feat: add Phase 8 — Cutover (HTTPS + Archive GitHub)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

phase8_teardown.sh

@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# =============================================================================
+# phase8_teardown.sh — Reverse the cutover: remove HTTPS, un-archive GitHub
+# Steps:
+#   1. Remove Nginx gitea.conf + reload
+#   2. Remove cert renewal cron
+#   3. Optionally remove SSL certificates
+#   4. Un-archive GitHub repos + restore original descriptions
+# =============================================================================
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "${SCRIPT_DIR}/lib/common.sh"
+
+load_env
+require_vars UNRAID_IP UNRAID_SSH_USER \
+             GITEA_DOMAIN NGINX_CONTAINER_NAME NGINX_CONF_PATH \
+             SSL_MODE GITHUB_USERNAME GITHUB_TOKEN \
+             REPO_1_NAME REPO_2_NAME REPO_3_NAME
+
+log_warn "=== Phase 8 Teardown: Cutover ==="
+
+REPOS=("$REPO_1_NAME" "$REPO_2_NAME" "$REPO_3_NAME")
+
+# ---------------------------------------------------------------------------
+# Step 1: Remove Nginx config and reload
+# ---------------------------------------------------------------------------
+if ssh_exec UNRAID "test -f '${NGINX_CONF_PATH}/gitea.conf'" 2>/dev/null; then
+  printf 'Remove Nginx config for %s? [y/N] ' "$GITEA_DOMAIN"
+  read -r confirm
+  if [[ "$confirm" =~ ^[Yy]$ ]]; then
+    ssh_exec UNRAID "rm -f '${NGINX_CONF_PATH}/gitea.conf'"
+    ssh_exec UNRAID "docker exec ${NGINX_CONTAINER_NAME} nginx -s reload" || true
+    log_success "Nginx config removed and reloaded"
+  else
+    log_info "Nginx config preserved"
+  fi
+else
+  log_info "Nginx config already removed"
+fi
+
+# ---------------------------------------------------------------------------
+# Step 2: Remove cert renewal cron
+# ---------------------------------------------------------------------------
+if ssh_exec UNRAID "crontab -l 2>/dev/null | grep -q certbot" 2>/dev/null; then
+  ssh_exec UNRAID "crontab -l 2>/dev/null | grep -v certbot | crontab -"
+  log_success "Certbot renewal cron removed"
+else
+  log_info "No certbot cron found"
+fi
+
+# ---------------------------------------------------------------------------
+# Step 3: Optionally remove SSL certificates (letsencrypt only)
+# ---------------------------------------------------------------------------
+if [[ "$SSL_MODE" == "letsencrypt" ]]; then
+  if ssh_exec UNRAID "test -d '/etc/letsencrypt/live/${GITEA_DOMAIN}'" 2>/dev/null; then
+    printf 'Remove SSL certificates for %s? [y/N] ' "$GITEA_DOMAIN"
+    read -r confirm
+    if [[ "$confirm" =~ ^[Yy]$ ]]; then
+      ssh_exec UNRAID "rm -rf '/etc/letsencrypt/live/${GITEA_DOMAIN}' '/etc/letsencrypt/archive/${GITEA_DOMAIN}' '/etc/letsencrypt/renewal/${GITEA_DOMAIN}.conf'"
+      log_success "SSL certificates removed"
+    else
+      log_info "SSL certificates preserved"
+    fi
+  fi
+fi
+
+# ---------------------------------------------------------------------------
+# Step 4: Un-archive GitHub repos + restore original descriptions
+# The archive description format is: "[MOVED] ... — was: ORIGINAL_DESC"
+# We parse the original description from after "— was: " to restore it.
+# ---------------------------------------------------------------------------
+printf 'Un-archive GitHub repos and restore descriptions? [y/N] '
+read -r confirm
+if [[ "$confirm" =~ ^[Yy]$ ]]; then
+  for repo in "${REPOS[@]}"; do
+    IS_ARCHIVED=$(github_api GET "/repos/${GITHUB_USERNAME}/${repo}" 2>/dev/null | jq -r '.archived' || echo "false")
+    if [[ "$IS_ARCHIVED" != "true" ]]; then
+      log_info "GitHub repo ${repo} not archived — skipping"
+      continue
+    fi
+
+    # Extract original description from the archived description
+    CURRENT_DESC=$(github_api GET "/repos/${GITHUB_USERNAME}/${repo}" 2>/dev/null | jq -r '.description // ""')
+    ORIGINAL_DESC=""
+    if [[ "$CURRENT_DESC" == *" — was: "* ]]; then
+      # Extract everything after "— was: "
+      ORIGINAL_DESC="${CURRENT_DESC##* — was: }"
+    fi
+
+    # Un-archive and restore description
+    RESTORE_PAYLOAD=$(jq -n \
+      --arg description "$ORIGINAL_DESC" \
+      '{archived: false, description: $description}')
+
+    if github_api PATCH "/repos/${GITHUB_USERNAME}/${repo}" "$RESTORE_PAYLOAD" >/dev/null 2>&1; then
+      log_success "Un-archived GitHub repo: ${repo}"
+    else
+      log_error "Failed to un-archive GitHub repo: ${repo}"
+    fi
+  done
+else
+  log_info "GitHub repos left as-is"
+fi
+
+log_success "Phase 8 teardown complete"