MODULES += nginx
MODULES += keycloak
MODULES += hedgedoc
MODULES += grafana
MODULES += prometheus
MODULES += mastodon
MODULES += matrix
MODULES += nextcloud
MODULES += mobilizon
MODULES += gitea
MODULES += nitter
MODULES += pixelfed

include env.production
domain_name := $(DOMAIN_NAME)


help:
	@echo "usage: make run"
UC = $(shell echo '$1' | tr '[:lower:]' '[:upper:]')

DOCKER = \
	$(foreach m,$(MODULES),. secrets/$m && ) \
	docker-compose \
		--env-file env.production \
		$(foreach m,$(MODULES),--file ./$m.yaml) \

run:
	$(DOCKER) up
down:
	$(DOCKER) down
nginx-shell:
	$(DOCKER) exec nginx sh
nginx-logs:
	$(DOCKER) logs -f --tail 1000 nginx
mastodon-logs:
	$(DOCKER) logs -f --tail 1000 mastodon
grafana-shell:
	$(DOCKER) exec grafana bash
hedgedoc-shell:
	$(DOCKER) exec hedgedoc sh
keycloak-shell:
	$(DOCKER) exec keycloak sh
keycloak-rebuild:
	$(DOCKER) create keycloak
	$(DOCKER) restart keycloak
mastodon-es-rebuild:
	$(DOCKER) create mastodon-es
	$(DOCKER) restart mastodon-es
mastodon-shell:
	$(DOCKER) exec mastodon bash
mastodon-streaming-shell:
	$(DOCKER) exec mastodon-streaming bash
matrix-shell:
	$(DOCKER) exec matrix-synapse bash
nextcloud-shell:
	$(DOCKER) exec nextcloud bash
matrix-logs:
	$(DOCKER) logs --tail 100 -f matrix-synapse
nextcloud-logs:
	$(DOCKER) logs -f nextcloud
nginx-build: secrets/nginx
	$(DOCKER) build nginx

certdir		= ./data/certbot/conf/live/${DOMAIN_NAME}

run: secrets-setup

secrets-setup: $(foreach m,$(MODULES),secrets/$m)

# Create the per-subdomain secrets if they don't exist
# not every service requires all of these features, but create them anyway
GET_MODULE = $(call UC,$(word 2,$(subst /, ,$@)))
RAND = $$(openssl rand -hex $1)

secrets/%:
	mkdir -p $(dir $@)
	echo >$@ "# DO NOT CHECK IN"
	echo >>$@ "export $(GET_MODULE)_ADMIN_PASSWORD=$(call RAND,8)"
	echo >>$@ "export $(GET_MODULE)_CLIENT_SECRET=$(call RAND,20)"
	echo >>$@ "export $(GET_MODULE)_SESSION_SECRET=$(call RAND,20)"

secrets/gitea: data/gitea/host-setup.done
data/gitea/host-setup.done:
	sudo ./gitea/host-setup.sh
	mkdir -p $(dir $@)
	touch $@

secrets/pixelfed: secrets/pixelfed.app
secrets/pixelfed.app:
	echo 'APP_KEY=base64:$(shell openssl rand -base64 32)' > $@

keycloak-setup: secrets-setup
	docker exec keycloak /setup.sh

# Determine the extra hostnames that need to be included in the SSL cert
# see sites/README.md for an explanation of how to add additional sites
EXTRA_HOSTNAMES=$(foreach f,$(wildcard sites/*.conf),$(notdir $(f:.conf=)))

certbot:
	$(DOCKER) \
		run --entrypoint '/bin/sh -c "\
		rm -rf /etc/letsencrypt ; \
		certbot certonly \
			--webroot \
			--webroot-path /var/www/certbot \
			--email "admin@$(DOMAIN_NAME)" \
			--rsa-key-size "2048" \
			--agree-tos \
			--no-eff-email \
			--force-renewal \
			-d $(DOMAIN_NAME) \
			$(foreach m,$(MODULES),\
				-d $($(call UC,$m)_HOSTNAME).$(DOMAIN_NAME)) \
			$(foreach m,$(EXTRA_HOSTNAMES),\
				-d $m) \
		"' certbot


nginx-reload:
	$(DOCKER) restart nginx
nextcloud-restart:
	$(DOCKER) restart nextcloud


config:
	$(DOCKER) config

FORCE: