feat: better initialization script

Rename `tools/build` → `net_services`

`net_services` can be run from anywhere (previously it was not creating
the fs archives in the right place). It also creates the directories
specified in `.env`, generate a self-signed certificate if no
certificate is available, initialize the first Radicale user if missing,
and copy example configuration files if missing for cgit.

`generate_self_signed_cert` has been removed (its code is in
`net_services`)

3 files changed, 76 insertions, 17 deletions

diff --git a/tools/build b/tools/build
deleted file mode 100755
index 09d7734..0000000
--- a/tools/build
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/bash
-
-for srv in nginx radicale; do
-	tar -czf services/"$srv"/fs.tar.gz -C services/"$srv" .
-done
diff --git a/tools/generate_self_signed_cert b/tools/generate_self_signed_cert
deleted file mode 100755
index b25cdb3..0000000
--- a/tools/generate_self_signed_cert
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/bash
-
-# Creates a self-signed key/certificate pair for a domain and subdomain(s)
-# Usage:
-#	build <domain> [<subdomains>...]
-
-domain=${1:?missing domain argument}
-shift
-subdomains=("$@")
-
-mkcert -install
-mkcert "${subdomains[@]/%/.$domain}" "$domain"
diff --git a/tools/net_services b/tools/net_services
new file mode 100755
index 0000000..64a4fb5
--- /dev/null
+++ b/tools/net_services
@@ -0,0 +1,76 @@
+#!/usr/bin/bash
+set -euo pipefail
+
+script_dir="$(dirname "$(realpath "$0")")"
+root_dir="$(realpath "$script_dir/..")"
+
+env_file="$script_dir/../.env"
+if ! [[ -r "$env_file" ]]; then
+	echo "$env_file is missing" >&2
+	exit 1
+fi
+# shellcheck disable=1090
+source "$env_file"
+
+init() {
+	for service in nginx radicale; do
+		tar -czf "$root_dir/services/$service/fs.tar.gz" -C "$root_dir/services/$service/fs" .
+	done
+
+	local -a dirs=(
+		HOST__SECRET_DIR
+		HOST__GIT_REPO_DIR
+		HOST__CGITRC_DIR
+		HOST__CGIT_FILTER_DIR
+		HOST__CGIT_ABOUT_DIR
+		HOST__RADICALE_USERS_DIR
+		HOST__SYNC_DIR
+	)
+	for envvar_name in "${dirs[@]}"; do
+		local -n dir="$envvar_name"
+		mkdir --parents "$dir"
+	done
+
+	# generate_self_signed_cert <domain> <crt_dst> <key_dst> [<subdomains>...]
+	generate_self_signed_cert() {
+		local crt_dst=${1:?missing crt_dst argument}
+		local key_dst=${2:?missing key_dst argument}
+		local domain=${3:?missing domain argument}
+		shift 3
+		local -a subdomains=("$@")
+		mkcert -install
+		mkcert -cert-file "$crt_dst" -key-file "$key_dst" "${subdomains[@]/%/.$domain}" "$domain"
+	}
+	local crt_file="$HOST__SECRET_DIR/server.crt"
+	local key_file="$HOST__SECRET_DIR/server.key"
+	if ! [[ -e "$crt_file" && -e "$key_file" ]]; then
+		echo "$crt_file or $key_file missing"
+		read -rn 1 -p "Create? (y/n)" input
+		echo
+		if [[ $input == y ]]; then
+			generate_self_signed_cert "$crt_file" "$key_file" "$NGINX__HOST" www git sync dav
+		fi
+	fi
+
+	if ! [[ -e "$HOST__RADICALE_USERS_DIR/.htpasswd" ]]; then
+		read -rp "Initial Radicale username: " username
+		htpasswd -c -B "$HOST__RADICALE_USERS_DIR/.htpasswd" "$username"
+	fi
+
+	cp_if_absent() {
+		local src="${1:?missing src argument}"
+		local dst="${2:?missing dst argument}"
+		if ! [[ -e "$dst" ]]; then cp "$src" "$dst"; fi
+	}
+	cp_if_absent "$root_dir/services/cgit/examples/cgitrc" "$HOST__CGITRC_DIR/cgitrc"
+	cp_if_absent "$root_dir/services/cgit/examples/about.md" "$HOST__CGIT_ABOUT_DIR/about.md"
+	cp_if_absent "$root_dir/services/cgit/examples/commit-filter.sh" "$HOST__CGIT_FILTER_DIR/commit-filter.sh"
+}
+
+case ${1:-} in
+init) init ;;
+*)
+	echo "usage: net_services init"
+	exit 1
+	;;
+esac