OPACK_TARGET=			skz-void-server
OPACK_SYS_VERSION=		snapshots
OPACK_SYS_CPU=			2
OPACK_SYS_MEMORY=		1024
OPACK_SYS_DISK_SIZE=		10000
OPACK_SYS_SETS=			+* -x* +xbase* -game* -comp* +bsd.rd
OPACK_SYS_HOSTNAME=		void.sk4.nz
OPACK_SYS_USER=			sk4nz
#OPACK_SYS_SSH_PRIVATE_KEY=	$(HOME)/.ssh/id_ed25519
OPACK_GCE_MACHINE=		e2-micro
OPACK_AUTODISKLABEL_FILE=	$(shell realpath ./autodisklabel)
OPACK_PROVISION_FILE=		$(shell realpath void-provision.sh)
OPACK_GCE_PROJECT=		skz-void
OPACK_GCE_JSON_KEY=		skz-void-bbb88f038188.json
OPACK_DEBUG=y

include ../skz-opack/src/opack.mk

SSH_OPTS=	-i $(OPACK_SYS_SSH_PRIVATE_KEY) -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
FW_TF=		$(OPACK_TERRAFORM_DIR)/opack-module/firewall.tf

IN_TCP=		ssh
VPN_TCP=	ssh domain http https 1024:65535
VPN_UDP=	domain ntp 1024:65535

VOID_CLIENTS=	psychopomp skzphone miri

.DEFAULT_GOAL := all

all: void

$(FW_TF): | opack-cloud
	cp firewall.tf $@
	cd $(OPACK_TERRAFORM_DIR) && terraform apply \
		-target=module.opack-module.google_compute_firewall.icmp \
		-target=module.opack-module.google_compute_firewall.wireguard \
		-target=module.opack-module.google_compute_firewall.ssh \
		-auto-approve > /dev/null
	echo ▒ GCP Firewall configured
	#-target=module.opack-module.google_compute_firewall.deny \

void: | $(FW_TF)
	ssh $(SSH_OPTS) root@$(shell cat opack-cloud) \
		"uname -a; sysctl kern.version;" 2> /dev/null
	scp -q -r $(SSH_OPTS) \
		../../skz-wg root@$(shell cat opack-cloud):/root/skz-wg
	#vagrant ssh -c "make -C run bootstrap"
	ssh $(SSH_OPTS) root@$(shell cat opack-cloud) \
		"sh -c 'IN_TCP=\"$(IN_TCP)\" VPN_TCP=\"$(VPN_TCP)\" VPN_UDP=\"$(VPN_UDP)\" CLIENTS=\"$(VOID_CLIENTS)\" make -C /root/skz-wg'" 2> /dev/null

clean: opack-clean
