From 734bfa8b3aa9f4f9c9f1b1d5ee2fa619fcd2abe7 Mon Sep 17 00:00:00 2001 From: S Date: Sun, 1 Mar 2026 10:34:28 -0500 Subject: [PATCH] feat: replace Nginx/SSL checks with Caddy/TLS checks in preflight.sh Co-Authored-By: Claude Opus 4.6 --- preflight.sh | 50 ++++++++++++++++++++------------------------------ 1 file changed, 20 insertions(+), 30 deletions(-) diff --git a/preflight.sh b/preflight.sh index 457bc5d..d49358c 100755 --- a/preflight.sh +++ b/preflight.sh @@ -251,7 +251,7 @@ REQUIRED_VARS=( GITHUB_USERNAME GITHUB_TOKEN REPO_NAMES RUNNER_DEFAULT_IMAGE RUNNER_DATA_BASE_PATH LOCAL_RUNNER_DATA_BASE_PATH - NGINX_CONTAINER_NAME NGINX_CONF_PATH SSL_MODE + TLS_MODE CADDY_DOMAIN CADDY_DATA_PATH ) # shellcheck disable=SC2329 @@ -274,28 +274,28 @@ check_required_vars() { done fi - # SSL vars are conditional on SSL_MODE: - # - letsencrypt => SSL_EMAIL is required - # - existing => SSL_CERT_PATH + SSL_KEY_PATH are required - case "${SSL_MODE:-}" in - letsencrypt) - if [[ -z "${SSL_EMAIL:-}" ]]; then - log_error " → Missing required var: SSL_EMAIL (required when SSL_MODE=letsencrypt)" + # TLS vars are conditional on TLS_MODE: + # - cloudflare => CLOUDFLARE_API_TOKEN is required + # - existing => SSL_CERT_PATH + SSL_KEY_PATH are required + case "${TLS_MODE:-}" in + cloudflare) + if [[ -z "${CLOUDFLARE_API_TOKEN:-}" ]]; then + log_error " → Missing required var: CLOUDFLARE_API_TOKEN (required when TLS_MODE=cloudflare)" missing=1 fi ;; existing) if [[ -z "${SSL_CERT_PATH:-}" ]]; then - log_error " → Missing required var: SSL_CERT_PATH (required when SSL_MODE=existing)" + log_error " → Missing required var: SSL_CERT_PATH (required when TLS_MODE=existing)" missing=1 fi if [[ -z "${SSL_KEY_PATH:-}" ]]; then - log_error " → Missing required var: SSL_KEY_PATH (required when SSL_MODE=existing)" + log_error " → Missing required var: SSL_KEY_PATH (required when TLS_MODE=existing)" missing=1 fi ;; *) - log_error " → Invalid SSL_MODE='${SSL_MODE:-}' (must be 'letsencrypt' or 'existing')" + log_error " → Invalid TLS_MODE='${TLS_MODE:-}' (must be 'cloudflare' or 'existing')" missing=1 ;; esac @@ -474,27 +474,17 @@ check_github_repos() { check 17 "All GitHub repos exist" check_github_repos # --------------------------------------------------------------------------- -# Check 18: Nginx running on Unraid +# Check 18: Caddy data path writable on Unraid # --------------------------------------------------------------------------- -check_nginx() { - local status - status=$(ssh_exec UNRAID "docker ps --filter name=${NGINX_CONTAINER_NAME:-nginx} --format '{{.Status}}'" 2>/dev/null) - [[ "$status" == *"Up"* ]] +check_caddy_path() { + local caddy_parent + caddy_parent=$(dirname "${CADDY_DATA_PATH:-/nonexistent}") + ssh_exec UNRAID "test -d '${CADDY_DATA_PATH}' && test -w '${CADDY_DATA_PATH}'" 2>/dev/null \ + || ssh_exec UNRAID "test -w '${caddy_parent}'" 2>/dev/null } -check 18 "Nginx container '${NGINX_CONTAINER_NAME:-}' running on Unraid" check_nginx -if ! check_nginx 2>/dev/null; then - log_error " → Nginx container '${NGINX_CONTAINER_NAME:-}' not running on Unraid." -fi - -# --------------------------------------------------------------------------- -# Check 19: Nginx conf dir writable -# --------------------------------------------------------------------------- -check_nginx_conf() { - ssh_exec UNRAID "test -w '${NGINX_CONF_PATH:-/nonexistent}'" 2>/dev/null -} -check 19 "Nginx config path writable (${NGINX_CONF_PATH:-})" check_nginx_conf -if ! check_nginx_conf 2>/dev/null; then - log_error " → Nginx config path ${NGINX_CONF_PATH:-} not writable on Unraid." +check 18 "Caddy data path writable (${CADDY_DATA_PATH:-})" check_caddy_path +if ! check_caddy_path 2>/dev/null; then + log_error " → Caddy data path ${CADDY_DATA_PATH:-} not writable on Unraid (or parent dir doesn't exist)." fi # ---------------------------------------------------------------------------