diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 55 | ||||
| -rw-r--r-- | src/guix/system.scm | 2 |
3 files changed, 23 insertions, 35 deletions
@@ -1,3 +1,4 @@ /*.scm /*.sentinel /src/secrets/*.txt +/src/tld.txt @@ -1,32 +1,13 @@ .POSIX: NAME = server NAME_UC = $(NAME) -## Installation prefix. Defaults to "/usr". -PREFIX = /usr -SHAREDIR = $(PREFIX)/share -DOCDIR = $(SHAREDIR)/doc/$(NAME) -## Where to store the installation. Empty by default. -DESTDIR = -URL = papo.im -TLD = $(URL) -OFFSITE_SSH = 00000@aa0000.rsync.net +TLD = papo.im +OFFSITE_SSH = zh4539@zh4539.rsync.net +APP = papod .SUFFIXES: -.SUFFIXES: .in .gpg - -.in: - sed \ - -e 's:@OFFSITE_SSH@:$(OFFSITE_SSH):g' \ - -e 's:@VERSION@:$(VERSION):g' \ - -e 's:@DATE@:$(DATE):g' \ - -e 's:@NAME@:$(NAME):g' \ - -e 's:@LIST@:$(LIST):g' \ - -e 's:@URL@:$(URL):g' \ - -e 's:@TLD@:$(TLD):g' \ - < $< > $@ - if [ -x $< ]; then chmod +x $@; fi @@ -39,6 +20,7 @@ repo-secrets.txt = $(repo-secrets.txt.gpg:.gpg=) derived-assets = \ + src/tld.txt \ packages.scm.sentinel \ system.scm.sentinel \ @@ -54,14 +36,14 @@ side-assets = \ ## and installation. all: $(derived-assets) -$(derived-assets) src/config/conf.env: Makefile +$(derived-assets): Makefile -src/config/tld.txt: Makefile +src/tld.txt: echo '$(TLD)' > $@ packages.scm.sentinel: src/guix/packages.scm -system.scm.sentinel: src/guix/packages.scm src/guix/system.scm +system.scm.sentinel: src/guix/packages.scm src/guix/system.scm src/tld.txt packages.scm.sentinel system.scm.sentinel: rm -f `basename $@ .sentinel`* guix build -v3 -r`basename $@ .sentinel` -Kf src/guix/`basename $@ .sentinel` @@ -73,36 +55,41 @@ src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \ cut -d' ' -f8- < $*.txt > $@ + check-unit: + check-integration: + ## Run all tests. Each test suite is isolated, so that a parallel ## build can run tests at the same time. The required artifacts -## are created if required. +## are created if missing. check: check-unit check-integration + +## Remove *all* derived artifacts produced during the build. +## A dedicated test asserts that this is always true. clean: rm -rf $(derived-assets) $(side-assets) -install: all - mkdir -p \ - '$(DESTDIR)$(DOCDIR)' - cp -R src/web/* '$(DESTDIR)$(DOCDIR)' +.SUFFIXES: .gpg +.gpg: + gpg -d < $< > $@ $(all-secrets.txt.gpg): gpg -ae `src/keys/gpg-recipients.sh` < $* > $@ -## Print the latest 500 lines of the application and keeps tailing it. +## Prints the latest 500 lines of the application and keeps tailing it. logs: - ssh $(TLD) tail -fn500 /var/log/$(NAME).log + ssh $(TLD) tail -fn500 /var/log/$(APP).log ## Print *all* logs available on the server. all-logs: - ssh $(TLD) 'nicely cat /var/log/$(NAME).log.* && \ - nicely gzip -c /var/log/$(NAME).log' | gunzip + ssh $(TLD) 'nicely cat /var/log/$(APP).log.* && \ + nicely gzip -c /var/log/$(APP).log' | gunzip ## Decrypt $(prod-secrets.txt) in `src/secrets/` and put them in their diff --git a/src/guix/system.scm b/src/guix/system.scm index c45a848..e4288db 100644 --- a/src/guix/system.scm +++ b/src/guix/system.scm @@ -39,7 +39,7 @@ ((compose string-trim-right pkg:slurp path) - "src/config/tld.txt")) + "src/tld.txt")) (define +cert.pem+ (pkg:str "/etc/letsencrypt/live/" +tld+ "/cert.pem")) (define +privkey.pem+ (pkg:str "/etc/letsencrypt/live/" +tld+ "/privkey.pem")) |