MODULES += nginx
MODULES += keycloak
MODULES += hedgedoc
MODULES += grafana
MODULES += prometheus
MODULES += mastodon
MODULES += matrix
MODULES += nextcloud
MODULES += mobilizon
MODULES += gitea
#MODULES += pixelfed

include env.production
domain_name := $(DOMAIN_NAME)


help:
	@echo "usage: make run"
UC = $(shell echo '$1' | tr '[:lower:]' '[:upper:]')

DOCKER = \
	$(foreach m,$(MODULES),. data/$m/secrets && ) \
	docker-compose \
		--env-file env.production \
		$(foreach m,$(MODULES),--file ./$m.yaml) \

run:
	$(DOCKER) up
down:
	$(DOCKER) down
nginx-shell:
	$(DOCKER) exec nginx sh
grafana-shell:
	$(DOCKER) exec grafana bash
hedgedoc-shell:
	$(DOCKER) exec hedgedoc sh
keycloak-shell:
	$(DOCKER) exec keycloak sh
keycloak-rebuild:
	$(DOCKER) create keycloak
	$(DOCKER) restart keycloak
mastodon-shell:
	$(DOCKER) exec mastodon bash
mastodon-streaming-shell:
	$(DOCKER) exec mastodon-streaming bash
matrix-shell:
	$(DOCKER) exec matrix-synapse bash
nextcloud-shell:
	$(DOCKER) exec nextcloud bash
matrix-logs:
	$(DOCKER) logs --tail 100 -f matrix-synapse
nextcloud-logs:
	$(DOCKER) logs -f nextcloud
nginx-build: data/nginx/secrets
	$(DOCKER) build nginx

certdir		= ./data/certbot/conf/live/${DOMAIN_NAME}

run: secrets-setup

secrets-setup: $(foreach m,$(MODULES),data/$m/secrets)

# Create the per-subdomain secrets if they don't exist
# not every service requires all of these features, but create them anyway
GET_MODULE = $(call UC,$(word 2,$(subst /, ,$@)))
RAND = $$(openssl rand -hex $1)

data/%/secrets:
	mkdir -p $(dir $@)
	echo >$@ "# DO NOT CHECK IN"
	echo >>$@ "export $(GET_MODULE)_ADMIN_PASSWORD=$(call RAND,8)"
	echo >>$@ "export $(GET_MODULE)_CLIENT_SECRET=$(call RAND,20)"
	echo >>$@ "export $(GET_MODULE)_SESSION_SECRET=$(call RAND,20)"

data/gitea/secrets: data/gitea/host-setup.done
data/gitea/host-setup.done:
	sudo ./gitea/host-setup.sh
	mkdir -p $(dir $@)
	touch $@

keycloak-setup: secrets-setup
	docker exec keycloak /setup.sh

certbot:
	$(DOCKER) \
		run --entrypoint '/bin/sh -c "\
		rm -rf /etc/letsencrypt ; \
		certbot certonly \
			--webroot \
			--webroot-path /var/www/certbot \
			--email "admin@$(DOMAIN_NAME)" \
			--rsa-key-size "2048" \
			--agree-tos \
			--no-eff-email \
			--force-renewal \
			-d $(DOMAIN_NAME) \
			$(foreach m,$(MODULES),\
				-d $($(call UC,$m)_HOSTNAME).$(DOMAIN_NAME)) \
		"' certbot

nginx-reload:
	$(DOCKER) restart nginx
nextcloud-restart:
	$(DOCKER) restart nextcloud


config:
	$(DOCKER) config

FORCE: