cgit: implement initial postinstall logic

Mainly creating `git` user if missing as well as restarting relevant
systemd services.

debian/cgit-config.postinst

@@ -1,12 +1,63 @@
 #!/bin/sh
-#
-# TODO: Handle "$1".
 
-set -e
+set -eu
 
 #DEBHELPER#
 
-# TODO: Setup git user and stuff.
+case "$1" in
+  install|upgrade)
+
+  # Sane defaults:
+  git_home="${GIT_HOME:-/var/git}"
+  git_user="${GIT_USER:-git}"
+  git_name="${GIT_NAME:-git}"
+  git_group="${GIT_GROUP:-www-data}"
+
+  # create user to avoid running server as root
+  # 1. create group if not existing
+  if ! getent group | grep -q "^$git_group:" ; then
+     printf 'Adding group %s..\n' "$git_group"
+     addgroup --quiet --system "$git_group" 2>/dev/null
+     printf '..done\n'
+  fi
+
+  # 2. create homedir if not existing
+  if [ -d "$git_home" ]; then
+    # `/var` *must* exist.
+    mkdir -- "$git_home"
+  fi
+
+  # 3. create user if not existing
+  if ! getent passwd "$git_user"; then
+    printf  'Adding system user %s..\n' "$git_user"
+    # XXX: Do I really want a shell here?
+    adduser --quiet \
+            --system \
+            --ingroup "$git_group" \
+            --home "$git_home" \
+            --shell /bin/bash \
+            --disabled-password \
+            "$git_user"
+    printf '..done\n'
+  fi
+
+  # 4. adjust passwd entry
+  usermod \
+    -c "$git_name" \
+    -d "$git_home" \
+    -g "$git_group" \
+    "$git_user"
+
+  # 5. adjust file and directory permissions
+  if ! dpkg-statoverride --list "$git_home" >/dev/null
+  then
+      chown -R "$git_user":"$git_group" "$git_home"
+      chmod u=rwx,g=rxs,o= "$git_home"
+  fi
 
   deb-systemd-helper enable fcgiwrap
   deb-systemd-invoke restart fcgiwrap
+  deb-systemd-invoke restart nginx
+  ;;
+  # TODO: Handle remove, not that I need it yet though.
+esac