diff options
| -rw-r--r-- | Makefile | 22 | ||||
| -rwxr-xr-x | src/ci/git-pre-receive.sh | 2 | ||||
| -rwxr-xr-x | src/keys/gpg-import.sh | 8 | ||||
| -rwxr-xr-x | src/keys/gpg-recipients.sh | 6 | ||||
| -rwxr-xr-x | src/scripts/reconfigure.sh | 10 | ||||
| -rwxr-xr-x | src/scripts/report.sh | 4 |
6 files changed, 26 insertions, 26 deletions
@@ -46,8 +46,8 @@ all-secrets.txt = $(all-secrets.txt.gpg:.gpg=) generated-assets = \ - tld.txt \ - src/infrastructure/config/conf.env \ + tld.txt \ + src/config/conf.env \ derived-assets = \ $(generated-assets) \ @@ -70,14 +70,14 @@ $(derived-assets): Makefile tld.txt: echo '$(TLD)' > $@ -system.sentinel: src/infrastructure/guix/system.scm tld.txt \ - src/infrastructure/keys/SSH/root@$(URL).id_rsa.pub.stripped - guix build -v3 -f src/infrastructure/guix/system.scm +system.sentinel: src/guix/system.scm tld.txt \ + src/keys/SSH/root@$(URL).id_rsa.pub.stripped + guix build -v3 -f src/guix/system.scm touch $@ .SUFFIXES: .stripped -src/infrastructure/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \ - src/infrastructure/keys/SSH/root@$(TLD).id_rsa.pub.txt +src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \ + src/keys/SSH/root@$(TLD).id_rsa.pub.txt cut -d' ' -f8- < $*.txt > $@ @@ -100,18 +100,18 @@ public/CHANGELOG.html: mkdir-public.sentinel CHANGELOG.html public/TODOs.html: public/ci: mkdir-public.sentinel - sh src/infrastructure/scripts/report.sh -o $@ + sh src/scripts/report.sh -o $@ ## Generates the `public/` directory, which contains all static HTML files. public: public/CHANGELOG.html public/TODOs.html public/ci $(all-secrets.txt.gpg): - gpg -ae `src/infrastructure/keys/gpg-recipients.sh` < $* > $@ + gpg -ae `src/keys/gpg-recipients.sh` < $* > $@ ## Import the GPG keys to allow encrypting secrets to them. import: - sh src/infrastructure/keys/gpg-import.sh + sh src/keys/gpg-import.sh ## Print the latest 500 lines of the application and keeps tailing it. @@ -138,7 +138,7 @@ upload-secrets: $(prod-secrets.txt) ## Generate the `.ssh/authorized_keys` file and upload it to $(OFFSITE_SSH). upload-keys: - cat src/infrastructure/keys/SSH/*.txt | \ + cat src/keys/SSH/*.txt | \ ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys ## Deploy everything that is deployable from the repository when diff --git a/src/ci/git-pre-receive.sh b/src/ci/git-pre-receive.sh index 8cd83ee..051aec5 100755 --- a/src/ci/git-pre-receive.sh +++ b/src/ci/git-pre-receive.sh @@ -9,6 +9,6 @@ if [ "$SHA" = '0000000000000000000000000000000000000000' ]; then fi printf 'Upgrading post-receive hook...' >&2 -git show "$SHA":src/infrastructure/ci/git-post-receive.sh > hooks/post-receive +git show "$SHA":src/ci/git-post-receive.sh > hooks/post-receive chmod +x hooks/post-receive printf 'done.\n' >&2 diff --git a/src/keys/gpg-import.sh b/src/keys/gpg-import.sh index 63d2347..20317bf 100755 --- a/src/keys/gpg-import.sh +++ b/src/keys/gpg-import.sh @@ -17,8 +17,8 @@ help() { -h, --help show this message - Import GPG keys under src/infrastructure/keys/GPG/ and mark them as - trusted, so that they can be used as recipients for encryption. + Import GPG keys under src/keys/GPG/ and mark them as trusted, so + that they can be used as recipients for encryption. Examples: @@ -61,9 +61,9 @@ done shift $((OPTIND - 1)) -gpg --import src/infrastructure/keys/GPG/* +gpg --import src/keys/GPG/* -gpg --with-colons --show-key src/infrastructure/keys/GPG/* | +gpg --with-colons --show-key src/keys/GPG/* | awk -F: '$1 == "fpr" { print $10 }' | while read -r fpr; do printf '5\ny\n' | diff --git a/src/keys/gpg-recipients.sh b/src/keys/gpg-recipients.sh index ad6e522..b2951b7 100755 --- a/src/keys/gpg-recipients.sh +++ b/src/keys/gpg-recipients.sh @@ -17,8 +17,8 @@ help() { -h, --help show this message - Process GPG keys under src/infrastructure/keys/GPG/, and emit - the command-line flags to be given to the `gpg` command, as in: + Process GPG keys under src/keys/GPG/, and emit the command-line + flags to be given to the `gpg` command, as in: $ gpg -r KEY1 -r KEY2 ... @@ -67,5 +67,5 @@ done shift $((OPTIND - 1)) -gpg --with-colons --show-key src/infrastructure/keys/GPG/* | +gpg --with-colons --show-key src/keys/GPG/* | awk -F: '$1 == "fpr" { printf " -r %s", $10 }' diff --git a/src/scripts/reconfigure.sh b/src/scripts/reconfigure.sh index 8fa47c5..08585b3 100755 --- a/src/scripts/reconfigure.sh +++ b/src/scripts/reconfigure.sh @@ -121,14 +121,14 @@ sudo -u deployer --preserve-env=GIT_CONFIG_GLOBAL git checkout "$SHA" guix system describe if [ "$DRY_RUN" = true ]; then - sudo -i guix system -c$NPROC -v3 build "$PWD"/src/infrastructure/guix/system.scm + sudo -i guix system -c$NPROC -v3 build "$PWD"/src/guix/system.scm else # COMMENT: pre-receive is always running the previous version! # The same is true for the reconfigure script itself. - cp description "$REPO"/description - cp src/infrastructure/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive - cp src/infrastructure/guix/channels.scm /etc/guix/ - cp src/infrastructure/guix/system.scm /etc/guix/ + cp description "$REPO"/description + cp src/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive + cp src/guix/channels.scm /etc/guix/ + cp src/guix/system.scm /etc/guix/ sudo -i guix system -c$NPROC -v3 reconfigure /etc/guix/system.scm diff --git a/src/scripts/report.sh b/src/scripts/report.sh index e14e40a..d9f0786 100755 --- a/src/scripts/report.sh +++ b/src/scripts/report.sh @@ -119,8 +119,8 @@ if [ -z "${OUTDIR:-}" ]; then exit 2 fi -if [ -r src/infrastructure/config/conf.env ]; then - CONF=src/infrastructure/config/conf.env +if [ -r src/config/conf.env ]; then + CONF=src/config/conf.env else CONF=/etc/conf.env fi |