.POSIX:
NAME         = server
NAME_UC      = $(NAME)
## Installation prefix.  Defaults to "/usr".
PREFIX       = /usr
SHAREDIR     = $(PREFIX)/share
DOCDIR       = $(SHAREDIR)/doc/$(NAME)
## Where to store the installation.  Empty by default.
DESTDIR      =
URL          = papo.im
TLD          = $(URL)
OFFSITE_SSH  = 00000@aa0000.rsync.net



.SUFFIXES:
.SUFFIXES: .in .gpg

.in:
	sed \
		-e 's:@OFFSITE_SSH@:$(OFFSITE_SSH):g' \
		-e 's:@VERSION@:$(VERSION):g'         \
		-e 's:@DATE@:$(DATE):g'               \
		-e 's:@NAME@:$(NAME):g'               \
		-e 's:@LIST@:$(LIST):g'               \
		-e 's:@URL@:$(URL):g'                 \
		-e 's:@TLD@:$(TLD):g'                 \
		< $< > $@
	if [ -x $< ]; then chmod +x $@; fi



all:
include deps.mk


prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
repo-secrets.txt = $(repo-secrets.txt.gpg:.gpg=)


derived-assets = \
	packages.scm.sentinel          \
	system.scm.sentinel            \

side-assets = \
	$(prod-secrets.txt)            \
	$(repo-secrets.txt)            \
	packages.scm                   \
	system.scm                     \



## Default target.  Builds all artifacts required for testing
## and installation.
all: $(derived-assets)

$(derived-assets) src/config/conf.env: Makefile


src/config/tld.txt: Makefile
	echo '$(TLD)' > $@

packages.scm.sentinel: src/guix/packages.scm
system.scm.sentinel:   src/guix/packages.scm src/guix/system.scm
packages.scm.sentinel system.scm.sentinel:
	rm -f `basename $@ .sentinel`*
	guix build -v3 -r`basename $@ .sentinel` -Kf src/guix/`basename $@ .sentinel`
	touch $@

.SUFFIXES: .stripped
src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \
		src/keys/SSH/root@$(TLD).id_rsa.pub.txt
	cut -d' ' -f8- < $*.txt > $@


check-unit:
check-integration:
## Run all tests.  Each test suite is isolated, so that a parallel
## build can run tests at the same time.  The required artifacts
## are created if required.
check: check-unit check-integration


clean:
	rm -rf $(derived-assets) $(side-assets)

install: all
	mkdir -p \
		'$(DESTDIR)$(DOCDIR)'
	cp -R src/web/* '$(DESTDIR)$(DOCDIR)'



$(all-secrets.txt.gpg):
	gpg -ae `src/keys/gpg-recipients.sh` < $* > $@


## Print the latest 500 lines of the application and keeps tailing it.
logs:
	ssh $(TLD) tail -fn500 /var/log/$(NAME).log

## Print *all* logs available on the server.
all-logs:
	ssh $(TLD) 'nicely cat /var/log/$(NAME).log.* && \
		nicely gzip -c /var/log/$(NAME).log' | gunzip


## Decrypt $(prod-secrets.txt) in `src/secrets/` and put them in their
## correct location in the server.
upload-secrets: $(prod-secrets.txt)
	ssh $(TLD) sudo -u secrets-keeper 'rm -f /opt/secrets/*'
	rsync \
		--rsync-path='sudo -u secrets-keeper rsync' \
		--chmod=000                                 \
		-avzP                                       \
		$(prod-secrets.txt) $(TLD):/opt/secrets/


## Generate the ".ssh/authorized_keys" file and upload
## it to $(OFFSITE_SSH).
upload-keys:
	find src/keys/SSH/*.txt | \
		LANG=POSIX.UTF-8 sort | \
		xargs cat | \
		ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys


ALWAYS: