ops: simplify justfile, guard deploy-db, extract scripts, fix .gitignore

docs/SERVER_SETUP.md

@@ -1,116 +1,62 @@
-# Server Setup (Manual)
+# Server Setup
 
-Since sudo prompts don't work over SSH in justfile, do the initial setup manually.
-
-## One-Time Setup on Server
+## One-time setup on server
 
 ```bash
-# 1. SSH to server
 ssh posterg
-
-# 2. Backup current site (recommended)
-sudo cp -r /var/www/html /var/www/html.backup
-
-# 3. Create new directory structure
 sudo mkdir -p /var/www/posterg
-
-# 4. Set ownership (www-data is the web server user)
 sudo chown www-data:posterg /var/www/posterg
-
-# 5. Set permissions (775 = rwxrwxr-x)
 sudo chmod 775 /var/www/posterg
-
-# 6. Verify
-ls -ld /var/www/posterg
-# Should show: drwxrwxr-x 2 www-data posterg 4096 ... /var/www/posterg
-
-# 7. Exit server
 exit
 ```
 
-## Deploy from Local Machine
+## Deploying the application
+
+Files are pushed via rsync — there is no repo on the server.
 
 ```bash
+# Push all app files
 just deploy
+
+# Push initial database (aborts if remote DB already exists)
+just deploy-db
 ```
 
-## Complete Deployment Process
+## Applying the nginx config
+
+The config is in `nginx/posterg.conf`. Upload it and run the deploy script on the server:
 
 ```bash
-# On server (one time)
-ssh posterg
-sudo mkdir -p /var/www/posterg
-sudo chown www-data:posterg /var/www/posterg
-sudo chmod 775 /var/www/posterg
-exit
-
-# From local machine
-just deploy           # Deploy files
-just deploy-nginx     # Update nginx config
-
-# On server - apply nginx config
-ssh posterg
-sudo bash /tmp/deploy-production.sh
-sudo systemctl reload nginx
-exit
-
-# Verify from local
-just server-status
+rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf
+ssh posterg "sudo bash /var/www/posterg/scripts/deploy-server.sh"
+ssh posterg "sudo systemctl reload nginx"
 ```
 
-## Important Notes
+`scripts/deploy-server.sh` fixes ownership/permissions and installs the nginx config
+from `/tmp/posterg.conf`. It must be run as root.
 
-- **Don't delete `/var/www/html/` yet!** Keep it as backup until you confirm the new structure works
-- The new structure uses `/var/www/posterg/public/` as DocumentRoot
-- Nginx must be updated to point to the new location
-
-## After Confirming Everything Works
-
-Once you've verified the new deployment works:
+## Managing admin users
 
 ```bash
-ssh posterg
-sudo rm -rf /var/www/html.backup  # Remove backup if no longer needed
-sudo rm -rf /var/www/html          # Remove old directory
+ssh posterg "sudo bash /var/www/posterg/scripts/manage-admin-users.sh"
 ```
 
-## Directory Structure on Server
-
-```
-/var/www/
-├── html/              ← OLD (keep as backup for now)
-├── html.backup/       ← BACKUP (can delete later)
-└── posterg/           ← NEW
-    ├── public/        ← DocumentRoot (nginx serves from here)
-    ├── includes/
-    ├── config/
-    ├── database/
-    ├── lib/
-    └── vendor/
-```
+This is an interactive menu for adding, changing, and deleting htpasswd entries
+at `/etc/nginx/.htpasswd-posterg`.
 
 ## Troubleshooting
 
-### Permission denied during deploy
-**Cause:** Directory doesn't exist or has wrong ownership  
-**Fix:** Run the setup commands above
-
 ### Nginx 403 Forbidden
-**Cause:** Wrong permissions on files  
-**Fix:**
 ```bash
 ssh posterg
-cd /var/www/posterg
-sudo chown -R www-data:posterg .
-sudo find . -type d -exec chmod 755 {} \;
-sudo find . -type f -exec chmod 644 {} \;
-sudo chmod 775 database/
-sudo chmod 660 database/*.db
+sudo chown -R www-data:posterg /var/www/posterg
+sudo find /var/www/posterg -type d -exec chmod 755 {} \;
+sudo find /var/www/posterg -type f -exec chmod 644 {} \;
+sudo chmod 775 /var/www/posterg/storage
+sudo chmod 660 /var/www/posterg/storage/*.db
 ```
 
-### Database connection errors
-**Cause:** Database file permissions  
-**Fix:**
+### Database permission error
 ```bash
 ssh posterg
 sudo chown www-data:posterg /var/www/posterg/storage/test.db