feat: replace Nginx/SSL checks with Caddy/TLS checks in preflight.sh

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

preflight.sh

@@ -251,7 +251,7 @@ REQUIRED_VARS=(
   GITHUB_USERNAME GITHUB_TOKEN
   REPO_NAMES
   RUNNER_DEFAULT_IMAGE RUNNER_DATA_BASE_PATH LOCAL_RUNNER_DATA_BASE_PATH
-  NGINX_CONTAINER_NAME NGINX_CONF_PATH SSL_MODE
+  TLS_MODE CADDY_DOMAIN CADDY_DATA_PATH
 )
 
 # shellcheck disable=SC2329
@@ -274,28 +274,28 @@ check_required_vars() {
     done
   fi
 
-  # SSL vars are conditional on SSL_MODE:
-  # - letsencrypt => SSL_EMAIL is required
-  # - existing    => SSL_CERT_PATH + SSL_KEY_PATH are required
-  case "${SSL_MODE:-}" in
-    letsencrypt)
-      if [[ -z "${SSL_EMAIL:-}" ]]; then
-        log_error "  → Missing required var: SSL_EMAIL (required when SSL_MODE=letsencrypt)"
+  # TLS vars are conditional on TLS_MODE:
+  # - cloudflare => CLOUDFLARE_API_TOKEN is required
+  # - existing   => SSL_CERT_PATH + SSL_KEY_PATH are required
+  case "${TLS_MODE:-}" in
+    cloudflare)
+      if [[ -z "${CLOUDFLARE_API_TOKEN:-}" ]]; then
+        log_error "  → Missing required var: CLOUDFLARE_API_TOKEN (required when TLS_MODE=cloudflare)"
         missing=1
       fi
       ;;
     existing)
       if [[ -z "${SSL_CERT_PATH:-}" ]]; then
-        log_error "  → Missing required var: SSL_CERT_PATH (required when SSL_MODE=existing)"
+        log_error "  → Missing required var: SSL_CERT_PATH (required when TLS_MODE=existing)"
         missing=1
       fi
       if [[ -z "${SSL_KEY_PATH:-}" ]]; then
-        log_error "  → Missing required var: SSL_KEY_PATH (required when SSL_MODE=existing)"
+        log_error "  → Missing required var: SSL_KEY_PATH (required when TLS_MODE=existing)"
         missing=1
       fi
       ;;
     *)
-      log_error "  → Invalid SSL_MODE='${SSL_MODE:-<empty>}' (must be 'letsencrypt' or 'existing')"
+      log_error "  → Invalid TLS_MODE='${TLS_MODE:-<empty>}' (must be 'cloudflare' or 'existing')"
       missing=1
       ;;
   esac
@@ -474,27 +474,17 @@ check_github_repos() {
 check 17 "All GitHub repos exist" check_github_repos
 
 # ---------------------------------------------------------------------------
-# Check 18: Nginx running on Unraid
+# Check 18: Caddy data path writable on Unraid
 # ---------------------------------------------------------------------------
-check_nginx() {
-  local status
-  status=$(ssh_exec UNRAID "docker ps --filter name=${NGINX_CONTAINER_NAME:-nginx} --format '{{.Status}}'" 2>/dev/null)
-  [[ "$status" == *"Up"* ]]
+check_caddy_path() {
+  local caddy_parent
+  caddy_parent=$(dirname "${CADDY_DATA_PATH:-/nonexistent}")
+  ssh_exec UNRAID "test -d '${CADDY_DATA_PATH}' && test -w '${CADDY_DATA_PATH}'" 2>/dev/null \
+    || ssh_exec UNRAID "test -w '${caddy_parent}'" 2>/dev/null
 }
-check 18 "Nginx container '${NGINX_CONTAINER_NAME:-<not set>}' running on Unraid" check_nginx
-if ! check_nginx 2>/dev/null; then
-  log_error "  → Nginx container '${NGINX_CONTAINER_NAME:-}' not running on Unraid."
-fi
-
-# ---------------------------------------------------------------------------
-# Check 19: Nginx conf dir writable
-# ---------------------------------------------------------------------------
-check_nginx_conf() {
-  ssh_exec UNRAID "test -w '${NGINX_CONF_PATH:-/nonexistent}'" 2>/dev/null
-}
-check 19 "Nginx config path writable (${NGINX_CONF_PATH:-<not set>})" check_nginx_conf
-if ! check_nginx_conf 2>/dev/null; then
-  log_error "  → Nginx config path ${NGINX_CONF_PATH:-} not writable on Unraid."
+check 18 "Caddy data path writable (${CADDY_DATA_PATH:-<not set>})" check_caddy_path
+if ! check_caddy_path 2>/dev/null; then
+  log_error "  → Caddy data path ${CADDY_DATA_PATH:-} not writable on Unraid (or parent dir doesn't exist)."
 fi
 
 # ---------------------------------------------------------------------------