railiance-platform/Makefile

SHELL := /usr/bin/env bash
.DEFAULT_GOAL := help

KUBECONFIG ?= $(HOME)/.kube/config-hosteurope
KUBECTL     := kubectl --kubeconfig=$(KUBECONFIG)
HELM        := helm --kubeconfig=$(KUBECONFIG)
NAMESPACE   := platform

PG_CHART_VERSION  ?= 16.2.2
VALKEY_CHART_VERSION ?= 2.x

##@ CloudNative PG (cnpg) — primary database operator

db-deploy: ## Apply Gitea cnpg Cluster (creates gitea-db in databases namespace)
	$(KUBECTL) apply -f helm/gitea-db-cluster.yaml

db-status: ## Show cnpg cluster health
	$(KUBECTL) cnpg status gitea-db -n databases 2>/dev/null || \
	  $(KUBECTL) get cluster gitea-db -n databases -o wide

db-shell: ## Open psql shell on gitea-db primary
	$(KUBECTL) cnpg psql gitea-db -n databases -- -U gitea gitea

db-logs: ## Tail gitea-db primary logs
	$(KUBECTL) logs -n databases -l cnpg.io/cluster=gitea-db -f --tail=50

##@ PostgreSQL HA (legacy — superseded by cnpg above)

pg-deploy: ## Deploy / upgrade standalone PostgreSQL HA to platform namespace
	$(KUBECTL) create namespace $(NAMESPACE) --dry-run=client -o yaml | $(KUBECTL) apply -f -
	$(HELM) repo add bitnami https://charts.bitnami.com/bitnami --force-update
	$(HELM) upgrade --install postgresql-ha bitnami/postgresql-ha \
		--version $(PG_CHART_VERSION) \
		--namespace $(NAMESPACE) \
		-f <(sops -d helm/postgresql-ha-values.sops.yaml) \
		--wait --timeout 5m

pg-status: ## Check PostgreSQL HA pod status
	$(KUBECTL) get pods -n $(NAMESPACE) -l app.kubernetes.io/name=postgresql-ha

pg-pgpool-check: ## Verify pgpool-password secret key is present (see RAIL-BS-WP-0003)
	@SECRET=$$($(KUBECTL) get secret -n $(NAMESPACE) postgresql-ha-postgresql \
	  -o jsonpath='{.data.pgpool-password}' 2>/dev/null); \
	if [ -z "$$SECRET" ]; then \
	  echo "ERROR: pgpool-password key missing from secret — pgpool will CrashLoop on restart"; \
	  exit 1; \
	else \
	  echo "OK: pgpool-password key present"; \
	fi

##@ Valkey (cache)

valkey-deploy: ## Deploy / upgrade Valkey (Redis-compatible) to platform namespace
	$(KUBECTL) create namespace $(NAMESPACE) --dry-run=client -o yaml | $(KUBECTL) apply -f -
	$(HELM) upgrade --install valkey bitnami/valkey \
		--namespace $(NAMESPACE) \
		-f <(sops -d helm/valkey-values.sops.yaml) \
		--wait --timeout 3m

valkey-status: ## Check Valkey pod status
	$(KUBECTL) get pods -n $(NAMESPACE) -l app.kubernetes.io/name=valkey

##@ Backup

backup: ## Backup platform services (PostgreSQL logical dump) — age-encrypted to Nextcloud
	sudo tools/cmd/railiance-backup

##@ Help

help: ## Show this help
	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} \
	  /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-22s\033[0m %s\n", $$1, $$2 } \
	  /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) }' $(MAKEFILE_LIST)

.PHONY: db-deploy db-status db-shell db-logs pg-deploy pg-status pg-pgpool-check valkey-deploy valkey-status backup help