stack/Makefile

151 lines
3.9 KiB
Makefile
Raw Normal View History

2023-03-10 04:43:38 +00:00
include $(PWD)/src/toolchain/Makefile
2023-02-17 06:09:13 +00:00
BACKEND_TF := $(wildcard infra/backend/*.tf)
2023-04-14 03:22:35 +00:00
MAIN_TF := $(wildcard infra/main/*.tf)
2023-02-17 06:09:13 +00:00
ENVIRONMENT := production
2023-03-10 04:43:38 +00:00
REGION := sfo3
ROOT_DIR := $(shell pwd)
TERRAFORM := $(ROOT_DIR)/out/terraform
2023-05-06 20:35:46 +00:00
SOPS := $(ROOT_DIR)/out/sops
KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \
88823A75ECAA786B0FF38B148E401478A3FBEF72 \
2023-03-17 03:37:07 +00:00
3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
2023-02-17 06:09:13 +00:00
2023-03-10 07:43:21 +00:00
.DEFAULT_GOAL :=
.PHONY: default
default: \
toolchain \
2023-03-17 03:37:07 +00:00
$(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \
2023-03-17 04:14:39 +00:00
$(OUT_DIR)/website/.well-known/openpgpkey \
2023-03-10 07:43:21 +00:00
apply
2023-02-17 06:09:13 +00:00
.PHONY:
clean:
rm -rf $(CACHE_DIR)
.PHONY:
credentials: \
$(CACHE_DIR)/secrets/credentials.tfvars
$(KEY_DIR)/%.asc:
$(call fetch_pgp_key,$(basename $(notdir $@)))
2023-07-26 07:15:02 +00:00
$(OUT_DIR)/website/.well-known/matrix/server \
$(OUT_DIR)/website/.well-known/matrix/server:
mkdir -p $(OUT_DIR)/website/.well-known/matrix
cp -R \
$(SRC_DIR)/well-known/matrix/* \
$(OUT_DIR)/website/.well-known/matrix/
2023-03-17 04:14:39 +00:00
$(OUT_DIR)/website/.well-known/openpgpkey:
2023-03-17 03:37:07 +00:00
$(call toolchain," \
sq wkd \
2023-03-17 04:14:39 +00:00
generate $(OUT_DIR)/website distrust.co \
2023-03-17 03:37:07 +00:00
<(cat $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS))) \
")
2023-05-05 03:31:53 +00:00
$(OUT_DIR)/website/index.html: \
2023-07-26 07:15:02 +00:00
$(OUT_DIR)/website/.well-known/openpgpkey \
$(OUT_DIR)/website/.well-known/matrix/server \
$(OUT_DIR)/website/.well-known/matrix/client
2023-04-14 04:19:08 +00:00
$(call toolchain," \
cd $(SRC_DIR)/website \
&& jekyll build \
&& cp -R _site/* /home/build/out/website/ \
")
2023-03-10 04:43:38 +00:00
infra/backend/.terraform: \
$(OUT_DIR)/terraform \
$(BACKEND_TF)
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) init -upgrade \
'
2023-02-17 06:09:13 +00:00
infra/main/.terraform: | \
2023-03-10 07:43:21 +00:00
$(OUT_DIR)/terraform \
2023-04-14 03:22:35 +00:00
config/$(ENVIRONMENT).tfbackend \
$(MAIN_TF)
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/main $(TERRAFORM) init -upgrade \
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \
'
2023-03-10 07:43:21 +00:00
2023-03-10 04:43:38 +00:00
infra/backend/$(ENVIRONMENT).tfstate: \
$(OUT_DIR)/terraform \
2023-05-06 20:35:46 +00:00
$(OUT_DIR)/sops \
2023-03-10 04:43:38 +00:00
infra/backend/.terraform
2023-05-07 07:37:07 +00:00
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
2023-05-06 20:35:46 +00:00
env -C infra/backend \
$(TERRAFORM) apply \
2023-03-10 04:43:38 +00:00
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
2023-05-06 20:35:46 +00:00
-state ../../$@ \
'
2023-02-17 06:09:13 +00:00
config/$(ENVIRONMENT).tfbackend: | \
2023-03-10 04:43:38 +00:00
$(OUT_DIR)/terraform
2023-05-06 20:35:46 +00:00
$(OUT_DIR)/sops \
2023-04-14 03:47:41 +00:00
# File is not committed and this has no shared state
$(MAKE) infra/backend/$(ENVIRONMENT).tfstate
2023-05-07 07:37:07 +00:00
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
2023-05-06 20:35:46 +00:00
env -C infra/backend \
$(TERRAFORM) \
2023-03-10 07:43:21 +00:00
output -state ../../$< \
2023-05-06 20:35:46 +00:00
> $@ \
'
2023-02-17 06:09:13 +00:00
.PHONY:
2023-03-10 07:43:21 +00:00
apply: \
$(OUT_DIR)/terraform \
2023-05-06 20:35:46 +00:00
$(OUT_DIR)/sops \
2023-03-10 07:43:21 +00:00
infra/main/.terraform
2023-05-07 07:37:07 +00:00
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
2023-05-06 20:35:46 +00:00
env -C infra/main \
$(TERRAFORM) apply \
2023-03-17 04:14:39 +00:00
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
2023-05-06 20:35:46 +00:00
-var region=$(REGION) \
'
$(SOPS) --encrypt infra/main/talos/talosconfig > secrets/$(ENVIRONMENT).talosconfig
$(SOPS) --encrypt infra/main/talos/kubeconfig > secrets/$(ENVIRONMENT).kubeconfig
$(SOPS) --encrypt infra/main/talos/controlplane.yaml > secrets/$(ENVIRONMENT).controlplane.yaml
$(SOPS) --encrypt infra/main/talos/worker.yaml > secrets/$(ENVIRONMENT).worker.yaml
2023-02-17 06:09:13 +00:00
$(CACHE_DIR)/secrets:
mkdir -p $@
$(FETCH_DIR)/terraform:
$(call git_clone,$@,$(TERRAFORM_REPO),$(TERRAFORM_REF))
2023-05-05 19:09:21 +00:00
$(FETCH_DIR)/sops:
$(call git_clone,$@,$(SOPS_REPO),$(SOPS_REF))
2023-02-17 06:09:13 +00:00
$(OUT_DIR)/terraform: $(FETCH_DIR)/terraform
2023-03-10 05:06:33 +00:00
$(call toolchain," \
2023-02-17 06:09:13 +00:00
cd $(FETCH_DIR)/terraform && \
export SSL_CERT_DIR=/etc/ssl/certs && \
2023-03-10 03:49:01 +00:00
export CGO_ENABLED=0 && \
2023-03-10 05:06:33 +00:00
export GOCACHE=/home/build/$(CACHE_DIR) && \
export GOPATH=/home/build/$(CACHE_DIR) && \
2023-03-10 03:49:01 +00:00
go build \
-v \
-trimpath \
-ldflags='-w -extldflags=-static' \
-o /home/build/$@ \
2023-02-17 06:09:13 +00:00
")
2023-05-05 19:09:21 +00:00
2023-05-05 11:18:28 +00:00
$(OUT_DIR)/sops: $(FETCH_DIR)/sops
$(call toolchain," \
cd $(FETCH_DIR)/sops && \
export CGO_ENABLED=0 && \
export GOCACHE=/home/build/$(CACHE_DIR) && \
export GOPATH=/home/build/$(CACHE_DIR) && \
2023-05-05 19:09:21 +00:00
go build \
-v \
-trimpath \
-ldflags='-w -extldflags=-static' \
2023-05-05 11:18:28 +00:00
-o /home/build/$@ $(SOPS_PKG) \
2023-05-05 19:09:21 +00:00
")