Use session_secret for signed auth session tokens

backend/app/services/setup_service.py

@@ -100,8 +100,25 @@ async def run_setup(
 
     await _ensure_database_initialized(database_path)
 
-    # Mark setup as complete — must be last so a partial failure leaves
-    # setup_completed unset and does not lock out the user.
+    runtime_db: aiosqlite.Connection | None = None
+    try:
+        runtime_db = await open_db(database_path)
+        await settings_repo.set_setting(runtime_db, _KEY_PASSWORD_HASH, hashed)
+        await settings_repo.set_setting(runtime_db, _KEY_DATABASE_PATH, database_path)
+        await settings_repo.set_setting(runtime_db, _KEY_FAIL2BAN_SOCKET, fail2ban_socket)
+        await settings_repo.set_setting(runtime_db, _KEY_TIMEZONE, timezone)
+        await settings_repo.set_setting(
+            runtime_db, _KEY_SESSION_DURATION, str(session_duration_minutes)
+        )
+        await settings_repo.set_setting(runtime_db, _KEY_MAP_COLOR_THRESHOLD_HIGH, "100")
+        await settings_repo.set_setting(runtime_db, _KEY_MAP_COLOR_THRESHOLD_MEDIUM, "50")
+        await settings_repo.set_setting(runtime_db, _KEY_MAP_COLOR_THRESHOLD_LOW, "20")
+        await settings_repo.set_setting(runtime_db, _KEY_SETUP_DONE, "1")
+    finally:
+        if runtime_db is not None:
+            await runtime_db.close()
+
+    # Mark setup as complete in the bootstrap configuration as the final step.
     await settings_repo.set_setting(db, _KEY_SETUP_DONE, "1")
 
     log.info("bangui_setup_completed")