SLEEP_FOR ?= 10
VENV ?= venv

.PHONY: sleep
sleep:
	sleep $(SLEEP_FOR)

.PHONY: default
default: check

.PHONY: all
all: cluster bootstrap-values apply

.PHONY: cluster
cluster: ansible-cluster

# Ensures virtualenv is present
$(VENV):
	python3 -m venv $(VENV)
	$(VENV)/bin/pip install -r requirements.txt

# Installs pre-commit hooks
.PHONY: install-hooks
install-hooks: $(VENV)
	$(VENV)/bin/pre-commit install --install-hooks

# Checks files for encryption
.PHONY: check
check: $(VENV)
	$(VENV)/bin/pre-commit run --all-files

# Creates a new secrets baseline
.secrets-baseline: $(VENV)
	$(VENV)/bin/detect-secrets scan --exclude-secrets '(\$${.*}|from_env|fake|!secret)' > .secrets-baseline

# Audits secrets against baseline
.PHONY: secrets-audit
secrets-audit: $(VENV) .secrets-baseline
	$(VENV)/bin/detect-secrets audit .secrets-baseline

# Updates secrets baseline
.PHONY: secrets-update
secrets-update: $(VENV) .secrets-baseline
	$(VENV)/bin/detect-secrets scan --baseline .secrets-baseline

.PHONY: ansible_galaxy
ansible_galaxy: ansible_galaxy/ansible_collections ansible_galaxy/roles

ansible_galaxy/ansible_collections: $(VENV) ./ansible_galaxy/requirements.yml
	$(VENV)/bin/ansible-galaxy collection install -p ./ansible_galaxy -r ./ansible_galaxy/requirements.yml

ansible_galaxy/roles: $(VENV) ./ansible_galaxy/requirements.yml
	$(VENV)/bin/ansible-galaxy install -p ./ansible_galaxy/roles -r ./ansible_galaxy/requirements.yml

.PHONY: ansible-cluster
ansible-cluster: $(VENV) ansible_galaxy
	env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -K -vv \
		$(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \
		./ansible_playbooks/setup-cluster.yml

.PHONY: bootstrap-values
bootstrap-values: $(VENV) ansible_galaxy
	env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \
		-e "@vault-keys.json" \
		./ansible_playbooks/bootstrap-values.yml

.PHONY: recover-consul
recover-consul: $(VENV)
	$(VENV)/bin/ansible-playbook -K ./ansible_playbooks/recover-consul.yaml

.PHONY: recover-nomad
recover-nomad: $(VENV)
	$(VENV)/bin/ansible-playbook -K ./ansible_playbooks/recover-nomad.yaml

.PHONY: unseal-vault
unseal-vault: $(VENV)
	env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \
		-e "@vault-keys.json" \
		./ansible_playbooks/unseal-vault.yml

.PHONY: init
init:
	@terraform init

.PHONY: plan
plan:
	@terraform plan \
		-var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \

.PHONY: apply
apply:
	@terraform apply \
		-auto-approve \
		-var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \

.PHONY: clean
clean:
	env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \
		./ansible_playbooks/clear-data.yml
	find -name "*.tfstate" -exec rm '{}' \;
	rm -f ./vault-keys.json ./nomad_bootstrap.json