feat: add runner conversion scripts and strengthen cutover automation

setup/nginx-to-caddy/Caddyfile.recommended

@@ -51,6 +51,25 @@ ai.sintheus.com {
 	}
 }
 
+getter.sintheus.com {
+	import common_security
+
+	reverse_proxy http://192.168.1.3:8181 {
+		import proxy_headers
+	}
+}
+
+portainer.sintheus.com {
+	import common_security
+
+	reverse_proxy https://192.168.1.181:9443 {
+		import proxy_headers
+		transport http {
+			tls_insecure_skip_verify
+		}
+	}
+}
+
 photos.sintheus.com {
 	import common_security
 

setup/nginx-to-caddy/toggle_dns.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Toggle DNS between Pi-hole and Cloudflare on all active network services.
+# Usage: ./toggle_dns.sh
+# Requires sudo for networksetup.
+
+PIHOLE="192.168.1.4"
+CLOUDFLARE="1.1.1.1"
+
+# Get all hardware network services (Wi-Fi, Ethernet, Thunderbolt, USB, etc.)
+services=()
+while IFS= read -r line; do
+  [[ "$line" == *"*"* ]] && continue  # skip disabled services
+  services+=("$line")
+done < <(networksetup -listallnetworkservices 2>/dev/null | tail -n +2)
+
+if [[ ${#services[@]} -eq 0 ]]; then
+  echo "No network services found"
+  exit 1
+fi
+
+# Detect current mode from the first service that has a DNS set
+current_dns=""
+for svc in "${services[@]}"; do
+  dns=$(networksetup -getdnsservers "$svc" 2>/dev/null | head -1)
+  if [[ "$dns" != *"aren't any"* ]] && [[ -n "$dns" ]]; then
+    current_dns="$dns"
+    break
+  fi
+done
+
+if [[ "$current_dns" == "$CLOUDFLARE" ]]; then
+  target="$PIHOLE"
+  label="Pi-hole"
+else
+  target="$CLOUDFLARE"
+  label="Cloudflare"
+fi
+
+echo "Switching all services to ${label} (${target})..."
+for svc in "${services[@]}"; do
+  sudo networksetup -setdnsservers "$svc" "$target"
+  echo "  ${svc} → ${target}"
+done
+
+sudo dscacheutil -flushcache
+sudo killall -HUP mDNSResponder 2>/dev/null || true
+echo "DNS set to ${label} (${target})"