chore: sync all changes to Gitea

- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor

scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh

@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+# Add NPMplus proxy host for Sankofa Studio: studio.sankofa.nexus → 192.168.11.72:8000
+#
+# Usage: NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh
+# Or: source .env && bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh
+#
+# Prerequisites: NPM_PASSWORD (and optionally NPM_URL, NPM_EMAIL) in .env or env.
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
+[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u
+
+DOMAIN="studio.sankofa.nexus"
+IP_SANKOFA_STUDIO="${IP_SANKOFA_STUDIO:-192.168.11.72}"
+PORT=8000
+NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
+NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
+NPM_PASSWORD="${NPM_PASSWORD:-}"
+
+if [ -z "$NPM_PASSWORD" ]; then
+  echo "❌ NPM_PASSWORD required. Set in .env or: NPM_PASSWORD=xxx $0"
+  exit 1
+fi
+
+echo "Adding NPMplus proxy: $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT}"
+echo "NPMplus URL: $NPM_URL"
+echo ""
+
+AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
+TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON")
+TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // .accessToken // .access_token // empty' 2>/dev/null)
+
+if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
+  echo "❌ NPMplus authentication failed. Check NPM_URL, NPM_EMAIL, NPM_PASSWORD."
+  echo "$TOKEN_RESPONSE" | jq -r '.message // .error // "unknown"' 2>/dev/null || echo "$TOKEN_RESPONSE"
+  exit 1
+fi
+
+PROXY_HOSTS_JSON=$(curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
+EXISTING_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r ".[] | select(.domain_names[]? == \"$DOMAIN\") | .id" 2>/dev/null | head -1)
+
+if [ -n "$EXISTING_ID" ] && [ "$EXISTING_ID" != "null" ]; then
+  echo "✓ Proxy host for $DOMAIN already exists (ID: $EXISTING_ID). Updating target to ${IP_SANKOFA_STUDIO}:${PORT}..."
+  PAYLOAD=$(jq -n \
+    --arg domain "$DOMAIN" \
+    --arg host "$IP_SANKOFA_STUDIO" \
+    --argjson port "$PORT" \
+    '{
+      domain_names: [$domain],
+      forward_scheme: "http",
+      forward_host: $host,
+      forward_port: $port,
+      allow_websocket_upgrade: false,
+      block_exploits: false,
+      certificate_id: null,
+      ssl_forced: false
+    }')
+  RESP=$(curl -s -k -X PUT "$NPM_URL/api/nginx/proxy-hosts/$EXISTING_ID" \
+    -H "Authorization: Bearer $TOKEN" \
+    -H "Content-Type: application/json" \
+    -d "$PAYLOAD")
+  if echo "$RESP" | jq -e '.id' >/dev/null 2>&1; then
+    echo "✓ Updated $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT}"
+  else
+    echo "❌ Update failed: $(echo "$RESP" | jq -r '.message // .error // "unknown"' 2>/dev/null)"
+    exit 1
+  fi
+else
+  PAYLOAD=$(jq -n \
+    --arg domain "$DOMAIN" \
+    --arg host "$IP_SANKOFA_STUDIO" \
+    --argjson port "$PORT" \
+    '{
+      domain_names: [$domain],
+      forward_scheme: "http",
+      forward_host: $host,
+      forward_port: $port,
+      allow_websocket_upgrade: false,
+      block_exploits: false,
+      certificate_id: null,
+      ssl_forced: false
+    }')
+  RESP=$(curl -s -k -X POST "$NPM_URL/api/nginx/proxy-hosts" \
+    -H "Authorization: Bearer $TOKEN" \
+    -H "Content-Type: application/json" \
+    -d "$PAYLOAD")
+  NEW_ID=$(echo "$RESP" | jq -r '.id // empty' 2>/dev/null)
+  if [ -n "$NEW_ID" ] && [ "$NEW_ID" != "null" ]; then
+    echo "✓ Created proxy host: $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT} (ID: $NEW_ID)"
+  else
+    echo "❌ Create failed: $(echo "$RESP" | jq -r '.message // .error // "unknown"' 2>/dev/null)"
+    exit 1
+  fi
+fi
+echo ""
+echo "Next: Request SSL in NPMplus UI for $DOMAIN and enable Force SSL."
+echo "DNS: Ensure studio.sankofa.nexus resolves (e.g. run scripts/cloudflare/add-studio-sankofa-dns.sh)."

scripts/nginx-proxy-manager/complete-migration.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration

scripts/nginx-proxy-manager/delete-sankofa-proxy-hosts.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Delete sankofa.nexus and phoenix.sankofa.nexus proxy hosts from NPMplus

scripts/nginx-proxy-manager/diagnose-npmplus-error.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration

scripts/nginx-proxy-manager/manual-ssl-config-guide.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration

scripts/nginx-proxy-manager/migrate-configs-to-npmplus.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration
@@ -44,7 +44,7 @@ echo "━━━━━━━━━━━━━━━━━━━━━━━━
 
 # Create migration script to run inside container
 MIGRATE_SCRIPT=$(cat << 'MIGRATE_EOF'
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 NPM_URL="${1}"

scripts/nginx-proxy-manager/migrate-to-npmplus.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration

scripts/nginx-proxy-manager/post-install-migration.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration

scripts/nginx-proxy-manager/reset-npm-password.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration

scripts/nginx-proxy-manager/run-npmplus-migration.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
 # Load IP configuration