export BAO_ADDR=https://bao.digitalboard.ch
# macOS fork-safety: Objective-C runtime is not fork-safe; Ansible forks
# per host. Without this, hashi_vault lookups crash workers.
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES

install:
	ansible-galaxy collection install -r requirements.yml -p collections

bao:
	bao login -method=oidc -path=Digitalboard role=default
	$(eval export VAULT_TOKEN=$(shell bao print token))

# Seed/merge OpenBao secrets for a demo inventory. Idempotent: existing
# keys are kept; only missing keys are generated. Pass DRY_RUN=1 to
# preview without writing.
seed_bao_gymburgdorf:
	scripts/bao-seed.sh demo-gymburgdorf

seed_bao_mbazürich:
	scripts/bao-seed.sh demo-mbazürich

seed_bao_phbern:
	scripts/bao-seed.sh demo-phbern

ping_demo:
	echo "# pinging demo-gymburgdorf"
	ansible all -i inventories/demo-gymburgdorf/hosts.yml -m ping || true
	echo "# pinging demo-mbazürich"
	ansible all -i inventories/demo-mbazürich/hosts.yml -m ping || true
	echo "# pinging demo-phbern"
	ansible all -i inventories/demo-phbern/hosts.yml -m ping || true

deploy_site_demo_gymburgdorf:
	echo "deploying demo site gymburgdorf"
	ansible-playbook playbooks/site.yml -i inventories/demo-gymburgdorf/hosts.yml --diff 

deploy_site_demo_mbazürich:
	echo "deploying demo site mbazürich"
	ansible-playbook playbooks/site.yml -i inventories/demo-mbazürich/hosts.yml

deploy_site_demo_phbern:
	echo "deploying demo site phbern"
	ansible-playbook playbooks/site.yml -i inventories/demo-phbern/hosts.yml

deploy_site_demo:
	make deploy_site_demo_gymburgdorf
	make deploy_site_demo_mbazürich
	make deploy_site_demo_phbern