scripts/run-fix-all-from-lan.sh

#!/usr/bin/env bash
# Run fix-all steps that can be automated from the LAN operator machine.
# Manual steps (Windows hosts, UDM Pro hairpin, Alltra/HYBX) are printed at the end.
# Usage: bash scripts/run-fix-all-from-lan.sh [--verify]
#   --verify  also run full verification (can take several minutes)

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
RUN_VERIFY=false
[[ "${1:-}" == "--verify" ]] && RUN_VERIFY=true

cd "$PROJECT_ROOT"

echo "=== Fix All From LAN ==="
echo ""

# 1. Explorer hosts (this machine)
echo "--- 1. Explorer (explorer.d-bis.org) ---"
if grep -q "explorer.d-bis.org" /etc/hosts 2>/dev/null; then
    echo "OK: /etc/hosts already has an entry for explorer.d-bis.org"
    grep "explorer.d-bis.org" /etc/hosts
else
    echo "Add to /etc/hosts (run with sudo):"
    echo "  echo '192.168.11.140 explorer.d-bis.org' | sudo tee -a /etc/hosts"
fi
if curl -sI -o /dev/null -w "%{http_code}" --connect-timeout 5 "https://explorer.d-bis.org/" 2>/dev/null | grep -q 200; then
    echo "OK: https://explorer.d-bis.org/ returns 200 from this host"
else
    echo "WARN: https://explorer.d-bis.org/ did not return 200; add hosts or check network"
fi
echo ""

# 2. Env permissions
echo "--- 2. Env permissions ---"
if [ -f "scripts/security/secure-env-permissions.sh" ]; then
    bash scripts/security/secure-env-permissions.sh
else
    echo "SKIP: scripts/security/secure-env-permissions.sh not found"
fi
echo ""

# 3. Optional: full verification
if [[ "$RUN_VERIFY" == true ]]; then
    echo "--- 3. Full verification ---"
    if [ -f "scripts/verify/run-full-verification.sh" ]; then
        bash scripts/verify/run-full-verification.sh
    else
        echo "SKIP: scripts/verify/run-full-verification.sh not found"
    fi
else
    echo "--- 3. Full verification (skipped) ---"
    echo "Run with --verify to run: bash scripts/verify/run-full-verification.sh"
fi
echo ""

# 4. Manual steps
echo "=== Manual steps (see docs/05-network/FIX_ALL_ISSUES_RUNBOOK.md) ==="
echo ""
echo "• Windows browser: Add to C:\\Windows\\System32\\drivers\\etc\\hosts (as Admin):"
echo "  192.168.11.140 explorer.d-bis.org"
echo "  Then: ipconfig /flushdns"
echo ""
echo "• UDM Pro: Enable NAT loopback (hairpin) so all LAN clients can use explorer.d-bis.org without hosts."
echo ""
echo "• UDM Pro port forward: 76.53.10.36:80/443 → 192.168.11.167 (for external access)."
echo ""
echo "• Alltra/HYBX: Port forward 76.53.10.38 → 192.168.11.169; fix 502s per docs/04-configuration/FIXES_PREPARED.md"
echo ""
chore: update submodule references and documentation - Marked submodules ai-mcp-pmm-controller, explorer-monorepo, and smom-dbis-138 as dirty to reflect recent changes. - Updated documentation to clarify operator script usage, including dotenv loading and task execution instructions. - Enhanced the README and various index files to provide clearer navigation and task completion guidance. Made-with: Cursor 2026-03-04 02:03:08 -08:00			`#!/usr/bin/env bash`
			`# Run fix-all steps that can be automated from the LAN operator machine.`
			`# Manual steps (Windows hosts, UDM Pro hairpin, Alltra/HYBX) are printed at the end.`
			`# Usage: bash scripts/run-fix-all-from-lan.sh [--verify]`
			`# --verify also run full verification (can take several minutes)`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`
			`RUN_VERIFY=false`
			`[[ "${1:-}" == "--verify" ]] && RUN_VERIFY=true`

			`cd "$PROJECT_ROOT"`

			`echo "=== Fix All From LAN ==="`
			`echo ""`

			`# 1. Explorer hosts (this machine)`
			`echo "--- 1. Explorer (explorer.d-bis.org) ---"`
			`if grep -q "explorer.d-bis.org" /etc/hosts 2>/dev/null; then`
			`echo "OK: /etc/hosts already has an entry for explorer.d-bis.org"`
			`grep "explorer.d-bis.org" /etc/hosts`
			`else`
			`echo "Add to /etc/hosts (run with sudo):"`
			`echo " echo '192.168.11.140 explorer.d-bis.org' \| sudo tee -a /etc/hosts"`
			`fi`
			`if curl -sI -o /dev/null -w "%{http_code}" --connect-timeout 5 "https://explorer.d-bis.org/" 2>/dev/null \| grep -q 200; then`
			`echo "OK: https://explorer.d-bis.org/ returns 200 from this host"`
			`else`
			`echo "WARN: https://explorer.d-bis.org/ did not return 200; add hosts or check network"`
			`fi`
			`echo ""`

			`# 2. Env permissions`
			`echo "--- 2. Env permissions ---"`
			`if [ -f "scripts/security/secure-env-permissions.sh" ]; then`
			`bash scripts/security/secure-env-permissions.sh`
			`else`
			`echo "SKIP: scripts/security/secure-env-permissions.sh not found"`
			`fi`
			`echo ""`

			`# 3. Optional: full verification`
			`if [[ "$RUN_VERIFY" == true ]]; then`
			`echo "--- 3. Full verification ---"`
			`if [ -f "scripts/verify/run-full-verification.sh" ]; then`
			`bash scripts/verify/run-full-verification.sh`
			`else`
			`echo "SKIP: scripts/verify/run-full-verification.sh not found"`
			`fi`
			`else`
			`echo "--- 3. Full verification (skipped) ---"`
			`echo "Run with --verify to run: bash scripts/verify/run-full-verification.sh"`
			`fi`
			`echo ""`

			`# 4. Manual steps`
			`echo "=== Manual steps (see docs/05-network/FIX_ALL_ISSUES_RUNBOOK.md) ==="`
			`echo ""`
			`echo "• Windows browser: Add to C:\\Windows\\System32\\drivers\\etc\\hosts (as Admin):"`
			`echo " 192.168.11.140 explorer.d-bis.org"`
			`echo " Then: ipconfig /flushdns"`
			`echo ""`
			`echo "• UDM Pro: Enable NAT loopback (hairpin) so all LAN clients can use explorer.d-bis.org without hosts."`
			`echo ""`
			`echo "• UDM Pro port forward: 76.53.10.36:80/443 → 192.168.11.167 (for external access)."`
			`echo ""`
			`echo "• Alltra/HYBX: Port forward 76.53.10.38 → 192.168.11.169; fix 502s per docs/04-configuration/FIXES_PREPARED.md"`
			`echo ""`