bsdnix/Makefile

.PHONY: all deploy check clean create debug editvars test


VARS		= group_vars/all/vars.yaml
VALL		= group_vars/all/all.yaml
SECRET		= ~/.config/ansible/hcloud.secret
KEYDIR		= roles/pub/files/keys
TOKEN		= $(shell ansible-vault decrypt --output - $(VARS) | grep hetzner_cloud_token | cut -d' ' -f2)
DNSTOKEN    = $(shell ansible-vault decrypt --output - $(VARS) | grep hetzner_dns_token | cut -d' ' -f2)
SNAPNAME	= $(shell cat $(VALL) | yq .snapshot)

SNAPSHOT    = $(shell hcloud image  list -t snapshot -o yaml | \
			       yq '. | map(select(.description == "$(SNAPNAME)")) | .[].id')

OPTIONS = -i inventory -t active
CREATE_COMMAND = ansible-playbook create.yaml $(OPTIONS)
DEPLOY_COMMAND = ansible-playbook deploy.yaml $(OPTIONS)
CLEAN_COMMAND = ansible-playbook cleanup.yaml $(OPTIONS)
HOSTS_COMMAND = ansible-playbook knownhosts.yaml $(OPTIONS)
DEBUG_COMMAND = ansible-playbook debug.yaml $(OPTIONS)
SHOW_COMMAND = ansible-inventory -i inventory/hosts.hcloud.yaml --list

ENV = HCLOUD_TOKEN="$(TOKEN)" HETZNER_DNS_TOKEN="$(DNSTOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose)

all: create deploy

debug:
	$(ENV) $(DEBUG_COMMAND)

create:
	$(ENV) $(CREATE_COMMAND)

hosts:
	$(ENV) $(HOSTS_COMMAND)

# remove ssh control point, which may lead to hangs if wifi breaks during deployment
deploy:
	rm -rf ~/.ansible/cp/*
	$(ENV) $(DEPLOY_COMMAND)

clean:
	$(ENV) $(CLEAN_COMMAND)

check:
	$(ENV) ansible-playbook deploy.yaml  --syntax-check
	bin/encryptkeys $(KEYDIR) $(SECRET) check

encryptkeys:
	bin/encryptkeys $(KEYDIR) $(SECRET) encrypt

editvars:
	ansible-vault decrypt $(VARS)
	vi $(VARS)
	ansible-vault encrypt $(VARS)

showvars:
	ansible-vault decrypt $(VARS) --output -

showinventory:
	$(ENV) $(SHOW_COMMAND)
fixes: - finally fixed pf.conf - got Bastillefile working (sshd_config missing yet) - re-activated network role to set net variables - fixed make [all] - use hetzner volume for jail home - use ramdisk for /tmp inside jail 2024-11-21 19:38:55 +01:00			`.PHONY: all deploy check clean create debug editvars test`
got it running, added net, pf and jail roles 2024-11-08 20:08:56 +01:00
updated README, added tags, fixed knownhosts, added cron mount 2024-11-17 16:34:32 +01:00
added secret encrpytion script and check, incl pre-commit hook 2024-11-27 12:42:27 +01:00			`VARS = group_vars/all/vars.yaml`
			`VALL = group_vars/all/all.yaml`
			`SECRET = ~/.config/ansible/hcloud.secret`
added dns using hetzner dns, renamed pubnix => pub 2024-12-10 17:47:38 +01:00			`KEYDIR = roles/pub/files/keys`
added secret encrpytion script and check, incl pre-commit hook 2024-11-27 12:42:27 +01:00			`TOKEN = $(shell ansible-vault decrypt --output - $(VARS) \| grep hetzner_cloud_token \| cut -d' ' -f2)`
added dns using hetzner dns, renamed pubnix => pub 2024-12-10 17:47:38 +01:00			`DNSTOKEN = $(shell ansible-vault decrypt --output - $(VARS) \| grep hetzner_dns_token \| cut -d' ' -f2)`
added secret encrpytion script and check, incl pre-commit hook 2024-11-27 12:42:27 +01:00			`SNAPNAME = $(shell cat $(VALL) \| yq .snapshot)`

			`SNAPSHOT = $(shell hcloud image list -t snapshot -o yaml \| \`
updated README, use 1 place for the release name (all.yaml) 2024-11-17 17:54:49 +01:00			`yq '. \| map(select(.description == "$(SNAPNAME)")) \| .[].id')`
added creating new vps, fine tuned inventories (now using 2), + doc 2024-11-11 19:28:55 +01:00
updated README, added tags, fixed knownhosts, added cron mount 2024-11-17 16:34:32 +01:00			`OPTIONS = -i inventory -t active`
			`CREATE_COMMAND = ansible-playbook create.yaml $(OPTIONS)`
			`DEPLOY_COMMAND = ansible-playbook deploy.yaml $(OPTIONS)`
			`CLEAN_COMMAND = ansible-playbook cleanup.yaml $(OPTIONS)`
			`HOSTS_COMMAND = ansible-playbook knownhosts.yaml $(OPTIONS)`
			`DEBUG_COMMAND = ansible-playbook debug.yaml $(OPTIONS)`
fixed ip variables, now using inventory vars 2024-11-26 13:09:26 +01:00			`SHOW_COMMAND = ansible-inventory -i inventory/hosts.hcloud.yaml --list`
initial commit 2024-11-06 19:51:04 +01:00
added dns using hetzner dns, renamed pubnix => pub 2024-12-10 17:47:38 +01:00			`ENV = HCLOUD_TOKEN="$(TOKEN)" HETZNER_DNS_TOKEN="$(DNSTOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose)`
got it running, added net, pf and jail roles 2024-11-08 20:08:56 +01:00
more work, get rid of jail stuff, using vps directly 2024-11-16 11:16:54 +01:00			`all: create deploy`

made a little progress, but networking still fails 2024-11-12 19:09:20 +01:00			`debug:`
			`$(ENV) $(DEBUG_COMMAND)`

enhanced makefile, added pubnix jail role, fixed knownhosts issue 2024-11-12 14:08:53 +01:00			`create:`
			`$(ENV) $(CREATE_COMMAND)`
got it running, added net, pf and jail roles 2024-11-08 20:08:56 +01:00
enhanced makefile, added pubnix jail role, fixed knownhosts issue 2024-11-12 14:08:53 +01:00			`hosts:`
			`$(ENV) $(HOSTS_COMMAND)`
got it running, added net, pf and jail roles 2024-11-08 20:08:56 +01:00
Added ssh config (for accessing kobayashi chat) 2024-12-13 18:39:21 +01:00			`# remove ssh control point, which may lead to hangs if wifi breaks during deployment`
made a little progress, but networking still fails 2024-11-12 19:09:20 +01:00			`deploy:`
Added ssh config (for accessing kobayashi chat) 2024-12-13 18:39:21 +01:00			`rm -rf ~/.ansible/cp/*`
enhanced makefile, added pubnix jail role, fixed knownhosts issue 2024-11-12 14:08:53 +01:00			`$(ENV) $(DEPLOY_COMMAND)`
added creating new vps, fine tuned inventories (now using 2), + doc 2024-11-11 19:28:55 +01:00
			`clean:`
			`$(ENV) $(CLEAN_COMMAND)`

initial commit 2024-11-06 19:51:04 +01:00			`check:`
fixed user management, incl skel dir 2024-11-25 18:29:17 +01:00			`$(ENV) ansible-playbook deploy.yaml --syntax-check`
added secret encrpytion script and check, incl pre-commit hook 2024-11-27 12:42:27 +01:00			`bin/encryptkeys $(KEYDIR) $(SECRET) check`

			`encryptkeys:`
			`bin/encryptkeys $(KEYDIR) $(SECRET) encrypt`
added: - set file permissions - setup sysctls - set root password from vault var - added doas + config 2024-11-18 18:33:33 +01:00
			`editvars:`
			`ansible-vault decrypt $(VARS)`
			`vi $(VARS)`
			`ansible-vault encrypt $(VARS)`
desperate tries to get the v6 jail up 2024-11-19 18:38:45 +01:00
			`showvars:`
			`ansible-vault decrypt $(VARS) --output -`
fixed ip variables, now using inventory vars 2024-11-26 13:09:26 +01:00
			`showinventory:`
			`$(ENV) $(SHOW_COMMAND)`