2022-11-11 23:37:27 +01:00
|
|
|
CMDARGS += node-exec stack-node-exec node-exec:% node-exec@% node-run node-run:% node-run@%
|
2022-11-18 15:01:16 +01:00
|
|
|
node ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/node/*.yml)))
|
2022-08-24 11:34:07 +02:00
|
|
|
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
2022-11-02 13:42:27 +01:00
|
|
|
SETUP_LETSENCRYPT ?=
|
2021-05-22 02:34:24 +02:00
|
|
|
|
2022-10-21 03:50:14 +02:00
|
|
|
# target bootstrap-stack-node: Fire node-certbot node-ssl-certs
|
2022-07-06 23:27:41 +02:00
|
|
|
.PHONY: bootstrap-stack-node
|
2022-11-11 23:37:27 +01:00
|
|
|
bootstrap-stack-node: $(if $(SETUP_LETSENCRYPT),node-certbot$(if $(DEBUG),-staging)) node-ssl-certs
|
2022-07-06 23:27:41 +02:00
|
|
|
|
|
|
|
# target node: Fire stack-node-up
|
2021-02-09 17:05:00 +01:00
|
|
|
.PHONY: node
|
2022-07-06 23:27:41 +02:00
|
|
|
node: stack-node-up
|
2022-06-30 23:37:10 +02:00
|
|
|
|
|
|
|
# target node-%; Fire target stack-node-%
|
2022-09-10 18:31:23 +02:00
|
|
|
.PHONY: node-%
|
2022-06-30 23:37:10 +02:00
|
|
|
node-%: stack-node-%;
|
|
|
|
|
2022-11-02 13:42:27 +01:00
|
|
|
# target node-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
|
2022-06-30 23:37:10 +02:00
|
|
|
.PHONY: node-ssl-certs
|
|
|
|
node-ssl-certs:
|
2022-10-21 03:50:14 +02:00
|
|
|
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
2022-11-02 13:42:27 +01:00
|
|
|
[ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
|
|
|
|| $(RUN) docker run --rm \
|
|
|
|
-e DOMAIN=$(DOMAIN) \
|
|
|
|
--mount source=$(NODE_DOCKER_VOLUME),target=/certs \
|
|
|
|
alpine sh -c "\
|
|
|
|
apk --no-cache add openssl \
|
|
|
|
&& mkdir -p /certs/live/${DOMAIN} \
|
|
|
|
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
|
|
|
|
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
|
|
|
|
-addext extendedKeyUsage=serverAuth \
|
|
|
|
-addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \
|
|
|
|
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
|
|
|
-x509 -days 365 \
|
|
|
|
&& rm -f /certs/live/${DOMAIN}/fullchain.pem \
|
|
|
|
&& ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \
|
|
|
|
"
|
2022-10-21 03:50:14 +02:00
|
|
|
|
2022-11-02 13:42:27 +01:00
|
|
|
# target node-certbot: Create ${DOMAIN} certificate files with letsencrypt
|
2022-10-21 03:50:14 +02:00
|
|
|
.PHONY: node-certbot
|
|
|
|
node-certbot: node-docker-build-certbot
|
2022-11-02 13:42:27 +01:00
|
|
|
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
|
|
|
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
|
|
|
|| $(RUN) docker run --rm \
|
|
|
|
--mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
|
|
|
--mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
|
|
|
-e DOMAIN=$(DOMAIN) \
|
|
|
|
--network host \
|
|
|
|
node/certbot \
|
|
|
|
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
|
|
|
|
--preferred-challenges dns --authenticator dns-standalone \
|
|
|
|
--dns-standalone-address=0.0.0.0 \
|
|
|
|
--dns-standalone-port=53 \
|
|
|
|
-d ${DOMAIN} \
|
|
|
|
-d *.${DOMAIN}
|
2022-10-21 03:50:14 +02:00
|
|
|
|
|
|
|
# target node-certbot-certificates: List letsencrypt certificates
|
|
|
|
.PHONY: node-certbot-certificates
|
|
|
|
node-certbot-certificates: node-docker-build-certbot
|
|
|
|
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ node/certbot certificates
|
|
|
|
|
|
|
|
# target node-certbot-renew: Renew letsencrypt certificates
|
|
|
|
.PHONY: node-certbot-renew
|
|
|
|
node-certbot-renew: node-docker-build-certbot
|
|
|
|
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host node/certbot renew
|
|
|
|
|
2022-11-02 13:42:27 +01:00
|
|
|
# target node-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
|
2022-10-21 03:50:14 +02:00
|
|
|
.PHONY: node-certbot-staging
|
|
|
|
node-certbot-staging: node-docker-build-certbot
|
2022-11-02 13:42:27 +01:00
|
|
|
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
|
|
|
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
|
|
|
|| $(RUN) docker run --rm \
|
|
|
|
--mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
|
|
|
--mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
|
|
|
-e DOMAIN=$(DOMAIN) \
|
|
|
|
--network host \
|
|
|
|
node/certbot \
|
|
|
|
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
|
|
|
|
--preferred-challenges dns --authenticator dns-standalone \
|
|
|
|
--dns-standalone-address=0.0.0.0 \
|
|
|
|
--dns-standalone-port=53 \
|
|
|
|
--staging \
|
|
|
|
-d ${DOMAIN} \
|
|
|
|
-d *.${DOMAIN}
|
2022-10-21 03:50:14 +02:00
|
|
|
|
|
|
|
# target node-docker-build-%: Build % docker
|
|
|
|
.PHONY: node-docker-build-%
|
|
|
|
node-docker-build-%:
|
|
|
|
$(call docker-build,docker/$*,node/$*:$(DOCKER_IMAGE_TAG))
|
|
|
|
|
|
|
|
# target node-docker-rebuild-%: Rebuild % docker
|
|
|
|
.PHONY: node-docker-rebuild-%
|
|
|
|
node-docker-rebuild-%:
|
|
|
|
$(call make,node-docker-build-$* DOCKER_BUILD_CACHE=false)
|
|
|
|
|