BE: ensure /db - better error #1327

Signed-off-by: jokob-sk <jokob.sk@gmail.com>

install/production-filesystem/entrypoint.d/0-ensure-dir-structure.sh

@@ -1,35 +0,0 @@
-#!/bin/sh
-# 02-ensure-folders.sh - ensure /config and /db exist under /data
-
-set -eu
-
-YELLOW=$(printf '\033[1;33m')
-CYAN=$(printf '\033[1;36m')
-RED=$(printf '\033[1;31m')
-RESET=$(printf '\033[0m')
-
-DATA_DIR=${NETALERTX_DATA:-/data}
-TARGET_CONFIG=${NETALERTX_CONFIG:-${DATA_DIR}/config}
-TARGET_DB=${NETALERTX_DB:-${DATA_DIR}/db}
-
-ensure_folder() {
-    my_path="$1"
-    if [ ! -d "${my_path}" ]; then
-        >&2 printf "%s" "${CYAN}"
-        >&2 echo "Creating missing folder: ${my_path}"
-        >&2 printf "%s" "${RESET}"
-        mkdir -p "${my_path}" || {
-            >&2 printf "%s" "${RED}"
-            >&2 echo "❌ Failed to create folder: ${my_path}"
-            >&2 printf "%s" "${RESET}"
-            exit 1
-        }
-        chmod 700 "${my_path}" 2>/dev/null || true
-    fi
-}
-
-# Ensure subfolders exist
-ensure_folder "${TARGET_CONFIG}"
-ensure_folder "${TARGET_DB}"
-
-exit 0

install/production-filesystem/entrypoint.d/20-first-run-db.sh

@@ -1,31 +1,56 @@
 #!/bin/sh
-# This script checks if the database file exists, and if not, creates it with the initial schema.
-# It is intended to be run at the first start of the application.
+# Ensures the database exists, or creates a new one on first run.
+# Intended to run only at initial startup.
 
-# If ALWAYS_FRESH_INSTALL is true, remove the database to force a rebuild.
-if [ "${ALWAYS_FRESH_INSTALL}" = "true" ]; then
-    if [ -f "${NETALERTX_DB_FILE}" ]; then
-        # Provide feedback to the user.
-        >&2 echo "INFO: ALWAYS_FRESH_INSTALL is true. Removing existing database to force a fresh installation."
-        rm -f "${NETALERTX_DB_FILE}" "${NETALERTX_DB_FILE}-shm" "${NETALERTX_DB_FILE}-wal"
-    fi
-# Otherwise, if the db exists, exit.
-elif [ -f "${NETALERTX_DB_FILE}" ]; then
-    exit 0
-fi
+set -eu
 
+YELLOW=$(printf '\033[1;33m')
 CYAN=$(printf '\033[1;36m')
+RED=$(printf '\033[1;31m')
 RESET=$(printf '\033[0m')
->&2 printf "%s" "${CYAN}"
+
+# Ensure DB folder exists
+if [ ! -d "${NETALERTX_DB}" ]; then
+    if ! mkdir -p "${NETALERTX_DB}"; then
+        >&2 printf "%s" "${RED}"
         >&2 cat <<EOF
 ══════════════════════════════════════════════════════════════════════════════
-🆕  First run detected. Building initial database schema in ${NETALERTX_DB_FILE}.
+❌  Error creating DB folder in: ${NETALERTX_DB}
 
-    Do not interrupt this step. Once complete, consider backing up the fresh
-    database before onboarding sensitive networks.
+A database directory is required for proper operation, however there appear to be
+insufficient permissions on this mount or it is otherwise inaccessible.
+
+More info: https://github.com/jokob-sk/NetAlertX/blob/main/docs/FILE_PERMISSIONS.md
 ══════════════════════════════════════════════════════════════════════════════
 EOF
         >&2 printf "%s" "${RESET}"
+        exit 1
+    fi
+    chmod 700 "${NETALERTX_DB}" 2>/dev/null || true
+fi
+
+# Fresh rebuild requested
+if [ "${ALWAYS_FRESH_INSTALL:-false}" = "true" ] && [ -f "${NETALERTX_DB_FILE}" ]; then
+    >&2 echo "INFO: ALWAYS_FRESH_INSTALL enabled — removing existing database."
+    rm -f "${NETALERTX_DB_FILE}" "${NETALERTX_DB_FILE}-shm" "${NETALERTX_DB_FILE}-wal"
+fi
+
+# If file exists now, nothing to do
+if [ -f "${NETALERTX_DB_FILE}" ]; then
+    exit 0
+fi
+
+>&2 printf "%s" "${CYAN}"
+>&2 cat <<EOF
+══════════════════════════════════════════════════════════════════════════════
+🆕  First run detected — building initial database at: ${NETALERTX_DB_FILE}
+
+    Do not interrupt this step. When complete, consider backing up the fresh
+    DB before onboarding sensitive or critical networks.
+══════════════════════════════════════════════════════════════════════════════
+EOF
+>&2 printf "%s" "${RESET}"
+
 
 # Write all text to db file until we see "end-of-database-schema"
 sqlite3 "${NETALERTX_DB_FILE}" <<'end-of-database-schema'