VENV ?= venv .PHONY: default default: check .PHONY: cluster cluster: ansible-cluster # Ensures virtualenv is present $(VENV): python3 -m venv $(VENV) $(VENV)/bin/pip install -r requirements.txt # Installs pre-commit hooks .PHONY: install-hooks install-hooks: $(VENV) $(VENV)/bin/pre-commit install --install-hooks # Checks files for encryption .PHONY: check check: $(VENV) $(VENV)/bin/pre-commit run --all-files # Creates a new secrets baseline .secrets-baseline: $(VENV) $(VENV)/bin/detect-secrets scan --exclude-secrets '(\$${.*}|from_env|fake|!secret)' > .secrets-baseline # Audits secrets against baseline .PHONY: secrets-audit secrets-audit: $(VENV) .secrets-baseline $(VENV)/bin/detect-secrets audit .secrets-baseline # Updates secrets baseline .PHONY: secrets-update secrets-update: $(VENV) .secrets-baseline $(VENV)/bin/detect-secrets scan --baseline .secrets-baseline .PHONY: galaxy galaxy: $(VENV) $(VENV)/bin/ansible-galaxy install -p roles -r roles/requirements.yml $(VENV)/bin/ansible-galaxy collection install -r collections/requirements.yml .PHONY: ansible-cluster ansible-cluster: $(VENV) galaxy env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -K -vv \ $(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \ -i ansible_hosts.yml \ -M ./roles \ ./setup-cluster.yml .PHONY: bootstrap-values bootstrap-values: $(VENV) galaxy env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -vv \ -e "@vault-keys.json" \ -i ansible_hosts.yml \ -M ./roles \ ./bootstrap-values.yml .PHONY: unseal-vault unseal-vault: $(VENV) galaxy env VIRTUAL_ENV=$(VENV) $(VENV)/bin/ansible-playbook -K -vv \ -e "@vault-keys.json" \ -i ansible_hosts.yml \ -M ./roles \ ./unseal-vault.yml .PHONY: init init: @terraform init .PHONY: plan plan: @terraform plan \ -var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \ -var "vault_token=$(shell jq -r .root_token vault-keys.json)" .PHONY: apply apply: @terraform apply \ -var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \ -var "vault_token=$(shell jq -r .root_token vault-keys.json)"