feat: add support for public DNS target IP and private DNS allowance in Cloudflare setup

setup/configure_env.sh

@@ -65,7 +65,7 @@ get_env_val() {
 # Prompt function
 # ---------------------------------------------------------------------------
 # Base prompt count (56 fixed + 3 TLS conditional slots — repo/DB prompts added dynamically)
-TOTAL_PROMPTS=59
+TOTAL_PROMPTS=61
 CURRENT_PROMPT=0
 LAST_SECTION=""
 
@@ -374,11 +374,13 @@ prompt_var "CADDY_DATA_PATH" "Absolute path on host for Caddy data"
 # Conditional TLS prompts
 if [[ "$COLLECTED_TLS_MODE" == "cloudflare" ]]; then
   prompt_var "CLOUDFLARE_API_TOKEN" "Cloudflare API token (Zone:DNS:Edit)" nonempty "" "TLS / REVERSE PROXY"
+  prompt_var "PUBLIC_DNS_TARGET_IP" "Public DNS target IP for GITEA_DOMAIN" ip "" "TLS / REVERSE PROXY"
+  prompt_var "PHASE8_ALLOW_PRIVATE_DNS_TARGET" "Allow private RFC1918 DNS target (LAN-only/split-DNS)" bool "false" "TLS / REVERSE PROXY"
   # Skip cert path prompts but still count them for progress
   CURRENT_PROMPT=$((CURRENT_PROMPT + 2))
 else
   # Skip cloudflare token prompt but count it
-  CURRENT_PROMPT=$((CURRENT_PROMPT + 1))
+  CURRENT_PROMPT=$((CURRENT_PROMPT + 3))
   prompt_var "SSL_CERT_PATH" "Absolute path to SSL cert" path "" "TLS / REVERSE PROXY"
   prompt_var "SSL_KEY_PATH"  "Absolute path to SSL key"  path "" "TLS / REVERSE PROXY"
 fi