Finishing make app refactor.

This commit is contained in:
2026-07-03 10:14:03 -07:00
parent 0f82b97ff6
commit 422d2a38d2
22 changed files with 187 additions and 160 deletions

115
Makefile
View File

@@ -3,8 +3,15 @@ TERRAFORM_ENV := production
config_dir := ./config/
apps_config := $(config_dir)apps.config
IMAGE_DEPS :=
COMPOSE_ENVS := $(shell if [ -d app/ ]; then find app/ -type f -name '.compose-env'; fi)
ALL_APPS_FILES = $(shell find all-apps/ -type f -name '*')
APP_MAKEFILES := $(shell if [ -d app/ ]; then find app/ -type f -name 'Makefile'; fi)
-include $(APP_MAKEFILES)
# .dirstamp plus && $@ is like make magic to get this rule
# to only run if the contents of all-apps changes
app/.dirstamp: copy-apps.sh $(apps_config) $(ALL_APPS_FILES)
@@ -18,67 +25,25 @@ app/.dirstamp: copy-apps.sh $(apps_config) $(ALL_APPS_FILES)
# # compose .env files
# # (compose only supports one .env file at the root by default)
app/.env: app/ghost/.compose-env
app/.env: $(apps_config) $(COMPOSE_ENVS)
find app/ -name ".compose-env" -exec cat > app/.env {} +
# Caddy / lb
app/lb/Caddyfile: $(apps_config) make-caddyfile.sh
app/lb/lb.env: $(apps_config) app/.dirstamp make-caddyfile.sh
mkdir -p app/lb
./make-caddyfile.sh $(apps_config) > app/lb/Caddyfile
./make-caddyfile.sh $(apps_config) > $@
# Instance Control
app/instance-control/webhook_secret: $(apps_config)
bash -c 'source $(apps_config); printf "%s\n" "$$INSTANCE_CONTROL_WEBHOOKS_SECRET" > $@'
app/instance-control/hooks/hooks.json: $(apps_config) make-instance-control-config.sh
./make-instance-control-config.sh $(apps_config)
# Nextcloud
app/nextcloud/nextcloud_admin_user: $(apps_config)
bash -c 'source $(apps_config); printf "%s\n" "$$NEXTCLOUD_ADMIN_USER" > $@'
app/nextcloud/nextcloud_admin_password: $(apps_config)
bash -c 'source $(apps_config); printf "%s\n" "$$NEXTCLOUD_ADMIN_PASSWORD" > $@'
app/nextcloud/postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_DB" > $@'
app/nextcloud/postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_USER" > $@'
app/nextcloud/postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_PASSWORD" > $@'
app/nextcloud/redis_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_REDIS_PASSWORD" > $@'
app/nextcloud/nextcloud.env: $(apps_config) app/nextcloud/nextcloud.env.tmpl make-nextcloud-env.sh
./make-nextcloud-env.sh $(apps_config)
# Nassella
app/nassella/postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_DB" > $@'
app/nassella/postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_USER" > $@'
app/nassella/postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_PASSWORD" > $@'
app/nassella/authelia_postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_DB" > $@'
app/nassella/authelia_postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_USER" > $@'
app/nassella/authelia_postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_PASSWORD" > $@'
app/nassella/lldap_postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_DB" > $@'
app/nassella/lldap_postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_USER" > $@'
app/nassella/lldap_postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_PASSWORD" > $@'
app/nassella/lldap_admin_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_ADMIN_PASSWORD" > $@'
app/nassella/stripe_api_key: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_STRIPE_API_KEY" > $@'
app/nassella/authelia-config/configuration.yml: $(apps_config) app/nassella/authelia-config/configuration.yml.tmpl make-nassella-authelia-config.sh
./make-nassella-authelia-config.sh $(apps_config)
app/nassella/lldap-config/lldap_config.toml: $(apps_config) app/nassella/lldap-config/lldap_config.toml.tmpl make-nassella-lldap-config.sh
./make-nassella-lldap-config.sh $(apps_config)
# Ghost
app/ghost/.compose-env: $(apps_config) app/ghost/.compose.env.tmpl make-ghost-env.sh
./make-ghost-env.sh $(apps_config)
app/lb/Caddyfile: $(apps_config) app/.dirstamp
echo "(maintenance_intercept) {" > app/lb/Caddyfile-tmp
echo "@maintenanceModeActive file /maintenance/maintenance.on {" >> app/lb/Caddyfile-tmp
echo " root /" >> app/lb/Caddyfile-tmp
echo "}" >> app/lb/Caddyfile-tmp
echo "handle @maintenanceModeActive {" >> app/lb/Caddyfile-tmp
echo " respond \"We are performing a maintenance, come back later\" 503" >> app/lb/Caddyfile-tmp
echo "}" >> app/lb/Caddyfile-tmp
echo "}" >> app/lb/Caddyfile-tmp
find app/ -name "Caddyfile" -exec cat >> app/lb/Caddyfile-tmp {} +
mv app/lb/Caddyfile-tmp $@
# Backups / Restic / Backblaze
restic-env: $(apps_config) make-restic-generated.sh
@@ -87,29 +52,9 @@ restic-password: $(apps_config) make-restic-password.sh
./make-restic-password.sh $(apps_config) > restic-password
ignition.json: cl.yaml app/.dirstamp \
$(IMAGE_DEPS) \
app/lb/lb.env \
app/lb/Caddyfile \
app/instance-control/webhook_secret \
app/instance-control/hooks/hooks.json \
app/nextcloud/nextcloud_admin_user \
app/nextcloud/nextcloud_admin_password \
app/nextcloud/postgres_db \
app/nextcloud/postgres_user \
app/nextcloud/postgres_password \
app/nextcloud/redis_password \
app/nextcloud/nextcloud.env \
app/nassella/postgres_db \
app/nassella/postgres_user \
app/nassella/postgres_password \
app/nassella/lldap_postgres_db \
app/nassella/lldap_postgres_user \
app/nassella/lldap_postgres_password \
app/nassella/authelia_postgres_db \
app/nassella/authelia_postgres_user \
app/nassella/authelia_postgres_password \
app/nassella/nassella.env \
app/nassella/authelia-config/configuration.yml \
app/nassella/lldap-config/lldap_config.toml \
app/ghost/.compose-env \
restic-env \
restic-password \
restic-restore.sh \
@@ -129,6 +74,12 @@ plan: ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
announce-start:
echo "NASSELLA_CONFIG: start"
# run this first to generate the all/ dir
# then we can 'include' all the Makefiles in all/
.PHONY: preapply
preapply: app/.dirstamp
echo "app generated"
apply: announce-start restic-init ignition.json $(config_dir)$(TERRAFORM_ENV).tfvars generated.tfvars
echo "NASSELLA_CONFIG: end"
terraform init
@@ -149,10 +100,12 @@ restic-snapshots: $(apps_config) restic-password
.PHONY: archive
archive:
echo "(" > all-apps/root-napp.scm
find all-apps/ -name "napp.scm" -exec cat >> all-apps/root-napp.scm {} +
echo ")" >> all-apps/root-napp.scm
tar -cf nassella-latest.tar all-apps cl.yaml init-restic.sh main.tf make-caddyfile.sh Makefile \
make-generated.sh make-nextcloud-env.sh make-ghost-env.sh make-restic-generated.sh make-restic-password.sh restic-snapshots.sh copy-apps.sh restic-restore.sh restic-snapshot.sh \
make-nassella-authelia-config.sh make-nassella-lldap-config.sh .terraform.lock.hcl \
make-instance-control-config.sh
make-generated.sh make-restic-generated.sh make-restic-password.sh restic-snapshots.sh copy-apps.sh restic-restore.sh restic-snapshot.sh \
.terraform.lock.hcl
cp nassella-latest.tar src/
## to help me remember the command to run to test the config locally

View File

@@ -2,6 +2,8 @@ version: '3'
services:
lb:
image: docker.io/caddy:2.11.4-alpine
env_file:
- ./lb/lb.env
volumes:
# - /app/lb:/etc/caddy
- ./lb/:/etc/caddy

View File

@@ -0,0 +1,5 @@
IMAGE_DEPS := $(IMAGE_DEPS) \
app/dozzle/Caddyfile
app/dozzle/Caddyfile: $(apps_config) app/dozzle/make-caddyfile.sh
./app/dozzle/make-caddyfile.sh $(apps_config) > $@

View File

@@ -0,0 +1,15 @@
#/bin/bash
set -e
. $1 # source the apps.config file with then env vars
host_admin_password_encoded=`echo "$HOST_ADMIN_PASSWORD" | docker run --rm -i caddy:2 caddy hash-password`
echo '{$dozzle_SUBDOMAIN}.{$ROOT_DOMAIN} {'
echo " basic_auth {"
echo " $HOST_ADMIN_USER $host_admin_password_encoded"
echo " }"
echo " reverse_proxy http://dozzle:8080"
echo "}"
echo ""

View File

@@ -0,0 +1,4 @@
{$ghost_SUBDOMAIN}.{$ROOT_DOMAIN} {
import maintenance_intercept
reverse_proxy http://ghost:2368
}

View File

@@ -0,0 +1,5 @@
IMAGE_DEPS := $(IMAGE_DEPS) \
app/ghost/.compose-env
app/ghost/.compose-env: $(apps_config) app/ghost/.compose.env.tmpl app/ghost/make-ghost-env.sh
./app/ghost/make-ghost-env.sh $(apps_config)

View File

@@ -0,0 +1,3 @@
{$instance_control_SUBDOMAIN}.{$ROOT_DOMAIN} {
reverse_proxy http://instance_control:9000
}

View File

@@ -0,0 +1,8 @@
IMAGE_DEPS := $(IMAGE_DEPS) \
app/instance-control/webhook_secret \
app/instance-control/hooks/hooks.json
app/instance-control/webhook_secret: $(apps_config)
bash -c 'source $(apps_config); printf "%s\n" "$$INSTANCE_CONTROL_WEBHOOKS_SECRET" > $@'
app/instance-control/hooks/hooks.json: $(apps_config) app/instance-control/make-instance-control-config.sh
./app/instance-control/make-instance-control-config.sh $(apps_config)

View File

@@ -0,0 +1,26 @@
{$nassella_SUBDOMAIN}.{$ROOT_DOMAIN} {
import maintenance_intercept
route {
@authelia path /authelia /authelia/*
handle @authelia {
reverse_proxy nassella_authelia:9091
}
handle /unsecured/* {
reverse_proxy http://nassella:8080
}
forward_auth nassella_authelia:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy http://nassella:8080
}
}
lldap.{$nassella_SUBDOMAIN}.{$ROOT_DOMAIN} {
import maintenance_intercept
reverse_proxy nassella_lldap:17170
}

View File

@@ -0,0 +1,42 @@
IMAGE_DEPS := $(IMAGE_DEPS) \
app/nassella/postgres_db \
app/nassella/postgres_user \
app/nassella/postgres_password \
app/nassella/lldap_postgres_db \
app/nassella/lldap_postgres_user \
app/nassella/lldap_postgres_password \
app/nassella/authelia_postgres_db \
app/nassella/authelia_postgres_user \
app/nassella/authelia_postgres_password \
app/nassella/nassella.env \
app/nassella/authelia-config/configuration.yml \
app/nassella/lldap-config/lldap_config.toml
app/nassella/postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_DB" > $@'
app/nassella/postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_USER" > $@'
app/nassella/postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_POSTGRES_PASSWORD" > $@'
app/nassella/authelia_postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_DB" > $@'
app/nassella/authelia_postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_USER" > $@'
app/nassella/authelia_postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_AUTHELIA_POSTGRES_PASSWORD" > $@'
app/nassella/lldap_postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_DB" > $@'
app/nassella/lldap_postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_USER" > $@'
app/nassella/lldap_postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_POSTGRES_PASSWORD" > $@'
app/nassella/lldap_admin_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_LLDAP_ADMIN_PASSWORD" > $@'
app/nassella/stripe_api_key: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NASSELLA_STRIPE_API_KEY" > $@'
app/nassella/authelia-config/configuration.yml: $(apps_config) app/nassella/authelia-config/configuration.yml.tmpl \
app/nassella/make-nassella-authelia-config.sh
./app/nassella/make-nassella-authelia-config.sh $(apps_config)
app/nassella/lldap-config/lldap_config.toml: $(apps_config) app/nassella/lldap-config/lldap_config.toml.tmpl \
app/nassella/make-nassella-lldap-config.sh
./app/nassella/make-nassella-lldap-config.sh $(apps_config)

View File

@@ -0,0 +1,4 @@
{$nextcloud_SUBDOMAIN}.{$ROOT_DOMAIN} {
import maintenance_intercept
reverse_proxy http://nextcloud:80
}

View File

@@ -0,0 +1,23 @@
IMAGE_DEPS := $(IMAGE_DEPS) \
app/nextcloud/nextcloud_admin_user \
app/nextcloud/nextcloud_admin_password \
app/nextcloud/postgres_db \
app/nextcloud/postgres_user \
app/nextcloud/postgres_password \
app/nextcloud/redis_password \
app/nextcloud/nextcloud.env
app/nextcloud/nextcloud_admin_user: $(apps_config)
bash -c 'source $(apps_config); printf "%s\n" "$$NEXTCLOUD_ADMIN_USER" > $@'
app/nextcloud/nextcloud_admin_password: $(apps_config)
bash -c 'source $(apps_config); printf "%s\n" "$$NEXTCLOUD_ADMIN_PASSWORD" > $@'
app/nextcloud/postgres_db: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_DB" > $@'
app/nextcloud/postgres_user: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_USER" > $@'
app/nextcloud/postgres_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_POSTGRES_PASSWORD" > $@'
app/nextcloud/redis_password: $(apps_config)
bash -c 'source ./$(apps_config); printf "%s\n" "$$NEXTCLOUD_REDIS_PASSWORD" > $@'
app/nextcloud/nextcloud.env: $(apps_config) app/nextcloud/nextcloud.env.tmpl app/nextcloud/make-nextcloud-env.sh
./app/nextcloud/make-nextcloud-env.sh $(apps_config)

View File

@@ -0,0 +1,3 @@
{$wg_easy_SUBDOMAIN}.{$ROOT_DOMAIN} {
reverse_proxy http://wg-easy:80
}

View File

@@ -27,7 +27,3 @@ for config_string in ${APP_CONFIGS[@]}; do
version=${config[2]}
cp -a all-apps/$app/$version app/$app
done
# compose .env files
# (compose only supports one .env file at the root by default)
find app/ -name ".compose-env" -exec cat > app/.env {} +

View File

@@ -21,40 +21,7 @@ host_admin_password_encoded=`echo "$HOST_ADMIN_PASSWORD" | docker run --rm -i ca
read -r -a APP_CONFIGS <<< "$APP_CONFIGS"
APP_CONFIGS+=('lb,root')
declare -A bodys
bodys["nextcloud"]=" reverse_proxy http://nextcloud:80"
bodys["wg-easy"]=" reverse_proxy http://wg-easy:80"
bodys["ghost"]=" reverse_proxy http://ghost:2368"
bodys["nassella"]=$(cat <<EOF
route {
@authelia path /authelia /authelia/*
handle @authelia {
reverse_proxy nassella_authelia:9091
}
handle /unsecured/* {
reverse_proxy http://nassella:8080
}
forward_auth nassella_authelia:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy http://nassella:8080
}
EOF
)
bodys["dozzle"]=$(cat <<EOF
basic_auth {
$HOST_ADMIN_USER $host_admin_password_encoded
}
reverse_proxy http://dozzle:8080
EOF
)
bodys["instance-control"]=" reverse_proxy http://instance_control:9000"
bodys["lb"]=" reverse_proxy http://nginx:80"
echo "ROOT_DOMAIN=\"${ROOT_DOMAIN}\""
for config_string in ${APP_CONFIGS[@]}; do
IFS=','
@@ -62,39 +29,6 @@ for config_string in ${APP_CONFIGS[@]}; do
app=${config[0]}
subdomain=${config[1]}
body=${bodys[$app]}
fulldomain="$subdomain.$ROOT_DOMAIN"
echo "$fulldomain {"
if [ "$app" != "instance-control" ] && [ "$app" != "dozzle" ]; then
# config for maintenance mode
echo "@maintenanceModeActive file /maintenance/maintenance.on {"
echo " root /"
echo "}"
echo "handle @maintenanceModeActive {"
echo " respond \"We are performing a maintenance, come back later\" 503"
echo "}"
fi
echo $body
echo "}"
# this is a hack specifically for nassella
# because lldap should be on a separate domain
# for security but this was not designed for one app
# to map to multiple caddy blocks
# currently this is hardcoded to prefix the nassella
# domain with 'lldap'
if [ "$app" = "nassella" ]; then
echo "lldap.$subdomain.$ROOT_DOMAIN {"
# config for maintenance mode
echo "@maintenanceModeActive file /maintenance/maintenance.on {"
echo " root /"
echo "}"
echo "handle @maintenanceModeActive {"
echo " respond \"We are performing a maintenance, come back later\" 503"
echo "}"
echo " reverse_proxy nassella_lldap:17170"
echo "}"
fi
echo "${app//-/_}_SUBDOMAIN=\"${subdomain}\""
done

View File

@@ -115,3 +115,5 @@ create table migrations(
insert into migrations(migration_id) values(0);
insert into migrations(migration_id) values(1);
insert into migrations(migration_id) values(2);
insert into migrations(migration_id) values(3);
insert into migrations(migration_id) values(4);

View File

@@ -1124,11 +1124,13 @@ chmod -R 777 /opt/keys")))
db
(session-user-id)
instance-id
`((wg-easy . ,(or (and (alist-ref 'wg-easy (current-params)) "15") (sql-null)))
(nextcloud . ,(or (and (alist-ref 'nextcloud (current-params)) "34") (sql-null)))
(ghost . ,(or (and (alist-ref 'ghost (current-params)) "6") (sql-null)))
(nassella . ,(or (and (alist-ref 'nassella (current-params)) "b0.0.1") (sql-null)))
(instance-control . "b0.0.1")))
(filter (lambda (app/version) (cdr app/version)) ;; filter out unused apps
`((wg-easy . ,(or (and (alist-ref 'wg-easy (current-params)) "15") #f))
(nextcloud . ,(or (and (alist-ref 'nextcloud (current-params)) "34") #f))
(ghost . ,(or (and (alist-ref 'ghost (current-params)) "6") #f))
(nassella . ,(or (and (alist-ref 'nassella (current-params)) "b0.0.1") #f))
(instance-control . "b0.0.1")
(log-viewer . "20"))))
(update-root-domain db
(session-user-id)
instance-id
@@ -1432,7 +1434,7 @@ chmod -R 777 /opt/keys")))
","
(alist-ref 'subdomain (alist-ref (car app-version) config))
","
(if (eq? (car app-version) 'log-viewer) "20" (cdr app-version)))) ;; stop doing this weirdly for dozzle haha
(cdr app-version)))
selected-apps)
" "))
("HOST_ADMIN_USER" . ,(alist-ref 'user (alist-ref 'log-viewer config)))
@@ -1538,7 +1540,7 @@ chmod -R 777 /opt/keys")))
;; (update-deployment-progress db deployment-id `((instance-backup . ,(or (and complete 'complete) 'failed))))))
;; (loop)))))
(change-directory dir)
(let ((pid (process-run "make apply > make-out 2>&1")))
(let ((pid (process-run "make preapply && make apply > make-out 2>&1")))
(with-db/transaction (lambda (db) (update-deployment-in-progress db deployment-id pid)))
(change-directory "../")
(let loop ()