Simplify Makefile

5 files changed, 76 insertions, 67 deletions

diff --git a/.gitignore b/.gitignore
index 140b063..7eaab12 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-/public/
-/src/secrets/
-/packages
-/system
+/*.scm
+/*.sentinel
+/src/secrets/*.txt
+/src/config/tld.txt
diff --git a/Makefile b/Makefile
index da2a634..e379585 100644
--- a/Makefile
+++ b/Makefile
@@ -1,111 +1,111 @@
 .POSIX:
-NAME        = server
-PREFIX      = /usr/local
-SHAREDIR    = $(PREFIX)/share
-DOCDIR      = $(SHAREDIR)/doc/$(NAME)
+NAME         = server
+NAME_UC      = $(NAME)
+TLD          = euandre.org
+OFFSITE_SSH  = zh3051@zh3051.rsync.net
+APP          = app
 
 
 
-all: public src/keys/SSH/root@euandre.org.id_rsa.pub.stripped
+.SUFFIXES:
 
 
-packages system: ALWAYS \
-		src/keys/SSH/root@euandre.org.id_rsa.pub.stripped
-	rm -f $@
-	guix build -r $@ -v3 -f src/guix/$@.scm
 
-src/keys/SSH/root@euandre.org.id_rsa.pub.stripped: \
-		src/keys/SSH/root@euandre.org.id_rsa.pub.txt
-	cut -d' ' -f8- < $(@D)/`basename $(@F) .stripped`.txt > $@
+all:
+include deps.mk
 
-install: all
-	mkdir -p \
-		'$(DESTDIR)$(DOCDIR)'
-	cp -R public/* '$(DESTDIR)$(DOCDIR)'
 
-uninstall:
-	rm -rf \
-		'$(DESTDIR)$(DOCDIR)'
+prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
+repo-secrets.txt = $(repo-secrets.txt.gpg:.gpg=)
 
 
-assert-scripts = \
-	tests/assert-shellcheck.sh \
+derived-assets = \
+	src/config/tld.txt             \
+	system.scm.sentinel            \
 
-$(assert-scripts): ALWAYS
-	sh $@
+side-assets = \
+	$(prod-secrets.txt)            \
+	$(repo-secrets.txt)            \
+	system.scm                     \
 
-check: all $(assert-scripts)
 
 
-installcheck-docdir:
-	test -e '$(DESTDIR)$(DOCDIR)'/index.html
+## Default target.  Builds all artifacts required for testing
+## and installation.
+all: $(derived-assets)
 
-installcheck: installcheck-docdir
 
-clean:
-	rm -rf \
-		public/ src/secrets/*.txt packages system                      \
+$(derived-assets): Makefile
 
+src/config/tld.txt:
+	echo '$(TLD)' > $@
 
-public/favicon.svg:
-	mkdir -p $(@D)
-	cp doc/favicon.svg $@
+system.scm.sentinel: src/guix/system.scm src/config/tld.txt
+	rm -f `basename $@ .sentinel`*
+	guix build -v3 -r`basename $@ .sentinel` -Kf src/guix/`basename $@ .sentinel`
+	touch $@
 
-public/style.css:
-	mkdir -p $(@D)
-	echo td -S > $@
+.SUFFIXES: .stripped
+src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \
+		src/keys/SSH/root@$(TLD).id_rsa.pub.txt
+	cut -d' ' -f8- < $*.txt > $@
 
-html-deps = \
-	public/favicon.svg \
-	public/style.css   \
 
-public/index.html: README.md $(html-deps)
-	sh doc/md2html.sh -T 'README' < README.md > $@
 
-public/TODOs.html: TODOs.md $(html-deps)
-	td -H | sh doc/md2html.sh -T 'TODOs' > $@
+check-unit:
 
-public/ci:
-	sh src/infrastructure/scripts/report.sh -o $@
+check-integration:
 
-public: \
-		public/index.html public/TODOs.html public/ci
+## Run all tests.  Each test suite is isolated, so that a parallel
+## build can run tests at the same time.  The required artifacts
+## are created if missing.
+check: check-unit check-integration
 
 
-prod-secrets.txt.gpg = \
-	src/secrets/nginx.conf.txt.gpg      \
-	src/secrets/borg-passphrase.txt.gpg \
-	src/secrets/root@euandre.org.id_rsa.txt.gpg
-prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
-
-repo-secrets = \
-	$(prod-secrets.txt.gpg)                    \
 
+## Remove *all* derived artifacts produced during the build.
+## A dedicated test asserts that this is always true.
+clean:
+	rm -rf $(derived-assets) $(side-assets)
 
 
 
 .SUFFIXES: .gpg
-
 .gpg:
 	gpg -d < $< > $@
 
-$(repo-secrets):
-	gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@
+$(all-secrets.txt.gpg):
+	gpg -aer eu@euandre.org < $* > $@
+
+
+## Prints the latest 500 lines of the application and keeps tailing it.
+logs:
+	ssh $(TLD) tail -fn500 /var/log/$(APP).log
+
+## Print *all* logs available on the server.
+all-logs:
+	ssh $(TLD) 'nicely cat /var/log/$(APP).log.* && \
+		nicely gzip -c /var/log/$(APP).log' | gunzip
 
 
+## Decrypt $(prod-secrets.txt) in `src/secrets/` and put them in their
+## correct location in the server.
 upload-secrets: $(prod-secrets.txt)
-	ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*'
+	ssh $(TLD) sudo -u secrets-keeper 'rm -f /opt/secrets/*'
 	rsync \
 		--rsync-path='sudo -u secrets-keeper rsync' \
 		--chmod=000                                 \
 		-avzP                                       \
-		$(prod-secrets.txt) euandre.org:/opt/secrets/
+		$(prod-secrets.txt) $(TLD):/opt/secrets/
 
 
 ## Generate the ".ssh/authorized_keys" file and upload
-## it to rsync.net.
+## it to $(OFFSITE_SSH).
 upload-keys:
-	cat src/keys/SSH/*.txt | ssh suyin dd of=.ssh/authorized_keys
+	find src/keys/SSH/*.txt | \
+		LANG=POSIX.UTF-8 sort | \
+		xargs cat | \
+		ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys
 
 
 ALWAYS:
diff --git a/deps.mk b/deps.mk
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/deps.mk
diff --git a/mkdeps.sh b/mkdeps.sh
new file mode 100755
index 0000000..a6b23d5
--- /dev/null
+++ b/mkdeps.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -eu
+
+export LANG=POSIX.UTF-8
+
+varlist() {
+	printf '%s = \\\n' "$1"
+	sed 's|^\(.*\)$|\t\1 \\|'
+	printf '\n'
+}
diff --git a/src/config/tld.txt b/src/config/tld.txt
deleted file mode 100644
index fd7ea0f..0000000
--- a/src/config/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-euandre.org