.POSIX:
NAME         = papo.im
NAME_UC      = $(NAME)
URL          = $(NAME)
TLD          = $(URL)
LIST         = list@$(URL)

OFFSITE_SSH  = 00000@aa0000.rsync.net



.SUFFIXES:
.SUFFIXES: .in .gpg .md .html

.in:
	sed \
		-e 's:@OFFSITE_SSH@:$(OFFSITE_SSH):g' \
		-e 's:@VERSION@:$(VERSION):g'         \
		-e 's:@DATE@:$(DATE):g'               \
		-e 's:@NAME@:$(NAME):g'               \
		-e 's:@LIST@:$(LIST):g'               \
		-e 's:@URL@:$(URL):g'                 \
		-e 's:@TLD@:$(TLD):g'                 \
		< $< > $@
	if [ -x $< ]; then chmod +x $@; fi

.gpg:
	gpg -d < $< > $@

.md.html:
	sh aux/commonmark.sh -N'$(NAME_UC)' -t$(*F) -l en < $< > $@



prod-secrets.txt.gpg = \
	src/secrets/borg-passphrase.txt.gpg    \
	src/secrets/root@$(TLD).id_rsa.txt.gpg \

all-secrets.txt.gpg = \
	$(prod-secrets.txt.gpg)       \
	src/secrets/rsync.net.txt.gpg \
	src/secrets/VPS-root.txt.gpg  \

prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
all-secrets.txt  =  $(all-secrets.txt.gpg:.gpg=)


derived-assets = \
	mkdir-public.sentinel       \
	system.sentinel             \
	public                      \
	aux/preamble.md             \
	CHANGELOG.html              \



all: $(derived-assets)

$(derived-assets) src/config/conf.env: Makefile


src/config/tld.txt: Makefile
	echo '$(TLD)' > $@

system.sentinel: src/guix/system.scm src/config/tld.txt src/config/conf.env \
		src/keys/SSH/root@$(URL).id_rsa.pub.stripped
	guix build -v3 -f src/guix/system.scm
	touch $@

.SUFFIXES: .stripped
src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \
		src/keys/SSH/root@$(TLD).id_rsa.pub.txt
	cut -d' ' -f8- < $*.txt > $@


## Run all tests.  Each test suite is isolated, so that a parallel
## build can run tests at the same time.  The required artifacts
## are created if required.
check:


clean:
	rm -rf $(derived-assets) $(all-secrets.txt)


mkdir-public.sentinel:
	mkdir -p public/
	touch $@

public/CHANGELOG.html: mkdir-public.sentinel CHANGELOG.html
	cp $(@F) $@

public/TODOs.html:
public/ci: mkdir-public.sentinel
	sh src/scripts/report.sh -o $@


## Generates the `public/` directory, which contains all static HTML files.
public: public/CHANGELOG.html public/TODOs.html public/ci

$(all-secrets.txt.gpg):
	gpg -ae `src/keys/gpg-recipients.sh` < $* > $@

## Import the GPG keys to allow encrypting secrets to them.
import:
	sh src/keys/gpg-import.sh


## Print the latest 500 lines of the application and keeps tailing it.
logs:
	ssh $(TLD) tail -n500 /var/log/$(NAME).log

## Print *all* logs available on the server.
all-logs:
	ssh $(TLD) \
		'gunzip -c /var/log/$(NAME).log.*; cat /var/log/$(NAME).log' | \
			sort


## Decrypt $(prod-secrets.txt) in `src/secrets/` and put them in their
## correct location in the server.
upload-secrets: $(prod-secrets.txt)
	ssh $(TLD) sudo -u secrets-keeper 'rm -f /opt/secrets/*'
	rsync \
		--rsync-path='sudo -u secrets-keeper rsync' \
		--chmod=000                                 \
		-avzP                                       \
		$(prod-secrets.txt) $(TLD):/opt/secrets/
	rm -f $(prod-secrets.txt)

## Generate the `.ssh/authorized_keys` file and upload it to $(OFFSITE_SSH).
upload-keys:
	cat src/keys/SSH/*.txt | \
		ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys

## Deploy everything that is deployable from the repository when
## open in the local development machine.
deploy: upload-secrets upload-keys
	@printf '\nRunning `git push` to update the deployment.\n'
	git push


MAKEFILE = Makefile
## Show this help.
help:
	cat $(MAKEFILE) | sh aux/makehelp.sh


ALWAYS: