TERRAFORM_ENV := production

config_dir := ./config/
apps_config := $(config_dir)apps.config

# .dirstamp plus && $@ is like make magic to get this rule
# to only run if the contents of all-apps changes
app/.dirstamp: all-apps/app.service all-apps/docker-compose.yaml \
$(wildcard all-apps/lb/*) \
$(wildcard all-apps/nextcloud/*) \
$(wildcard all-apps/wg-easy/*) \
$(wildcard all-apps/ghost/*) \
$(wildcard all-apps/nassella/*) \
all-apps/nassella/authelia-config/configuration.yml \
all-apps/nassella/lldap-config/lldap_config.toml \
$(wildcard all-apps/dozzle/*)

	rm -Rf app/
	mkdir app/
	cp all-apps/app.service app/
	cp all-apps/docker-compose.yaml app/
	cp all-apps/.env app/
	./copy-apps.sh $(apps_config) && touch $@

# compose .env files
# (compose only supports one .env file at the root by default)
all-apps/.env: all-apps/ghost/.compose-env
	find all-apps/ -name ".compose-env" -exec cat > all-apps/.env {} +

# Caddy / lb
all-apps/lb/Caddyfile: $(apps_config) make-caddyfile.sh
	mkdir -p all-apps/lb
	./make-caddyfile.sh $(apps_config) > all-apps/lb/Caddyfile

# Nextcloud
all-apps/nextcloud/nextcloud_admin_user: $(apps_config)
	bash -c 'source $(apps_config); printf "%s\n" "$$NEXTCLOUD_ADMIN_USER" > $@'
all-apps/nextcloud/nextcloud_admin_password: $(apps_config)
	bash -c 'source $(apps_config); printf "%s\n" "$$NEXTCLOUD_ADMIN_PASSWORD" > $@'
all-apps/nextcloud/postgres_db: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_DB" > $@'
all-apps/nextcloud/postgres_user: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_USER" > $@'
all-apps/nextcloud/postgres_password: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_PASSWORD" > $@'
all-apps/nextcloud/redis_password: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_REDIS_PASSWORD" > $@'
all-apps/nextcloud/nextcloud.env: $(apps_config) all-apps/nextcloud/nextcloud.env.tmpl make-nextcloud-env.sh
	./make-nextcloud-env.sh $(apps_config)

# Nassella
all-apps/nassella/postgres_db: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_DB" > $@'
all-apps/nassella/postgres_user: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_USER" > $@'
all-apps/nassella/postgres_password: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_PASSWORD" > $@'
all-apps/nassella/authelia_postgres_db: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_DB" > $@'
all-apps/nassella/authelia_postgres_user: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_USER" > $@'
all-apps/nassella/authelia_postgres_password: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_PASSWORD" > $@'
all-apps/nassella/lldap_postgres_db: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_DB" > $@'
all-apps/nassella/lldap_postgres_user: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_USER" > $@'
all-apps/nassella/lldap_postgres_password: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_PASSWORD" > $@'
all-apps/nassella/lldap_admin_password: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_ADMIN_PASSWORD" > $@'
all-apps/nassella/stripe_api_key: $(apps_config)
	bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_STRIPE_API_KEY" > $@'
all-apps/nassella/authelia-config/configuration.yml: $(apps_config) all-apps/nassella/authelia-config/configuration.yml.tmpl make-nassella-authelia-config.sh
	./make-nassella-authelia-config.sh $(apps_config)
all-apps/nassella/lldap-config/lldap_config.toml: $(apps_config) all-apps/nassella/lldap-config/lldap_config.toml.tmpl make-nassella-lldap-config.sh
	./make-nassella-lldap-config.sh $(apps_config)

# Ghost
all-apps/ghost/.compose-env: $(apps_config) all-apps/ghost/.compose.env.tmpl make-ghost-env.sh
	./make-ghost-env.sh $(apps_config)

# Backups / Restic / Backblaze
restic-env: $(apps_config) make-restic-generated.sh
	./make-restic-generated.sh $(apps_config) > restic-env
restic-password: $(apps_config) make-restic-password.sh
	./make-restic-password.sh $(apps_config) > restic-password

ignition.json: cl.yaml app/.dirstamp \
all-apps/lb/Caddyfile \
all-apps/nextcloud/nextcloud_admin_user \
all-apps/nextcloud/nextcloud_admin_password \
all-apps/nextcloud/postgres_db \
all-apps/nextcloud/postgres_user \
all-apps/nextcloud/postgres_password \
all-apps/nextcloud/redis_password \
all-apps/nextcloud/nextcloud.env \
all-apps/nassella/postgres_db \
all-apps/nassella/postgres_user \
all-apps/nassella/postgres_password \
all-apps/nassella/lldap_postgres_db \
all-apps/nassella/lldap_postgres_user \
all-apps/nassella/lldap_postgres_password \
all-apps/nassella/authelia_postgres_db \
all-apps/nassella/authelia_postgres_user \
all-apps/nassella/authelia_postgres_password \
all-apps/nassella/nassella.env \
all-apps/nassella/authelia-config/configuration.yml \
all-apps/nassella/lldap-config/lldap_config.toml \
all-apps/ghost/.compose-env \
restic-env \
restic-password \
restic-restore.sh \
all-apps/.env \
$(config_dir)ssh-keys
	cat cl.yaml | docker run --rm --volume $(config_dir)/ssh-keys:/pwd/ssh-keys --volume ${PWD}:/pwd --workdir /pwd -i quay.io/coreos/butane:latest -d /pwd > ignition.json

generated.tfvars: $(apps_config) make-generated.sh
	./make-generated.sh $(apps_config) > generated.tfvars

plan: ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
	terraform init
	bash -c "terraform plan -var-file=<(cat $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars)"

.PHONY: announce-start
announce-start:
	echo "NASSELLA_CONFIG: start"

apply: announce-start restic-init ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
	echo "NASSELLA_CONFIG: end"
	terraform init
	bash -c "terraform apply -auto-approve -input=false -var-file=<(cat $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars)"

destroy: ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
	terraform init
	bash -c "terraform destroy -auto-approve -input=false -var-file=<(cat $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars)"

.PHONY: restic-init
restic-init: $(apps_config) restic-password
	./init-restic.sh $(apps_config)

## just an easy way to see snapshots that have been taken
.PHONY: restic-snapshots
restic-snapshots: $(apps_config) restic-password
	./restic-snapshots.sh $(apps_config)

.PHONY: archive
archive:
	tar -cf nassella-latest.tar all-apps cl.yaml init-restic.sh main.tf make-caddyfile.sh Makefile \
		make-generated.sh make-nextcloud-env.sh make-ghost-env.sh make-restic-generated.sh make-restic-password.sh restic-snapshots.sh copy-apps.sh restic-restore.sh \
		make-nassella-authelia-config.sh make-nassella-lldap-config.sh .terraform.lock.hcl
	cp nassella-latest.tar src/

## to help me remember the command to run to test the config locally
testlocalhost:
	curl -k --resolve localhost:443:146.190.12.129 https://localhost

flatcarbuild: ignition.json
	cp --reflink=auto flatcar/flatcar_production_qemu_image.img.fresh flatcar/flatcar_production_qemu_image.img

flatcarrun:
	./flatcar/flatcar_production_qemu.sh -i ignition.json

