Initial commit with server startup infrastructure

Core infrastructure:
- Uber fx dependency injection
- Chi router with middleware stack
- SQLite database with embedded migrations
- Embedded templates and static assets
- Structured logging with slog

Features implemented:
- Authentication (login, logout, session management, argon2id hashing)
- App management (create, edit, delete, list)
- Deployment pipeline (clone, build, deploy, health check)
- Webhook processing for Gitea
- Notifications (ntfy, Slack)
- Environment variables, labels, volumes per app
- SSH key generation for deploy keys

Server startup:
- Server.Run() starts HTTP server on configured port
- Server.Shutdown() for graceful shutdown
- SetupRoutes() wires all handlers with chi router

internal/handlers/setup.go

@@ -0,0 +1,118 @@
+package handlers
+
+import (
+	"net/http"
+
+	"git.eeqj.de/sneak/upaas/templates"
+)
+
+const (
+	// minPasswordLength is the minimum required password length.
+	minPasswordLength = 8
+)
+
+// HandleSetupGET returns the setup page handler.
+func (h *Handlers) HandleSetupGET() http.HandlerFunc {
+	tmpl := templates.GetParsed()
+
+	return func(writer http.ResponseWriter, _ *http.Request) {
+		data := map[string]any{}
+
+		err := tmpl.ExecuteTemplate(writer, "setup.html", data)
+		if err != nil {
+			h.log.Error("template execution failed", "error", err)
+			http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
+		}
+	}
+}
+
+// setupFormData holds form data for the setup page.
+type setupFormData struct {
+	username        string
+	password        string
+	passwordConfirm string
+}
+
+// validateSetupForm validates the setup form and returns an error message if invalid.
+func validateSetupForm(formData setupFormData) string {
+	if formData.username == "" || formData.password == "" {
+		return "Username and password are required"
+	}
+
+	if len(formData.password) < minPasswordLength {
+		return "Password must be at least 8 characters"
+	}
+
+	if formData.password != formData.passwordConfirm {
+		return "Passwords do not match"
+	}
+
+	return ""
+}
+
+// renderSetupError renders the setup page with an error message.
+func renderSetupError(
+	tmpl *templates.TemplateExecutor,
+	writer http.ResponseWriter,
+	username string,
+	errorMsg string,
+) {
+	data := map[string]any{
+		"Username": username,
+		"Error":    errorMsg,
+	}
+	_ = tmpl.ExecuteTemplate(writer, "setup.html", data)
+}
+
+// HandleSetupPOST handles the setup form submission.
+func (h *Handlers) HandleSetupPOST() http.HandlerFunc {
+	tmpl := templates.GetParsed()
+
+	return func(writer http.ResponseWriter, request *http.Request) {
+		parseErr := request.ParseForm()
+		if parseErr != nil {
+			http.Error(writer, "Bad Request", http.StatusBadRequest)
+
+			return
+		}
+
+		formData := setupFormData{
+			username:        request.FormValue("username"),
+			password:        request.FormValue("password"),
+			passwordConfirm: request.FormValue("password_confirm"),
+		}
+
+		if validationErr := validateSetupForm(formData); validationErr != "" {
+			renderSetupError(tmpl, writer, formData.username, validationErr)
+
+			return
+		}
+
+		user, createErr := h.auth.CreateUser(
+			request.Context(),
+			formData.username,
+			formData.password,
+		)
+		if createErr != nil {
+			h.log.Error("failed to create user", "error", createErr)
+			renderSetupError(tmpl, writer, formData.username, "Failed to create user")
+
+			return
+		}
+
+		sessionErr := h.auth.CreateSession(writer, request, user)
+		if sessionErr != nil {
+			h.log.Error("failed to create session", "error", sessionErr)
+			renderSetupError(
+				tmpl,
+				writer,
+				formData.username,
+				"Failed to create session",
+			)
+
+			return
+		}
+
+		http.Redirect(writer, request, "/", http.StatusSeeOther)
+	}
+}