include $(PWD)/src/toolchain/Makefile BACKEND_TF := $(wildcard infra/backend/*.tf) MAIN_TF := $(wildcard infra/main/*.tf) ENVIRONMENT := production REGION := sfo3 ROOT_DIR := $(shell pwd) TERRAFORM := $(ROOT_DIR)/out/terraform SOPS := $(ROOT_DIR)/out/sops KEYS := \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \ 88823A75ECAA786B0FF38B148E401478A3FBEF72 \ 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA .DEFAULT_GOAL := .PHONY: default default: \ toolchain \ $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \ $(OUT_DIR)/website/.well-known/openpgpkey \ apply .PHONY: clean: rm -rf $(CACHE_DIR) .PHONY: credentials: \ $(CACHE_DIR)/secrets/credentials.tfvars $(KEY_DIR)/%.asc: $(call fetch_pgp_key,$(basename $(notdir $@))) $(OUT_DIR)/website/.well-known/matrix/server \ $(OUT_DIR)/website/.well-known/matrix/server: mkdir -p $(OUT_DIR)/website/.well-known/matrix cp -R \ $(SRC_DIR)/well-known/matrix/* \ $(OUT_DIR)/website/.well-known/matrix/ $(OUT_DIR)/website/.well-known/openpgpkey: $(call toolchain," \ sq wkd \ generate $(OUT_DIR)/website distrust.co \ <(cat $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS))) \ ") $(OUT_DIR)/website/index.html: \ $(OUT_DIR)/website/.well-known/openpgpkey \ $(OUT_DIR)/website/.well-known/matrix/server \ $(OUT_DIR)/website/.well-known/matrix/client $(call toolchain," \ cd $(SRC_DIR)/website \ && jekyll build \ && cp -R _site/* /home/build/out/website/ \ ") infra/backend/.terraform: \ $(OUT_DIR)/terraform \ $(BACKEND_TF) $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/backend $(TERRAFORM) init -upgrade \ ' infra/main/.terraform: | \ $(OUT_DIR)/terraform \ config/$(ENVIRONMENT).tfbackend \ $(MAIN_TF) $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/main $(TERRAFORM) init -upgrade \ -backend-config="../../config/$(ENVIRONMENT).tfbackend" \ ' infra/backend/$(ENVIRONMENT).tfstate: \ $(OUT_DIR)/terraform \ $(OUT_DIR)/sops \ infra/backend/.terraform $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/backend \ $(TERRAFORM) apply \ -var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \ -var region=$(REGION) \ -state ../../$@ \ ' config/$(ENVIRONMENT).tfbackend: | \ $(OUT_DIR)/terraform $(OUT_DIR)/sops \ # File is not committed and this has no shared state $(MAKE) infra/backend/$(ENVIRONMENT).tfstate $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/backend \ $(TERRAFORM) \ output -state ../../$< \ > $@ \ ' .PHONY: apply: \ $(OUT_DIR)/terraform \ $(OUT_DIR)/sops \ infra/main/.terraform $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/main \ $(TERRAFORM) apply \ -var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \ -var region=$(REGION) \ ' $(SOPS) --encrypt infra/main/talos/talosconfig > secrets/$(ENVIRONMENT).talosconfig $(SOPS) --encrypt infra/main/talos/kubeconfig > secrets/$(ENVIRONMENT).kubeconfig $(SOPS) --encrypt infra/main/talos/controlplane.yaml > secrets/$(ENVIRONMENT).controlplane.yaml $(SOPS) --encrypt infra/main/talos/worker.yaml > secrets/$(ENVIRONMENT).worker.yaml $(CACHE_DIR)/secrets: mkdir -p $@ $(FETCH_DIR)/terraform: $(call git_clone,$@,$(TERRAFORM_REPO),$(TERRAFORM_REF)) $(FETCH_DIR)/sops: $(call git_clone,$@,$(SOPS_REPO),$(SOPS_REF)) $(OUT_DIR)/terraform: $(FETCH_DIR)/terraform $(call toolchain," \ cd $(FETCH_DIR)/terraform && \ export SSL_CERT_DIR=/etc/ssl/certs && \ export CGO_ENABLED=0 && \ export GOCACHE=/home/build/$(CACHE_DIR) && \ export GOPATH=/home/build/$(CACHE_DIR) && \ go build \ -v \ -trimpath \ -ldflags='-w -extldflags=-static' \ -o /home/build/$@ \ ") $(OUT_DIR)/sops: $(FETCH_DIR)/sops $(call toolchain," \ cd $(FETCH_DIR)/sops && \ export CGO_ENABLED=0 && \ export GOCACHE=/home/build/$(CACHE_DIR) && \ export GOPATH=/home/build/$(CACHE_DIR) && \ go build \ -v \ -trimpath \ -ldflags='-w -extldflags=-static' \ -o /home/build/$@ $(SOPS_PKG) \ ")