CADDY_DOMAIN was required/validated/prompted but never used — the
Caddyfile only referenced GITEA_DOMAIN, producing a single-domain
cert. Now the template uses *.CADDY_DOMAIN as the site address
(wildcard cert) with a host matcher routing GITEA_DOMAIN to Gitea.
This means the cert covers all subdomains under the base domain.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Identical copies of _set_db_vars() and _strip_block() existed in
phase1, phase2, and phase8. Moved to lib/common.sh as set_db_vars()
and strip_template_block() (public API, no underscore prefix).
Removed dead _strip_block definition from phase8 (defined but never called).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add setup/cross_host_ssh.sh to establish ed25519 SSH trust between
Unraid and Fedora (required by backup/restore scripts for direct SCP)
- Add ssh_key and authorized_key cleanup handlers to setup/cleanup.sh
- Rewrite phase8 cutover to mark GitHub repos as mirrors instead of
archiving them (archived repos reject push mirror writes), with a
JSON state snapshot of pre-cutover settings (description, homepage,
wiki, projects, Pages) for exact restoration on teardown
- Rewrite phase8 teardown to restore from state snapshot with fallback
to legacy "— was:" description parsing
- Make migration polling configurable via MIGRATION_POLL_INTERVAL_SEC
and MIGRATION_POLL_TIMEOUT_SEC in .env (was hardcoded 120s/3s)
- Fix preflight SSL validation: check SSL_MODE instead of always
requiring SSL_EMAIL, add conditional checks per SSL_MODE
- Add preflight checks 23-24: cross-host SSH connectivity
- Add --start-from range validation and cross_host_ssh.sh to run_all.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- teardown_all.sh: replace `yes |` pipeline with `< <(yes)` process
substitution to avoid SIGPIPE (exit 141) false failures under pipefail
- phase6_teardown.sh: extract push mirror `.id` instead of `.remote_name`
to match the DELETE /push_mirrors/{id} API contract
- phase5_migrate_pipelines.sh: expand sed regex from `[a-z_]*` to
`[a-z_.]*` to handle nested GitHub contexts like
`github.event.pull_request.number`
- lib/common.sh: render_template now requires explicit variable list to
prevent envsubst from eating Nginx variables ($host, $proxy_add_...)
- backup scripts: remove MacBook relay, use direct Unraid↔Fedora SCP;
fix dump path to write to /data/ (mounted volume) instead of /tmp/
(container-only); add unzip -t integrity verification
- preflight.sh: add --skip-port-checks flag for resuming with
--start-from (ports already bound by earlier phases)
- run_all.sh: update run_step to pass extra args; use --skip-port-checks
when --start-from > 1
- post-checks (phase4/7/9): wrap API calls in helper functions with
>/dev/null redirection instead of passing -o /dev/null as API data
- phase8: replace GitHub archiving with [MIRROR] description marking
and disable wiki/projects/Pages (archived repos reject push mirrors)
- restore_to_primary.sh: add require_vars for Fedora SSH variables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
