Implement full OpenVPN lifecycle: provisioning, removal, IP allocation, and SSH integration

src/main/java/com/litoralregas/openvpn/openvpn/OpenVpnService.java

@@ -113,4 +113,28 @@ public class OpenVpnService {
     public boolean isDryRun() {
         return properties.isProvisionDryRun();
     }
+
+    public String buildRemoveCommand(String clientName, String lanSubnet) {
+        validateShellSafe(clientName);
+        validateShellSafe(lanSubnet);
+
+        return properties.getToolsPath()
+                + "/remove-client.sh "
+                + clientName + " "
+                + lanSubnet;
+    }
+
+    public SshCommandResult removeClient(String clientName, String lanSubnet) {
+        String command = buildRemoveCommand(clientName, lanSubnet);
+
+        if (properties.isProvisionDryRun()) {
+            return new SshCommandResult(
+                    0,
+                    "DRY RUN ONLY. Would execute: " + command,
+                    ""
+            );
+        }
+
+        return sshService.executeOnConfiguredVps(command);
+    }
 }

src/main/java/com/litoralregas/openvpn/router/RouterController.java

@@ -45,13 +45,6 @@ public class RouterController {
         return service.findById(id);
     }
 
-    @PatchMapping("/{id}/status")
-    public Router updateStatus(
-            @PathVariable UUID id,
-            @Valid @RequestBody UpdateRouterStatusRequest request
-    ) {
-        return service.updateStatus(id, request);
-    }
 
     @DeleteMapping("/{id}")
     public void delete(@PathVariable UUID id) {
@@ -122,21 +115,32 @@ public class RouterController {
         var deployment = deploymentService.startDeployment(router, DeploymentAction.REMOVE);
 
         try {
-            service.forceStatus(id, RouterStatus.PROVISIONING); // or REMOVING if you want later
+            service.forceStatus(id, RouterStatus.REMOVING);
 
-            var result = sshService.executeOnConfiguredVps(
-                    "echo 'Removing router: " + router.getName() + "' && whoami && hostname"
+            var allocation = ipAllocationService.findByRouterId(id);
+
+            var result = openVpnService.removeClient(
+                    allocation.getClientName(),
+                    allocation.getLanSubnet()
             );
 
             if (result.exitCode() != 0) {
-                throw new IllegalStateException(result.stderr());
+                throw new IllegalStateException(
+                        "Remove failed. stdout: " + result.stdout()
+                                + " stderr: " + result.stderr()
+                );
             }
 
             var finished = deploymentService.finishSuccess(
                     deployment,
                     result.stdout()
             );
+
+            if (openVpnService.isDryRun()) {
+                service.forceStatus(id, RouterStatus.PROVISIONED);
+            } else {
                 service.forceStatus(id, RouterStatus.REMOVED);
+            }
 
             return DeploymentResponse.from(finished);
         } catch (Exception e) {