diff --git a/setup/configure_env.sh b/setup/configure_env.sh index dec485b..75f0f2d 100755 --- a/setup/configure_env.sh +++ b/setup/configure_env.sh @@ -70,7 +70,7 @@ CURRENT_PROMPT=0 LAST_SECTION="" # Collected SSL_MODE for conditional logic -COLLECTED_SSL_MODE="" +COLLECTED_TLS_MODE="" prompt_var() { local var_name="$1" @@ -166,9 +166,9 @@ prompt_var() { if validate_password "$value"; then break; fi printf '%b Invalid: password must be at least 8 characters%b\n' "$C_RED" "$C_RESET" ;; - ssl_mode) - if validate_ssl_mode "$value"; then break; fi - printf '%b Invalid: must be "letsencrypt" or "existing"%b\n' "$C_RED" "$C_RESET" + tls_mode) + if validate_tls_mode "$value"; then break; fi + printf '%b Invalid: must be "cloudflare" or "existing"%b\n' "$C_RED" "$C_RESET" ;; db_type) if validate_db_type "$value"; then break; fi @@ -184,9 +184,9 @@ prompt_var() { # Write to .env write_env_var "$var_name" "$value" - # Track SSL mode for conditional prompts - if [[ "$var_name" == "SSL_MODE" ]]; then - COLLECTED_SSL_MODE="$value" + # Track TLS mode for conditional prompts + if [[ "$var_name" == "TLS_MODE" ]]; then + COLLECTED_TLS_MODE="$value" fi } @@ -365,21 +365,21 @@ prompt_var "RUNNER_DATA_BASE_PATH" "Base dir on remote hosts for runner data prompt_var "LOCAL_RUNNER_DATA_BASE_PATH" "Base dir on macOS for native runner data" nonempty "~/gitea-runner" "RUNNERS" prompt_var "LOCAL_REGISTRY" "Local registry prefix (empty = Docker Hub)" optional "" "RUNNERS" -# --- NGINX REVERSE PROXY --- -prompt_var "NGINX_CONTAINER_NAME" "Name of existing Nginx Docker container" nonempty "" "NGINX REVERSE PROXY" -prompt_var "NGINX_CONF_PATH" "Host path to Nginx conf.d directory" path "" "NGINX REVERSE PROXY" -prompt_var "SSL_MODE" "SSL mode: letsencrypt or existing" ssl_mode "letsencrypt" "NGINX REVERSE PROXY" +# --- TLS / REVERSE PROXY (Caddy) --- +prompt_var "TLS_MODE" "TLS mode: cloudflare (DNS-01) or existing (manual certs)" tls_mode "cloudflare" "TLS / REVERSE PROXY" +prompt_var "CADDY_DOMAIN" "Wildcard base domain (e.g. privacyindesign.com)" nonempty "" "TLS / REVERSE PROXY" +prompt_var "CADDY_DATA_PATH" "Absolute path on host for Caddy data" path "" "TLS / REVERSE PROXY" -# Conditional SSL prompts -if [[ "$COLLECTED_SSL_MODE" == "letsencrypt" ]]; then - prompt_var "SSL_EMAIL" "Email for Let's Encrypt" email "" "NGINX REVERSE PROXY" +# Conditional TLS prompts +if [[ "$COLLECTED_TLS_MODE" == "cloudflare" ]]; then + prompt_var "CLOUDFLARE_API_TOKEN" "Cloudflare API token (Zone:DNS:Edit)" nonempty "" "TLS / REVERSE PROXY" # Skip cert path prompts but still count them for progress CURRENT_PROMPT=$((CURRENT_PROMPT + 2)) else - # Skip email prompt but count it + # Skip cloudflare token prompt but count it CURRENT_PROMPT=$((CURRENT_PROMPT + 1)) - prompt_var "SSL_CERT_PATH" "Absolute path to SSL cert on Unraid" path "" "NGINX REVERSE PROXY" - prompt_var "SSL_KEY_PATH" "Absolute path to SSL key on Unraid" path "" "NGINX REVERSE PROXY" + prompt_var "SSL_CERT_PATH" "Absolute path to SSL cert" path "" "TLS / REVERSE PROXY" + prompt_var "SSL_KEY_PATH" "Absolute path to SSL key" path "" "TLS / REVERSE PROXY" fi # --- BRANCH PROTECTION --- @@ -406,7 +406,7 @@ printf ' Fedora: %s@%s:%s\n' "$(get_env_val FEDORA_SSH_USER)" "$(get_env_va printf ' Gitea: %s (admin: %s, password: ****)\n' "$(get_env_val GITEA_DOMAIN)" "$(get_env_val GITEA_ADMIN_USER)" printf ' Org: %s\n' "$(get_env_val GITEA_ORG_NAME)" printf ' Repos: %s\n' "$(get_env_val REPO_NAMES)" -printf ' TLS/SSL: %s\n' "${COLLECTED_SSL_MODE}" +printf ' TLS: %s (Caddy)\n' "${COLLECTED_TLS_MODE}" printf ' .env saved: %s\n\n' "$ENV_FILE" printf 'Next step: run %bsetup/macbook.sh%b to install local prerequisites.\n' "$C_BOLD" "$C_RESET"