! -f "$GITEA_INI" ]; then
@@ -39,6 +47,10 @@ EOF
     echo "[gitea] created $GITEA_INI"
 fi
 
+# ── start caddy ────────────────────────────────────────────────────
+echo "[suite] starting caddy..."
+caddy run --config "$CADDYFILE" --adapter caddyfile &
+
 # ── start gitea in background ──────────────────────────────────────
 echo "[suite] starting gitea..."
 gitea web --config "$GITEA_INI" --custom-path "$GITEA_DATA/custom" &