From c51cc56a1748f32ab589171e5273db22ee6cc4f2 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Mon, 19 Aug 2024 09:03:32 -0300 Subject: Simplify Makefile --- .gitignore | 8 ++-- Makefile | 124 ++++++++++++++++++++++++++--------------------------- deps.mk | 0 mkdeps.sh | 10 +++++ src/config/tld.txt | 1 - 5 files changed, 76 insertions(+), 67 deletions(-) create mode 100644 deps.mk create mode 100755 mkdeps.sh delete mode 100644 src/config/tld.txt diff --git a/.gitignore b/.gitignore index 140b063..7eaab12 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -/public/ -/src/secrets/ -/packages -/system +/*.scm +/*.sentinel +/src/secrets/*.txt +/src/config/tld.txt diff --git a/Makefile b/Makefile index da2a634..e379585 100644 --- a/Makefile +++ b/Makefile @@ -1,111 +1,111 @@ .POSIX: -NAME = server -PREFIX = /usr/local -SHAREDIR = $(PREFIX)/share -DOCDIR = $(SHAREDIR)/doc/$(NAME) +NAME = server +NAME_UC = $(NAME) +TLD = euandre.org +OFFSITE_SSH = zh3051@zh3051.rsync.net +APP = app -all: public src/keys/SSH/root@euandre.org.id_rsa.pub.stripped +.SUFFIXES: -packages system: ALWAYS \ - src/keys/SSH/root@euandre.org.id_rsa.pub.stripped - rm -f $@ - guix build -r $@ -v3 -f src/guix/$@.scm -src/keys/SSH/root@euandre.org.id_rsa.pub.stripped: \ - src/keys/SSH/root@euandre.org.id_rsa.pub.txt - cut -d' ' -f8- < $(@D)/`basename $(@F) .stripped`.txt > $@ +all: +include deps.mk -install: all - mkdir -p \ - '$(DESTDIR)$(DOCDIR)' - cp -R public/* '$(DESTDIR)$(DOCDIR)' -uninstall: - rm -rf \ - '$(DESTDIR)$(DOCDIR)' +prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=) +repo-secrets.txt = $(repo-secrets.txt.gpg:.gpg=) -assert-scripts = \ - tests/assert-shellcheck.sh \ +derived-assets = \ + src/config/tld.txt \ + system.scm.sentinel \ -$(assert-scripts): ALWAYS - sh $@ +side-assets = \ + $(prod-secrets.txt) \ + $(repo-secrets.txt) \ + system.scm \ -check: all $(assert-scripts) -installcheck-docdir: - test -e '$(DESTDIR)$(DOCDIR)'/index.html +## Default target. Builds all artifacts required for testing +## and installation. +all: $(derived-assets) -installcheck: installcheck-docdir -clean: - rm -rf \ - public/ src/secrets/*.txt packages system \ +$(derived-assets): Makefile +src/config/tld.txt: + echo '$(TLD)' > $@ -public/favicon.svg: - mkdir -p $(@D) - cp doc/favicon.svg $@ +system.scm.sentinel: src/guix/system.scm src/config/tld.txt + rm -f `basename $@ .sentinel`* + guix build -v3 -r`basename $@ .sentinel` -Kf src/guix/`basename $@ .sentinel` + touch $@ -public/style.css: - mkdir -p $(@D) - echo td -S > $@ +.SUFFIXES: .stripped +src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \ + src/keys/SSH/root@$(TLD).id_rsa.pub.txt + cut -d' ' -f8- < $*.txt > $@ -html-deps = \ - public/favicon.svg \ - public/style.css \ -public/index.html: README.md $(html-deps) - sh doc/md2html.sh -T 'README' < README.md > $@ -public/TODOs.html: TODOs.md $(html-deps) - td -H | sh doc/md2html.sh -T 'TODOs' > $@ +check-unit: -public/ci: - sh src/infrastructure/scripts/report.sh -o $@ +check-integration: -public: \ - public/index.html public/TODOs.html public/ci +## Run all tests. Each test suite is isolated, so that a parallel +## build can run tests at the same time. The required artifacts +## are created if missing. +check: check-unit check-integration -prod-secrets.txt.gpg = \ - src/secrets/nginx.conf.txt.gpg \ - src/secrets/borg-passphrase.txt.gpg \ - src/secrets/root@euandre.org.id_rsa.txt.gpg -prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=) - -repo-secrets = \ - $(prod-secrets.txt.gpg) \ +## Remove *all* derived artifacts produced during the build. +## A dedicated test asserts that this is always true. +clean: + rm -rf $(derived-assets) $(side-assets) .SUFFIXES: .gpg - .gpg: gpg -d < $< > $@ -$(repo-secrets): - gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@ +$(all-secrets.txt.gpg): + gpg -aer eu@euandre.org < $* > $@ + + +## Prints the latest 500 lines of the application and keeps tailing it. +logs: + ssh $(TLD) tail -fn500 /var/log/$(APP).log + +## Print *all* logs available on the server. +all-logs: + ssh $(TLD) 'nicely cat /var/log/$(APP).log.* && \ + nicely gzip -c /var/log/$(APP).log' | gunzip +## Decrypt $(prod-secrets.txt) in `src/secrets/` and put them in their +## correct location in the server. upload-secrets: $(prod-secrets.txt) - ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*' + ssh $(TLD) sudo -u secrets-keeper 'rm -f /opt/secrets/*' rsync \ --rsync-path='sudo -u secrets-keeper rsync' \ --chmod=000 \ -avzP \ - $(prod-secrets.txt) euandre.org:/opt/secrets/ + $(prod-secrets.txt) $(TLD):/opt/secrets/ ## Generate the ".ssh/authorized_keys" file and upload -## it to rsync.net. +## it to $(OFFSITE_SSH). upload-keys: - cat src/keys/SSH/*.txt | ssh suyin dd of=.ssh/authorized_keys + find src/keys/SSH/*.txt | \ + LANG=POSIX.UTF-8 sort | \ + xargs cat | \ + ssh $(OFFSITE_SSH) dd of=.ssh/authorized_keys ALWAYS: diff --git a/deps.mk b/deps.mk new file mode 100644 index 0000000..e69de29 diff --git a/mkdeps.sh b/mkdeps.sh new file mode 100755 index 0000000..a6b23d5 --- /dev/null +++ b/mkdeps.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eu + +export LANG=POSIX.UTF-8 + +varlist() { + printf '%s = \\\n' "$1" + sed 's|^\(.*\)$|\t\1 \\|' + printf '\n' +} diff --git a/src/config/tld.txt b/src/config/tld.txt deleted file mode 100644 index fd7ea0f..0000000 --- a/src/config/tld.txt +++ /dev/null @@ -1 +0,0 @@ -euandre.org -- cgit v1.2.3