CADDY_DOMAIN was required/validated/prompted but never used — the
Caddyfile only referenced GITEA_DOMAIN, producing a single-domain
cert. Now the template uses *.CADDY_DOMAIN as the site address
(wildcard cert) with a host matcher routing GITEA_DOMAIN to Gitea.
This means the cert covers all subdomains under the base domain.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Caddy reverse proxy container using slothcroissant/caddy-cloudflaredns
image for DNS-01 TLS. Joins the macvlan gitea_net network with a
static IP. CADDY_ENV_VARS and CADDY_EXTRA_VOLUMES are populated by
phase8 based on TLS_MODE (cloudflare vs existing cert paths).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Template uses TLS_BLOCK placeholder that phase8 populates based on
TLS_MODE: cloudflare (DNS-01 wildcard via Cloudflare API) or
existing (manual cert/key paths). Reverse proxies to Gitea container
on its macvlan IP.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove ports: section (no more host port mapping). Add networks:
with static ipv4_address for gitea and db containers. Reference
external gitea_net network (macvlan created by phase scripts).
Add DB_CONTAINER_IP for database service networking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add DB_SERVICE_START/END markers for the database container and
DB_DEPENDS_START/END for the gitea service depends_on. Phase scripts
strip these blocks for sqlite3 and populate DB-specific vars
(image, env, healthcheck, data dir) for mysql/postgres/mssql.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase scripts strip the irrelevant block after render_template:
sqlite3 removes EXTDB_BLOCK, external DBs remove SQLITE_BLOCK.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace pipe-delimited runners.conf with INI-style sections supporting
host resolution, container images, repo-scoped tokens, resource limits,
capacity, and SSH key passthrough. All defaults pulled from .env.
- Add INI parsing helpers (ini_list_sections, ini_get, ini_set) to common.sh
- Add SSH key support (UNRAID_SSH_KEY, FEDORA_SSH_KEY) to ssh_exec/scp_to
- Add .env vars: RUNNER_DEFAULT_IMAGE, RUNNER_DEFAULT_CAPACITY,
RUNNER_DEFAULT_DATA_PATH, LOCAL_RUNNER_DATA_PATH, LOCAL_REGISTRY
- Rewrite manage_runner.sh with host/image/token resolution and resource limits
- Rewrite configure_runners.sh wizard for INI format with all 9 fields
- Update phase3 scripts to use ini_list_sections instead of pipe parsing
- Add runners.conf INI validation to preflight.sh (check 5b)
- Update templates to use resolved labels, capacity, and deploy resources
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
