feat: home-gateway 초기 구성 — Mac mini에서 GPU 서버로 전면 이전

OrbStack 라이선스 만료로 Mac mini Docker 서비스를 GPU 서버로 통합.
nginx → Caddy 전환, 12개 서브도메인 자동 HTTPS, fail2ban Caddy JSON 연동.

주요 변경:
- home-caddy: Caddy 리버스 프록시 (Let's Encrypt 자동 HTTPS)
- home-fail2ban: Caddy JSON 로그 기반 보안 모니터링
- home-ddns: Cloudflare DDNS (API 키 .env 분리)
- gpu-hub-api/web: AI 백엔드 라우터 + 웹 UI (gpu-services에서 이전)
- AI 런타임(Ollama) 내부망 전용, 외부는 gpu-hub 인증 게이트웨이 경유

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docker-compose.yml

@@ -0,0 +1,105 @@
+services:
+  # ============================================================
+  # Edge Layer — Reverse Proxy + Security + DDNS
+  # ============================================================
+  home-caddy:
+    image: caddy:2-alpine
+    container_name: home-caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./caddy/logs:/var/log/caddy
+      - caddy_data:/data
+      - caddy_config:/config
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    depends_on:
+      gpu-hub-api:
+        condition: service_healthy
+    networks:
+      - gateway-net
+
+  home-fail2ban:
+    image: crazymax/fail2ban:latest
+    container_name: home-fail2ban
+    restart: unless-stopped
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    volumes:
+      - ./fail2ban/data:/data
+      - ./caddy/logs:/var/log/caddy:ro
+      - ./fail2ban/jail.local:/etc/fail2ban/jail.local:ro
+    environment:
+      - TZ=Asia/Seoul
+      - F2B_LOG_LEVEL=INFO
+
+  home-ddns-vpn:
+    image: oznu/cloudflare-ddns:latest
+    container_name: home-ddns-vpn
+    restart: unless-stopped
+    env_file:
+      - ./ddns/.env
+    environment:
+      - ZONE=hyungi.net
+      - SUBDOMAIN=vpn
+      - PROXIED=false
+
+  home-ddns-mail:
+    image: oznu/cloudflare-ddns:latest
+    container_name: home-ddns-mail
+    restart: unless-stopped
+    env_file:
+      - ./ddns/.env
+    environment:
+      - ZONE=hyungi.net
+      - SUBDOMAIN=mail
+      - PROXIED=false
+
+  # ============================================================
+  # GPU Hub — AI Backend Router + Web UI
+  # ============================================================
+  gpu-hub-api:
+    build: ./hub-api
+    container_name: gpu-hub-api
+    restart: unless-stopped
+    environment:
+      - OWNER_PASSWORD=${OWNER_PASSWORD}
+      - GUEST_PASSWORD=${GUEST_PASSWORD}
+      - JWT_SECRET=${JWT_SECRET}
+      - BACKENDS_CONFIG=/app/config/backends.json
+      - CORS_ORIGINS=${CORS_ORIGINS:-http://localhost:5173}
+      - DB_PATH=/app/data/gateway.db
+    volumes:
+      - hub_data:/app/data
+      - ./backends.json:/app/config/backends.json:ro
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+    networks:
+      - gateway-net
+
+  gpu-hub-web:
+    build: ./hub-web
+    container_name: gpu-hub-web
+    restart: unless-stopped
+    networks:
+      - gateway-net
+
+volumes:
+  caddy_data:
+  caddy_config:
+  hub_data:
+
+networks:
+  gateway-net:
+    name: home-gateway-network