feat: better initialization script

Rename `tools/build` → `net_services`

`net_services` can be run from anywhere (previously it was not creating
the fs archives in the right place). It also creates the directories
specified in `.env`, generate a self-signed certificate if no
certificate is available, initialize the first Radicale user if missing,
and copy example configuration files if missing for cgit.

`generate_self_signed_cert` has been removed (its code is in
`net_services`)

13 files changed, 137 insertions, 17 deletions

diff --git a/services/cgit/examples/about.md b/services/cgit/examples/about.md
new file mode 100644
index 0000000..9aa4532
--- /dev/null
+++ b/services/cgit/examples/about.md
@@ -0,0 +1,3 @@
+# cgit
+
+Edit this in `about.md`.
diff --git a/services/cgit/examples/cgitrc b/services/cgit/examples/cgitrc
new file mode 100644
index 0000000..631feaa
--- /dev/null
+++ b/services/cgit/examples/cgitrc
@@ -0,0 +1,47 @@
+#
+# Global
+#
+css=/cgit.css
+logo=/cgit.png
+# Formatters
+source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/local/lib/cgit/filters/about-formatting.sh
+commit-filter=/usr/local/lib/cgit/filters/commit/commit-filter.sh
+# Mimetypes (for plain blobs)
+mimetype.gif=image/gif
+mimetype.html=text/html
+mimetype.jpg=image/jpeg
+mimetype.jpeg=image/jpeg
+mimetype.pdf=application/pdf
+mimetype.png=image/png
+mimetype.svg=image/svg+xml
+
+#
+# Cache
+#
+cache-size=1000
+
+#
+# Index
+#
+root-title=Edit this in cgitrc
+root-desc=Edit this in cgitrc
+root-readme=/srv/cgit/about.md
+favicon=/favicon.ico
+
+#
+# Repositories
+#
+enable-index-owner=1
+enable-index-links=1
+enable-commit-graph=1
+enable-log-filecount=1
+enable-log-linecount=1
+repository-sort=age
+remove-suffix=1
+max-stats=year
+snapshots=tar.gz zip
+clone-url=http://localhost:8080/$CGIT_REPO_URL
+readme=:readme.md
+# This setting must be set last because settings set after repos are scanned are not applied
+scan-path=/srv/git
diff --git a/services/cgit/examples/commit-filter.sh b/services/cgit/examples/commit-filter.sh
new file mode 100755
index 0000000..3b6dbd2
--- /dev/null
+++ b/services/cgit/examples/commit-filter.sh
@@ -0,0 +1,11 @@
+regex=''
+
+# This expression generates links to commits referenced by their SHA1.
+regex=$regex'
+s|\b([0-9a-fA-F]{7,64})\b|<a href="./?id=\1">\1</a>|g'
+
+# This expression generates links to a fictional bugtracker.
+regex=$regex'
+s|#([0-9]+)\b|<a href="http://bugs.example.com/?bug=\1">#\1</a>|g'
+
+sed -re "$regex"
diff --git a/services/nginx/etc/nginx/templates/default.conf.template b/services/nginx/fs/etc/nginx/templates/default.conf.template
index f90b61a..f90b61a 100644
--- a/services/nginx/etc/nginx/templates/default.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/default.conf.template
diff --git a/services/nginx/etc/nginx/templates/services/cgit.conf.template b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template
index c0fa070..c0fa070 100644
--- a/services/nginx/etc/nginx/templates/services/cgit.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template
diff --git a/services/nginx/etc/nginx/templates/services/radicale.conf.template b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template
index d6e4617..d6e4617 100644
--- a/services/nginx/etc/nginx/templates/services/radicale.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template
diff --git a/services/nginx/etc/nginx/templates/services/syncthing.conf.template b/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template
index 31c90bb..31c90bb 100644
--- a/services/nginx/etc/nginx/templates/services/syncthing.conf.template
+++ b/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template
diff --git a/services/nginx/sbin/cmd.bash b/services/nginx/fs/sbin/cmd.bash
index e024b4f..e024b4f 100755
--- a/services/nginx/sbin/cmd.bash
+++ b/services/nginx/fs/sbin/cmd.bash
diff --git a/services/radicale/etc/radicale/conf.ini b/services/radicale/fs/etc/radicale/conf.ini
index 2af4af9..2af4af9 100644
--- a/services/radicale/etc/radicale/conf.ini
+++ b/services/radicale/fs/etc/radicale/conf.ini
diff --git a/services/radicale/sbin/cmd.sh b/services/radicale/fs/sbin/cmd.sh
index 4d09e75..4d09e75 100755
--- a/services/radicale/sbin/cmd.sh
+++ b/services/radicale/fs/sbin/cmd.sh
diff --git a/tools/build b/tools/build
deleted file mode 100755
index 09d7734..0000000
--- a/tools/build
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/bash
-
-for srv in nginx radicale; do
-	tar -czf services/"$srv"/fs.tar.gz -C services/"$srv" .
-done
diff --git a/tools/generate_self_signed_cert b/tools/generate_self_signed_cert
deleted file mode 100755
index b25cdb3..0000000
--- a/tools/generate_self_signed_cert
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/bash
-
-# Creates a self-signed key/certificate pair for a domain and subdomain(s)
-# Usage:
-#	build <domain> [<subdomains>...]
-
-domain=${1:?missing domain argument}
-shift
-subdomains=("$@")
-
-mkcert -install
-mkcert "${subdomains[@]/%/.$domain}" "$domain"
diff --git a/tools/net_services b/tools/net_services
new file mode 100755
index 0000000..64a4fb5
--- /dev/null
+++ b/tools/net_services
@@ -0,0 +1,76 @@
+#!/usr/bin/bash
+set -euo pipefail
+
+script_dir="$(dirname "$(realpath "$0")")"
+root_dir="$(realpath "$script_dir/..")"
+
+env_file="$script_dir/../.env"
+if ! [[ -r "$env_file" ]]; then
+	echo "$env_file is missing" >&2
+	exit 1
+fi
+# shellcheck disable=1090
+source "$env_file"
+
+init() {
+	for service in nginx radicale; do
+		tar -czf "$root_dir/services/$service/fs.tar.gz" -C "$root_dir/services/$service/fs" .
+	done
+
+	local -a dirs=(
+		HOST__SECRET_DIR
+		HOST__GIT_REPO_DIR
+		HOST__CGITRC_DIR
+		HOST__CGIT_FILTER_DIR
+		HOST__CGIT_ABOUT_DIR
+		HOST__RADICALE_USERS_DIR
+		HOST__SYNC_DIR
+	)
+	for envvar_name in "${dirs[@]}"; do
+		local -n dir="$envvar_name"
+		mkdir --parents "$dir"
+	done
+
+	# generate_self_signed_cert <domain> <crt_dst> <key_dst> [<subdomains>...]
+	generate_self_signed_cert() {
+		local crt_dst=${1:?missing crt_dst argument}
+		local key_dst=${2:?missing key_dst argument}
+		local domain=${3:?missing domain argument}
+		shift 3
+		local -a subdomains=("$@")
+		mkcert -install
+		mkcert -cert-file "$crt_dst" -key-file "$key_dst" "${subdomains[@]/%/.$domain}" "$domain"
+	}
+	local crt_file="$HOST__SECRET_DIR/server.crt"
+	local key_file="$HOST__SECRET_DIR/server.key"
+	if ! [[ -e "$crt_file" && -e "$key_file" ]]; then
+		echo "$crt_file or $key_file missing"
+		read -rn 1 -p "Create? (y/n)" input
+		echo
+		if [[ $input == y ]]; then
+			generate_self_signed_cert "$crt_file" "$key_file" "$NGINX__HOST" www git sync dav
+		fi
+	fi
+
+	if ! [[ -e "$HOST__RADICALE_USERS_DIR/.htpasswd" ]]; then
+		read -rp "Initial Radicale username: " username
+		htpasswd -c -B "$HOST__RADICALE_USERS_DIR/.htpasswd" "$username"
+	fi
+
+	cp_if_absent() {
+		local src="${1:?missing src argument}"
+		local dst="${2:?missing dst argument}"
+		if ! [[ -e "$dst" ]]; then cp "$src" "$dst"; fi
+	}
+	cp_if_absent "$root_dir/services/cgit/examples/cgitrc" "$HOST__CGITRC_DIR/cgitrc"
+	cp_if_absent "$root_dir/services/cgit/examples/about.md" "$HOST__CGIT_ABOUT_DIR/about.md"
+	cp_if_absent "$root_dir/services/cgit/examples/commit-filter.sh" "$HOST__CGIT_FILTER_DIR/commit-filter.sh"
+}
+
+case ${1:-} in
+init) init ;;
+*)
+	echo "usage: net_services init"
+	exit 1
+	;;
+esac