proxmox/scripts/update-service-dependencies.sh

#!/usr/bin/env bash
# Update critical service dependencies after IP changes
# Focuses on Cloudflare, Nginx, and key configuration files

set -euo pipefail

# Load IP configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true


# IP mappings (old -> new)
declare -A IP_MAPPINGS=(
    ["${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-192.168.11.14}}}}}}"]="${IP_CCIP_MONITOR:-192.168.11.28}"  # ccip-monitor-1
    ["${IP_SERVICE_15:-${IP_SERVICE_15:-192.168.11.15}}"]="${IP_SERVICE_29:-${IP_SERVICE_29:-192.168.11.29}}"  # oracle-publisher-1
    ["${IP_SERVICE_18:-${IP_SERVICE_18:-192.168.11.18}}"]="${IP_SERVICE_31:-${IP_SERVICE_31:-192.168.11.31}}"  # gitea
    ["${IP_OMADA:-192.168.11.20}"]="${IP_SERVICE_30:-192.168.11.30}"  # omada
    ["${IP_SERVICE_4:-${IP_SERVICE_4:-192.168.11.4}}"]="${IP_SERVICE_32:-${IP_SERVICE_32:-192.168.11.32}}"   # proxmox-mail-gateway
    ["192.168.11.6"]="${IP_SERVICE_33:-${IP_SERVICE_33:-192.168.11.33}}"   # proxmox-datacenter-manager
    ["192.168.11.7"]="${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-192.168.11.35}}}}}}"   # firefly-1
    ["192.168.11.9"]="${IP_SERVICE_34:-${IP_SERVICE_34:-192.168.11.34}}"   # cloudflared
)

LOG_FILE="/home/intlc/projects/proxmox/dependency_update_log_$(date +%Y%m%d_%H%M%S).log"
BACKUP_DIR="/home/intlc/projects/proxmox/backups/dependency_updates_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"

echo "=== Updating Critical Service Dependencies ===" | tee "$LOG_FILE"
echo "Backup directory: $BACKUP_DIR" | tee -a "$LOG_FILE"
echo ""

# Function to update file
update_file() {
    local file="$1"
    local old_ip="$2"
    local new_ip="$3"
    
    if [ ! -f "$file" ]; then
        return 0
    fi
    
    # Backup file
    cp "$file" "$BACKUP_DIR/$(basename $file).bak" 2>/dev/null || true
    
    # Update file
    if sed -i "s|$old_ip|$new_ip|g" "$file" 2>/dev/null; then
        echo "  ✓ Updated: $file ($old_ip → $new_ip)" | tee -a "$LOG_FILE"
        return 0
    else
        echo "  ✗ Failed: $file" | tee -a "$LOG_FILE"
        return 1
    fi
}

# Critical files to update
CRITICAL_FILES=(
    "docs/05-network/CENTRAL_NGINX_ROUTING_SETUP.md"
    "docs/04-configuration/cloudflare/CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md"
    "scripts/update-cloudflare-tunnel-config.sh"
    "scripts/setup-central-nginx-routing.sh"
)

echo "Updating critical configuration files..." | tee -a "$LOG_FILE"
echo ""

for file in "${CRITICAL_FILES[@]}"; do
    full_path="/home/intlc/projects/proxmox/$file"
    if [ -f "$full_path" ]; then
        echo "Processing: $file"
        for old_ip in "${!IP_MAPPINGS[@]}"; do
            new_ip="${IP_MAPPINGS[$old_ip]}"
            if grep -q "$old_ip" "$full_path" 2>/dev/null; then
                update_file "$full_path" "$old_ip" "$new_ip"
            fi
        done
    fi
done

echo ""
echo "=== Checking Nginx Proxy Manager Routes ===" | tee -a "$LOG_FILE"
echo ""

# Check if Nginx Proxy Manager needs updates
# Note: Nginx Proxy Manager uses a web UI, so we'll document what needs to be updated
NGINX_ROUTES_FILE="$BACKUP_DIR/nginx_routes_to_update.txt"

cat > "$NGINX_ROUTES_FILE" << 'EOF'
# Nginx Proxy Manager Routes That May Need Updates
# Check these routes in the Nginx Proxy Manager web UI (VMID 105: http://${IP_NGINX_LEGACY:-192.168.11.26}:81)

Routes that may reference changed IPs:
- omada routes: Check if any route references ${IP_OMADA:-192.168.11.20} → Update to ${IP_SERVICE_30:-192.168.11.30}
- gitea routes: Check if any route references ${IP_SERVICE_18:-${IP_SERVICE_18:-192.168.11.18}} → Update to ${IP_SERVICE_31:-${IP_SERVICE_31:-192.168.11.31}}
- firefly routes: Check if any route references 192.168.11.7 → Update to ${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-${IP_SERVICE_35:-192.168.11.35}}}}}}

To update:
1. Access Nginx Proxy Manager: http://${IP_NGINX_LEGACY:-192.168.11.26}:81
2. Check each Proxy Host configuration
3. Update Forward Hostname/IP if it references old IPs
EOF

echo "Created: $NGINX_ROUTES_FILE" | tee -a "$LOG_FILE"

echo ""
echo "=== Checking Cloudflare Tunnel Config ===" | tee -a "$LOG_FILE"
echo ""

# Check cloudflared container config
CLOUDFLARE_CHECK_FILE="$BACKUP_DIR/cloudflare_tunnel_check.txt"

cat > "$CLOUDFLARE_CHECK_FILE" << EOF
# Cloudflare Tunnel Configuration Check
# VMID 102 (cloudflared) - IP changed: 192.168.11.9 → ${IP_SERVICE_34:-${IP_SERVICE_34:-192.168.11.34}}

The cloudflared container itself doesn't need config changes (it's the tunnel endpoint).
However, check:

1. Cloudflare Dashboard Tunnel Configuration:
   - If any ingress rules reference 192.168.11.9 directly, update to ${IP_SERVICE_34:-${IP_SERVICE_34:-192.168.11.34}}
   - Most likely, routes go to Nginx Proxy Manager (${IP_NGINX_LEGACY:-192.168.11.26}), which is correct

2. Internal Service Routes:
   - If cloudflared routes directly to services that changed IPs, update those routes
   - Check tunnel config files in VMID 102 container

To check:
ssh root@${PROXMOX_HOST_R630_02:-192.168.11.12} "pct exec 102 -- cat /etc/cloudflared/config.yml"
EOF

echo "Created: $CLOUDFLARE_CHECK_FILE" | tee -a "$LOG_FILE"

echo ""
echo "=== Summary ===" | tee -a "$LOG_FILE"
echo "Files updated: $(find $BACKUP_DIR -name '*.bak' | wc -l)" | tee -a "$LOG_FILE"
echo "Backup directory: $BACKUP_DIR" | tee -a "$LOG_FILE"
echo "Log file: $LOG_FILE" | tee -a "$LOG_FILE"
echo ""
echo "⚠️  Note: Nginx Proxy Manager and Cloudflare Dashboard require manual updates"
echo "   See files in $BACKUP_DIR for details"