Refactor building of packages from papo.im

13 files changed, 144 insertions, 135 deletions

diff --git a/.gitignore b/.gitignore
index d7a8842..71084a0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
-/CHANGELOG.html
+/packages
 /system
-/public/
-/*.sentinel
 /src/secrets/*.txt
diff --git a/Makefile b/Makefile
index fccc3f8..66993db 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,19 @@
 .POSIX:
-NAME         = papo.im
+NAME         = server
 NAME_UC      = $(NAME)
+## Installation prefix.  Defaults to "/usr".
 PREFIX       = /usr
 SHAREDIR     = $(PREFIX)/share
 DOCDIR       = $(SHAREDIR)/doc/$(NAME)
-URL          = $(NAME)
+## Where to store the installation.  Empty by default.
+DESTDIR      =
 TLD          = $(URL)
-LIST         = list@$(URL)
-
 OFFSITE_SSH  = 00000@aa0000.rsync.net
 
 
 
 .SUFFIXES:
-.SUFFIXES: .in .gpg .md .html
+.SUFFIXES: .in .gpg
 
 .in:
 	sed \
@@ -27,36 +27,28 @@ OFFSITE_SSH  = 00000@aa0000.rsync.net
 		< $< > $@
 	if [ -x $< ]; then chmod +x $@; fi
 
-.gpg:
-	gpg -d < $< > $@
-
-.md.html:
-	sh aux/commonmark.sh -N'$(NAME_UC)' -t$(*F) -l en < $< > $@
 
 
+all:
+include deps.mk
 
-prod-secrets.txt.gpg = \
-	src/secrets/borg-passphrase.txt.gpg    \
-	src/secrets/root@$(TLD).id_rsa.txt.gpg \
-
-all-secrets.txt.gpg = \
-	$(prod-secrets.txt.gpg)       \
-	src/secrets/rsync.net.txt.gpg \
-	src/secrets/VPS-root.txt.gpg  \
 
 prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
-all-secrets.txt  =  $(all-secrets.txt.gpg:.gpg=)
+repo-secrets.txt = $(repo-secrets.txt.gpg:.gpg=)
 
 
 derived-assets = \
-	mkdir-public.sentinel       \
-	system.sentinel             \
-	public                      \
-	aux/preamble.md             \
-	CHANGELOG.html              \
+
+side-assets = \
+	$(prod-secrets.txt)            \
+	$(repo-secrets.txt)            \
+	packages                       \
+	system                         \
 
 
 
+## Default target.  Builds all artifacts required for testing
+## and installation.
 all: $(derived-assets)
 
 $(derived-assets) src/config/conf.env: Makefile
@@ -65,10 +57,9 @@ $(derived-assets) src/config/conf.env: Makefile
 src/config/tld.txt: Makefile
 	echo '$(TLD)' > $@
 
-system.sentinel: src/guix/system.scm src/config/tld.txt src/config/conf.env \
-		src/keys/SSH/root@$(URL).id_rsa.pub.stripped
-	guix build -v3 -f src/guix/system.scm
-	touch $@
+packages system: src/guix/packages.scm src/guix/system.scm
+	rm -f $@
+	guix build -r $@ -v3 -Kf src/guix/$@.scm
 
 .SUFFIXES: .stripped
 src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \
@@ -76,14 +67,16 @@ src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \
 	cut -d' ' -f8- < $*.txt > $@
 
 
+check-unit:
+check-integration:
 ## Run all tests.  Each test suite is isolated, so that a parallel
 ## build can run tests at the same time.  The required artifacts
 ## are created if required.
-check:
+check: check-unit check-integration
 
 
 clean:
-	rm -rf $(derived-assets) $(all-secrets.txt)
+	rm -rf $(derived-assets) $(side-assets)
 
 install: all
 	mkdir -p \
@@ -91,38 +84,19 @@ install: all
 	cp -R src/web/* '$(DESTDIR)$(DOCDIR)'
 
 
-mkdir-public.sentinel:
-	mkdir -p public/
-	touch $@
-
-public/CHANGELOG.html: mkdir-public.sentinel CHANGELOG.html
-	cp $(@F) $@
-
-public/TODOs.html:
-public/ci: mkdir-public.sentinel
-	sh src/scripts/report.sh -o $@
-
-
-## Generates the `public/` directory, which contains all static HTML files.
-public: public/CHANGELOG.html public/TODOs.html public/ci
 
 $(all-secrets.txt.gpg):
 	gpg -ae `src/keys/gpg-recipients.sh` < $* > $@
 
-## Import the GPG keys to allow encrypting secrets to them.
-import:
-	sh src/keys/gpg-import.sh
-
 
 ## Print the latest 500 lines of the application and keeps tailing it.
 logs:
-	ssh $(TLD) tail -n500 /var/log/$(NAME).log
+	ssh $(TLD) tail -fn500 /var/log/$(NAME).log
 
 ## Print *all* logs available on the server.
 all-logs:
-	ssh $(TLD) \
-		'gunzip -c /var/log/$(NAME).log.*; cat /var/log/$(NAME).log' | \
-			sort
+	ssh $(TLD) 'nicely cat /var/log/$(NAME).log.* && \
+		nicely gzip -c /var/log/$(NAME).log' | gunzip
 
 
 ## Decrypt $(prod-secrets.txt) in `src/secrets/` and put them in their
@@ -134,24 +108,15 @@ upload-secrets: $(prod-secrets.txt)
 		--chmod=000                                 \
 		-avzP                                       \
 		$(prod-secrets.txt) $(TLD):/opt/secrets/
-	rm -f $(prod-secrets.txt)
 
-## Generate the `.ssh/authorized_keys` file and upload it to $(OFFSITE_SSH).
+
+## Generate the ".ssh/authorized_keys" file and upload
+## it to $(OFFSITE_SSH).
 upload-keys:
-	cat src/keys/SSH/*.txt | \
+	find src/keys/SSH/*.txt | \
+		LANG=POSIX.UTF-8 sort | \
+		xargs cat | \
 		ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys
 
-## Deploy everything that is deployable from the repository when
-## open in the local development machine.
-deploy: upload-secrets upload-keys
-	@printf '\nRunning `git push` to update the deployment.\n'
-	git push
-
-
-MAKEFILE = Makefile
-## Show this help.
-help:
-	cat $(MAKEFILE) | sh aux/makehelp.sh
-
 
 ALWAYS:
diff --git a/deps.mk b/deps.mk
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/deps.mk
diff --git a/mkdeps.sh b/mkdeps.sh
new file mode 100755
index 0000000..a6b23d5
--- /dev/null
+++ b/mkdeps.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -eu
+
+export LANG=POSIX.UTF-8
+
+varlist() {
+	printf '%s = \\\n' "$1"
+	sed 's|^\(.*\)$|\t\1 \\|'
+	printf '\n'
+}
diff --git a/src/guix/packages.scm b/src/guix/packages.scm
index 691b1b1..ce67d79 100644
--- a/src/guix/packages.scm
+++ b/src/guix/packages.scm
@@ -1,80 +1,43 @@
 (define-module (packages)
+  #:use-module ((ice-9 textual-ports) #:prefix textual-ports:)
   #:use-module ((guix licenses) #:prefix licenses:)
-  #:use-module ((ice-9 popen) #:prefix popen:)
-  #:use-module ((ice-9 rdelim) #:prefix rdelim:)
-  #:use-module ((org euandre queue) #:prefix queue:)
-  #:use-module ((xyz euandreh heredoc) #:prefix heredoc:)
+  #:use-module ((json) #:prefix json:)
+  #:use-module (json)
   #:use-module (gnu)
-  #:use-module (guix build utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix download)
   #:use-module (guix packages)
   #:use-module (guix utils))
 (use-package-modules
-  node
+  golang
+  golang-xyz
   sqlite)
-(heredoc:enable-syntax)
 
 
-(define +working-dir+
-  (if (directory-exists? "/opt/deploy/current")
-    "/opt/deploy/current"
-    (canonicalize-path ".")))
 
-(define +version-cmd+ #"-
-  if grep -q deployer /etc/passwd && [ -e /opt/deploy/current ]; then
-  	sudo -u deployer git -C /opt/deploy/current rev-parse HEAD
-  else
-  	git rev-parse HEAD
-  fi
-  "#)
+(define (slurp f)
+  (string-trim-both
+   (call-with-input-file
+    f
+    textual-ports:get-string-all)))
 
-(define +repo-version+
-  (let* ((port (popen:open-input-pipe +version-cmd+))
-         (v (rdelim:read-line port)))
-    (popen:close-pipe port)
-    v))
-
-;; FIXME: this goes to the package repository later, alongside versions for
-;;        other package managers.  The same is true for the papo-service-type.
-(define-public papo
+(define (go-package-0 name)
   (package
-    (name "papo")
-    (version "da4d8a7b62ca33c58c1f37dfdcb8294abefc8afa")
+    (name name)
+    (version (slurp (string-append "src/versions/" name "/version")))
     (source
       (origin
         (method url-fetch)
         (uri
-          (string-append "https://papo.im/git/papo/snapshot/papo-"
+          (string-append "https://papo.im/git/"
+                         name
+                         "/snapshot/"
+                         name
+                         "-"
                          version
                          ".tar.xz"))
         (sha256
-          (base32 "0z08y8nizjb8afy7hscx3l8wqsr2sxc22av5aq9z4k299jkwgp1g"))))
-    (build-system gnu-build-system)  ;; FIXME: posix-build-system
-    (arguments
-      (list
-       #:make-flags
-       #~(list
-          (string-append "PREFIX=" %output)
-          (string-append "CC=" #$(cc-for-target)))
-       #:phases
-       #~(modify-phases %standard-phases
-           (delete 'configure))))
-    (inputs
-      (list
-       node-lts
-       sqlite))
-    (synopsis    "FIXME: slurp from package")
-    (description "FIXME: slurp from package")
-    (home-page   "FIXME: slurp from package")
-    (license licenses:agpl3+)))  ;; "FIXME: also slurp from package
-
-(define-public papo.im
-  (package
-    (name "papo.im")
-    (version +repo-version+)
-    (source
-      (local-file +working-dir+ #:recursive? #t))
+          (base32 (slurp (string-append "src/versions/" name "/sha256"))))))
     (build-system gnu-build-system)
     (arguments
       (list
@@ -83,14 +46,81 @@
           (string-append "PREFIX=" %output))
        #:phases
        #~(modify-phases %standard-phases
-           (delete 'configure))))
-    (inputs
-      (list))
-    (home-page   #f)
+           (delete 'configure)
+           (add-before 'build 'setenv-golang
+             (lambda _
+               (setenv "GOCACHE"
+                       (string-append (getenv "TMPDIR") "/GOCACHE")))))))
+    (native-inputs
+      (list
+       go-1.22))
     (synopsis    #f)
     (description #f)
-    (license     #f)))
+    (home-page   #f)
+    (license licenses:agpl3+)))
+
+(define (go-package-1 name)
+  (let ((base (go-package-0 name)))
+    (package (inherit base)
+      (arguments
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (add-before 'build 'add-gobang-vendored-dependency
+                 (lambda _
+                   (mkdir-p "vendor/euandre.org/gobang/src")
+                   (copy-file
+                    (string-append #$(this-package-native-input "gobang")
+                                   "/src/gobang/lib.go")
+                    "vendor/euandre.org/gobang/src/lib.go")
+                   (call-with-output-file
+                    "vendor/modules.txt"
+                    (lambda (port)
+                      (format port
+                              "~a~%~a~%~a~%~a~%"
+                              "# euandre.org/gobang v0.1.0 => ../gobang"
+                              "## explicit; go 1.21.5"
+                              "euandre.org/gobang/src"
+                              "# euandre.org/gobang => ../gobang")))))))))
+      (native-inputs
+        (modify-inputs (package-native-inputs base)
+          (append gobang))))))
+
+(define (go-package-2 name)
+  (let ((base (go-package-1 name)))
+    (package (inherit base)
+      (arguments
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (add-before 'build 'add-gosqlite3-vendored-dependency
+                 (lambda _
+                   (copy-recursively
+                    (string-append #$(this-package-native-input
+                                      "go-github-com-mattn-go-sqlite3")
+                                   "/src")
+                    "vendor")
+                   (call-with-output-file
+                    "vendor/modules.txt"
+                    (lambda (port)
+                      (format port
+                              "~a~%~a~%~a~%"
+                              "# github.com/mattn/go-sqlite3 v1.14.22"
+                              "## explicit; go 1.19"
+                              "github.com/mattn/go-sqlite3")))))))))
+      (native-inputs
+        (modify-inputs (package-native-inputs base)
+          (append
+           go-github-com-mattn-go-sqlite3
+           `(,sqlite "out")
+           `(,sqlite "static")))))))
+
+
+(define-public gobang (go-package-0 "gobang"))
+(define-public binder (go-package-1 "binder"))
+(define-public papod  (go-package-2 "papod"))
 
 (list
- papo
- papo.im)
+ gobang
+ binder
+ papod)
diff --git a/src/guix/services.scm b/src/guix/services.scm
index c1fceb3..1e5ae4e 100644
--- a/src/guix/services.scm
+++ b/src/guix/services.scm
@@ -58,7 +58,7 @@
       (log-rotation
         (frequency 'weekly)
         (files (list log-file))
-        (options '("rotate 52"))))))
+        (options '("rotate 5200"))))))
 
 (define (papo-activation config)
   (match-record config <papo-configuration>
diff --git a/src/guix/system.scm b/src/guix/system.scm
index 12d96e1..f5c2368 100644
--- a/src/guix/system.scm
+++ b/src/guix/system.scm
@@ -376,7 +376,7 @@
          (log-rotation
            (frequency 'weekly)
            (files '("/var/log/cronjobs.log"))
-           (options '("rotate 52")))))
+           (options '("rotate 5200")))))
       (service fail2ban-service-type)
       (service mcron-service-type
         (mcron-configuration
diff --git a/src/versions/binder/sha256 b/src/versions/binder/sha256
new file mode 100644
index 0000000..488f1bd
--- /dev/null
+++ b/src/versions/binder/sha256
@@ -0,0 +1 @@
+0rjnfpmf709n392fdjd3sbai6dkcf5ga51jgvq89fwbs7xykv114
diff --git a/src/versions/binder/version b/src/versions/binder/version
new file mode 100644
index 0000000..fa91f01
--- /dev/null
+++ b/src/versions/binder/version
@@ -0,0 +1 @@
+31fe7be099fb8f463be3a3db4a4b799501f66571
diff --git a/src/versions/gobang/sha256 b/src/versions/gobang/sha256
new file mode 100644
index 0000000..f23a810
--- /dev/null
+++ b/src/versions/gobang/sha256
@@ -0,0 +1 @@
+1zlr2jzlyzh7c8nkarkfcvd0v2hap1z2458cbvdk1nf212hmvrv7
diff --git a/src/versions/gobang/version b/src/versions/gobang/version
new file mode 100644
index 0000000..f41251b
--- /dev/null
+++ b/src/versions/gobang/version
@@ -0,0 +1 @@
+da9e1e709fd6b046d4672ae1654c382991e07b04
diff --git a/src/versions/papod/sha256 b/src/versions/papod/sha256
new file mode 100644
index 0000000..241499e
--- /dev/null
+++ b/src/versions/papod/sha256
@@ -0,0 +1 @@
+0xji40x9hbjjhazinmgc7isiryfd4k4512k1hhgkx4gskh6r1d28
diff --git a/src/versions/papod/version b/src/versions/papod/version
new file mode 100644
index 0000000..73174c7
--- /dev/null
+++ b/src/versions/papod/version
@@ -0,0 +1 @@
+256e16b04802b4600cee00c39fbad26d1af3ab06