#!/usr/bin/env bash set -euo pipefail # ============================================================================= # phase8_teardown.sh — Reverse the cutover: remove HTTPS, restore GitHub repos # Steps: # 1. Remove Nginx gitea.conf + reload # 2. Remove cert renewal cron # 3. Optionally remove SSL certificates # 4. Restore GitHub repo descriptions, re-enable wiki/projects # ============================================================================= SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" source "${SCRIPT_DIR}/lib/common.sh" load_env require_vars UNRAID_IP UNRAID_SSH_USER \ GITEA_DOMAIN NGINX_CONTAINER_NAME NGINX_CONF_PATH \ SSL_MODE GITHUB_USERNAME GITHUB_TOKEN \ REPO_1_NAME REPO_2_NAME REPO_3_NAME log_warn "=== Phase 8 Teardown: Cutover ===" REPOS=("$REPO_1_NAME" "$REPO_2_NAME" "$REPO_3_NAME") # --------------------------------------------------------------------------- # Step 1: Remove Nginx config and reload # --------------------------------------------------------------------------- if ssh_exec UNRAID "test -f '${NGINX_CONF_PATH}/gitea.conf'" 2>/dev/null; then printf 'Remove Nginx config for %s? [y/N] ' "$GITEA_DOMAIN" read -r confirm if [[ "$confirm" =~ ^[Yy]$ ]]; then ssh_exec UNRAID "rm -f '${NGINX_CONF_PATH}/gitea.conf'" ssh_exec UNRAID "docker exec ${NGINX_CONTAINER_NAME} nginx -s reload" || true log_success "Nginx config removed and reloaded" else log_info "Nginx config preserved" fi else log_info "Nginx config already removed" fi # --------------------------------------------------------------------------- # Step 2: Remove cert renewal cron # --------------------------------------------------------------------------- if ssh_exec UNRAID "crontab -l 2>/dev/null | grep -q certbot" 2>/dev/null; then ssh_exec UNRAID "crontab -l 2>/dev/null | grep -v certbot | crontab -" log_success "Certbot renewal cron removed" else log_info "No certbot cron found" fi # --------------------------------------------------------------------------- # Step 3: Optionally remove SSL certificates (letsencrypt only) # --------------------------------------------------------------------------- if [[ "$SSL_MODE" == "letsencrypt" ]]; then if ssh_exec UNRAID "test -d '/etc/letsencrypt/live/${GITEA_DOMAIN}'" 2>/dev/null; then printf 'Remove SSL certificates for %s? [y/N] ' "$GITEA_DOMAIN" read -r confirm if [[ "$confirm" =~ ^[Yy]$ ]]; then ssh_exec UNRAID "rm -rf '/etc/letsencrypt/live/${GITEA_DOMAIN}' '/etc/letsencrypt/archive/${GITEA_DOMAIN}' '/etc/letsencrypt/renewal/${GITEA_DOMAIN}.conf'" log_success "SSL certificates removed" else log_info "SSL certificates preserved" fi fi fi # --------------------------------------------------------------------------- # Step 4: Restore GitHub repos — description, wiki, projects # The mirror description format is: "[MIRROR] ... — was: ORIGINAL_DESC" # We parse the original description from after "— was: " to restore it. # --------------------------------------------------------------------------- printf 'Restore GitHub repo descriptions and re-enable wiki/projects? [y/N] ' read -r confirm if [[ "$confirm" =~ ^[Yy]$ ]]; then for repo in "${REPOS[@]}"; do CURRENT_DESC=$(github_api GET "/repos/${GITHUB_USERNAME}/${repo}" 2>/dev/null | jq -r '.description // ""') if [[ "$CURRENT_DESC" != "[MIRROR]"* ]]; then log_info "GitHub repo ${repo} not marked as mirror — skipping" continue fi # Extract original description from the mirror description ORIGINAL_DESC="" if [[ "$CURRENT_DESC" == *" — was: "* ]]; then ORIGINAL_DESC="${CURRENT_DESC##* — was: }" fi # Restore description, homepage, and re-enable wiki/projects RESTORE_PAYLOAD=$(jq -n \ --arg description "$ORIGINAL_DESC" \ '{description: $description, homepage: "", has_wiki: true, has_projects: true}') if github_api PATCH "/repos/${GITHUB_USERNAME}/${repo}" "$RESTORE_PAYLOAD" >/dev/null 2>&1; then log_success "Restored GitHub repo: ${repo}" else log_error "Failed to restore GitHub repo: ${repo}" fi done else log_info "GitHub repos left as-is" fi log_success "Phase 8 teardown complete"