Add validate_tls_mode() (cloudflare|existing). Replace
NGINX_CONTAINER_NAME, NGINX_CONF_PATH, SSL_MODE in validation arrays
with TLS_MODE, CADDY_DOMAIN, CADDY_DATA_PATH. Update conditional
arrays from SSL_MODE-based to TLS_MODE-based (CLOUDFLARE_API_TOKEN
for cloudflare, SSL_CERT_PATH/SSL_KEY_PATH for existing).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove UNRAID_GITEA_PORT, UNRAID_GITEA_SSH_PORT, FEDORA_GITEA_PORT,
FEDORA_GITEA_SSH_PORT from required validation. Add macvlan vars
(parent, subnet, gateway, ip_range, gitea_ip, caddy_ip) for both
hosts. Add UNRAID_DB_IP and FEDORA_DB_IP as optional validated vars.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add validate_db_type() accepting sqlite3/mysql/postgres/mssql. Update
GITEA_DB_TYPE validator from nonempty to db_type. Add conditional DB
validation arrays (host, port, name, user, passwd) required when DB
type is not sqlite3. Rename SSL conditional arrays for clarity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add get_repo_list() helper to split space-delimited REPO_NAMES
- Replace REPO_1_NAME/REPO_2_NAME/REPO_3_NAME with single REPO_NAMES in
_ENV_VAR_NAMES and _ENV_VAR_TYPES validation arrays
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidated into GITHUB_TOKEN — single PAT handles both migration
and push mirroring. GITHUB_MIRROR_INTERVAL remains as its own var.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace pipe-delimited runners.conf with INI-style sections supporting
host resolution, container images, repo-scoped tokens, resource limits,
capacity, and SSH key passthrough. All defaults pulled from .env.
- Add INI parsing helpers (ini_list_sections, ini_get, ini_set) to common.sh
- Add SSH key support (UNRAID_SSH_KEY, FEDORA_SSH_KEY) to ssh_exec/scp_to
- Add .env vars: RUNNER_DEFAULT_IMAGE, RUNNER_DEFAULT_CAPACITY,
RUNNER_DEFAULT_DATA_PATH, LOCAL_RUNNER_DATA_PATH, LOCAL_REGISTRY
- Rewrite manage_runner.sh with host/image/token resolution and resource limits
- Rewrite configure_runners.sh wizard for INI format with all 9 fields
- Update phase3 scripts to use ini_list_sections instead of pipe parsing
- Add runners.conf INI validation to preflight.sh (check 5b)
- Update templates to use resolved labels, capacity, and deploy resources
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move 10 validation functions from configure_env.sh to lib/common.sh as
shared utilities. Define variable-to-validator mapping using parallel
arrays (bash 3.2 compatible). validate_env() checks all ~50 .env
variables against their expected format and reports all failures at once.
Wired into preflight.sh (Check 6b) and bitwarden_to_env.sh (post-restore).
configure_env.sh now sources validators from common.sh instead of
defining its own copies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- teardown_all.sh: replace `yes |` pipeline with `< <(yes)` process
substitution to avoid SIGPIPE (exit 141) false failures under pipefail
- phase6_teardown.sh: extract push mirror `.id` instead of `.remote_name`
to match the DELETE /push_mirrors/{id} API contract
- phase5_migrate_pipelines.sh: expand sed regex from `[a-z_]*` to
`[a-z_.]*` to handle nested GitHub contexts like
`github.event.pull_request.number`
- lib/common.sh: render_template now requires explicit variable list to
prevent envsubst from eating Nginx variables ($host, $proxy_add_...)
- backup scripts: remove MacBook relay, use direct Unraid↔Fedora SCP;
fix dump path to write to /data/ (mounted volume) instead of /tmp/
(container-only); add unzip -t integrity verification
- preflight.sh: add --skip-port-checks flag for resuming with
--start-from (ports already bound by earlier phases)
- run_all.sh: update run_step to pass extra args; use --skip-port-checks
when --start-from > 1
- post-checks (phase4/7/9): wrap API calls in helper functions with
>/dev/null redirection instead of passing -o /dev/null as API data
- phase8: replace GitHub archiving with [MIRROR] description marking
and disable wiki/projects/Pages (archived repos reject push mirrors)
- restore_to_primary.sh: add require_vars for Fedora SSH variables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add minimum version validation for all dependencies across local and
remote machines (jq>=1.6, curl>=7.70, git>=2.30, docker>=20.0,
compose>=2.0, shellcheck>=0.8, gh>=2.0). Setup scripts now record
every install action to .manifests/<host>.manifest files, enabling
full rollback via setup/cleanup.sh. teardown_all.sh gains --cleanup
flag to chain prerequisite removal after phase teardowns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- lib/common.sh: add require_local_os, require_remote_os, require_remote_pkg_manager
- setup/macbook.sh: require macOS (Darwin)
- setup/unraid.sh: require remote is Linux
- setup/fedora.sh: require remote is Linux + has dnf (RPM-based)
- manage_runner.sh: native runner add/remove requires macOS
- run_all.sh: control plane must be macOS
- preflight.sh: 3 new checks (1: local=macOS, 2: Unraid=Linux, 3: Fedora=Linux+dnf)
- phase5_migrate_pipelines.sh: fix sed -i to be portable (no macOS-only syntax)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- phase1_gitea_unraid.sh: 9-step deploy (dirs, docker-compose, app.ini,
container start, wait, admin user, API token, save to .env, create org).
Every step has idempotency check — running twice changes nothing.
- phase1_post_check.sh: 5 independent verification checks
- phase1_teardown.sh: stop container + optionally remove data, with prompts
Also adds inline comments to lib/common.sh and preflight.sh explaining
WHY decisions were made (SSH flags, API tmpfile pattern, port checks, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
17 functions: logging (info/warn/error/success/step/phase_header),
env management (load_env/save_env_var/require_vars), SSH wrappers
(ssh_exec/ssh_check/scp_to), API wrappers (gitea_api/gitea_backup_api/
github_api), template rendering, and polling (wait_for_http/wait_for_ssh).
All logs go to stderr, JSON data to stdout. Shellcheck clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
