blob: 7cb462e6101e49375a61b366d39c71509d6e3038 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
.POSIX:
NAME = servers
PREFIX = /usr/local
SHAREDIR = $(PREFIX)/share
DOCDIR = $(SHAREDIR)/doc/$(NAME)
all: public
packages system: ALWAYS \
src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped
rm -f $@
guix build -r $@ -v3 -f src/infrastructure/guix/$@.scm
src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped: \
src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.txt
cut -d' ' -f6- < $(@D)/`basename $(@F) .stripped`.txt > $@
install: all
mkdir -p \
'$(DESTDIR)$(DOCDIR)'
cp -R public/* '$(DESTDIR)$(DOCDIR)'
uninstall:
rm -rf \
'$(DESTDIR)$(DOCDIR)'
assert-scripts = \
tests/assert-shellcheck.sh \
$(assert-scripts): ALWAYS
sh $@
check: all $(assert-scripts)
installcheck-docdir:
test -e '$(DESTDIR)$(DOCDIR)'/index.html
installcheck: installcheck-docdir
clean:
rm -rf \
public/ src/secrets/*.txt packages system \
public:
mkdir -p public
echo xablau > public/index.html
prod-secrets.txt.gpg = \
src/secrets/borg-passphrase.txt.gpg \
src/secrets/root@euandre.org.id_rsa.txt.gpg
prod-secrets.txt = $(prod-secrets.txt.gpg:.gpg=)
repo-secrets = \
$(prod-secrets.txt.gpg) \
.SUFFIXES: .gpg
.gpg:
gpg -d < $< > $@
$(repo-secrets):
gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@
upload-secrets: $(prod-secrets.txt)
ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*'
rsync \
--rsync-path='sudo -u secrets-keeper rsync' \
--chmod=000 \
-avzP \
$(prod-secrets.txt) euandre.org:/opt/secrets/
## Generate the ".ssh/authorized_keys" file and upload
## it to rsync.net.
upload-keys:
cat src/infrastructure/keys/SSH/*.txt | ssh suyin dd of=.ssh/authorized_keys
ALWAYS:
|
