summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2021-01-06 21:01:33 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2021-01-06 21:01:33 +0100
commitede2372547db659e7b0e9cfd3b531ff542018229 (patch)
tree433dcb7d2bf84c6cc0ee30d92c32c6220dc53641
parent149cf9efadb1da64b9ee716ac9bee1ac0c0e1329 (diff)
downloadrules-sandbox-ede2372547db659e7b0e9cfd3b531ff542018229.tar.gz
rules-sandbox-ede2372547db659e7b0e9cfd3b531ff542018229.tar.bz2
rules-sandbox-ede2372547db659e7b0e9cfd3b531ff542018229.tar.xz
rules-sandbox-ede2372547db659e7b0e9cfd3b531ff542018229.zip
Generating Wireguard files too.
-rw-r--r--acme-wireguard/host_vars/acme-1/wireguard.yml3
-rw-r--r--acme-wireguard/host_vars/acme-2/wireguard.yml3
-rw-r--r--acme-wireguard/host_vars/acme-3/wireguard.yml3
-rw-r--r--acme-wireguard/host_vars/ws-1/wireguard.yml3
-rw-r--r--acme-wireguard/host_vars/ws-2/wireguard.yml3
-rw-r--r--acme-wireguard/wireguard-vpn0.yml6
-rw-r--r--j2/wireguard/ansible-host.j23
-rw-r--r--j2/wireguard/ansible.j26
-rw-r--r--module/acme/src/main/resources/META-INF/kmodule.xml2
-rw-r--r--module/ri-engine/src/main/java/io/trygvis/rules/engine/TemplateEngine.java10
-rw-r--r--module/ri-engine/src/main/resources/META-INF/kmodule.xml7
-rw-r--r--module/ri-engine/src/main/resources/io/trygvis/rules/engine/init.drl (renamed from module/ri-engine/src/main/resources/io/trygvis/rules/engine/default.drl)5
-rw-r--r--module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/generate.drl18
-rw-r--r--module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl38
-rw-r--r--out/acme/wireguard.yaml15
15 files changed, 87 insertions, 38 deletions
diff --git a/acme-wireguard/host_vars/acme-1/wireguard.yml b/acme-wireguard/host_vars/acme-1/wireguard.yml
new file mode 100644
index 0000000..7a8eb03
--- /dev/null
+++ b/acme-wireguard/host_vars/acme-1/wireguard.yml
@@ -0,0 +1,3 @@
+# Generated
+link_address: 192.168.10.4
+network_cidr: TODO
diff --git a/acme-wireguard/host_vars/acme-2/wireguard.yml b/acme-wireguard/host_vars/acme-2/wireguard.yml
new file mode 100644
index 0000000..8ec6010
--- /dev/null
+++ b/acme-wireguard/host_vars/acme-2/wireguard.yml
@@ -0,0 +1,3 @@
+# Generated
+link_address: 192.168.10.3
+network_cidr: TODO
diff --git a/acme-wireguard/host_vars/acme-3/wireguard.yml b/acme-wireguard/host_vars/acme-3/wireguard.yml
new file mode 100644
index 0000000..56e95d2
--- /dev/null
+++ b/acme-wireguard/host_vars/acme-3/wireguard.yml
@@ -0,0 +1,3 @@
+# Generated
+link_address: 192.168.10.2
+network_cidr: TODO
diff --git a/acme-wireguard/host_vars/ws-1/wireguard.yml b/acme-wireguard/host_vars/ws-1/wireguard.yml
new file mode 100644
index 0000000..ea629ed
--- /dev/null
+++ b/acme-wireguard/host_vars/ws-1/wireguard.yml
@@ -0,0 +1,3 @@
+# Generated
+link_address: 192.168.10.1
+network_cidr: TODO
diff --git a/acme-wireguard/host_vars/ws-2/wireguard.yml b/acme-wireguard/host_vars/ws-2/wireguard.yml
new file mode 100644
index 0000000..95f5f03
--- /dev/null
+++ b/acme-wireguard/host_vars/ws-2/wireguard.yml
@@ -0,0 +1,3 @@
+# Generated
+link_address: 192.168.10.0
+network_cidr: TODO
diff --git a/acme-wireguard/wireguard-vpn0.yml b/acme-wireguard/wireguard-vpn0.yml
new file mode 100644
index 0000000..a81485d
--- /dev/null
+++ b/acme-wireguard/wireguard-vpn0.yml
@@ -0,0 +1,6 @@
+- hosts: vpn0
+ roles:
+ - name: wireguard
+ wireguard_if: vpn0
+ wireguard_listen_port: 45364
+ wireguard_address4: "{{ link_addresses[ansible_hostname] }}"
diff --git a/j2/wireguard/ansible-host.j2 b/j2/wireguard/ansible-host.j2
new file mode 100644
index 0000000..63a8d51
--- /dev/null
+++ b/j2/wireguard/ansible-host.j2
@@ -0,0 +1,3 @@
+# Generated
+link_address: {{ link }}
+network_cidr: {{ network }}
diff --git a/j2/wireguard/ansible.j2 b/j2/wireguard/ansible.j2
new file mode 100644
index 0000000..82c0ca0
--- /dev/null
+++ b/j2/wireguard/ansible.j2
@@ -0,0 +1,6 @@
+- hosts: {{ net.name }}
+ roles:
+ - name: wireguard
+ wireguard_if: {{ net.name }}
+ wireguard_listen_port: 45364
+ wireguard_address4: "{{ '{{' }} link_addresses[ansible_hostname] }}"
diff --git a/module/acme/src/main/resources/META-INF/kmodule.xml b/module/acme/src/main/resources/META-INF/kmodule.xml
index da34a59..e86da96 100644
--- a/module/acme/src/main/resources/META-INF/kmodule.xml
+++ b/module/acme/src/main/resources/META-INF/kmodule.xml
@@ -3,7 +3,7 @@
xmlns="http://www.drools.org/xsd/kmodule"
xsi:schemaLocation="http://www.drools.org/xsd/kmodule https://www.drools.org/xsd/kmodule_7_1.xsd">
- <kbase packages="io.trygvis.acme" includes="engine" name="acme-apps">
+ <kbase packages="io.trygvis.acme" includes="dba,engine,machine,terraform" name="acme-apps">
<ksession name="acme-apps" default="true"/>
</kbase>
diff --git a/module/ri-engine/src/main/java/io/trygvis/rules/engine/TemplateEngine.java b/module/ri-engine/src/main/java/io/trygvis/rules/engine/TemplateEngine.java
index 3c7c755..cc085c0 100644
--- a/module/ri-engine/src/main/java/io/trygvis/rules/engine/TemplateEngine.java
+++ b/module/ri-engine/src/main/java/io/trygvis/rules/engine/TemplateEngine.java
@@ -2,6 +2,7 @@ package io.trygvis.rules.engine;
import ch.qos.logback.core.util.FileUtil;
import com.hubspot.jinjava.Jinjava;
+import org.apache.commons.io.FileUtils;
import java.io.File;
import java.io.IOException;
@@ -18,6 +19,15 @@ public class TemplateEngine {
this.basedir = basedir;
}
+ public void clean() {
+ try {
+ System.out.println("Cleaning gen!");
+ FileUtils.deleteDirectory(basedir);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
public void template(String name, String output, Map<String, Object> params) throws IOException {
var template = Files.readString(Path.of("j2", name + ".j2"));
String renderedTemplate = jinjava.render(template, params);
diff --git a/module/ri-engine/src/main/resources/META-INF/kmodule.xml b/module/ri-engine/src/main/resources/META-INF/kmodule.xml
index ffba357..79c5e79 100644
--- a/module/ri-engine/src/main/resources/META-INF/kmodule.xml
+++ b/module/ri-engine/src/main/resources/META-INF/kmodule.xml
@@ -3,6 +3,9 @@
xmlns="http://www.drools.org/xsd/kmodule"
xsi:schemaLocation="http://www.drools.org/xsd/kmodule https://www.drools.org/xsd/kmodule_7_1.xsd">
- <kbase name="engine" packages="io.trygvis.rules.dba,io.trygvis.rules.engine,io.trygvis.rules.machine,io.trygvis.rules.terraform">
- </kbase>
+ <kbase name="all" packages="io.trygvis.rules.*"/>
+ <kbase name="engine" packages="io.trygvis.rules.engine"/>
+ <kbase name="dba" packages="io.trygvis.rules.dba"/>
+ <kbase name="machine" packages="io.trygvis.rules.machine"/>
+ <kbase name="terraform" packages="io.trygvis.rules.terraform"/>
</kmodule>
diff --git a/module/ri-engine/src/main/resources/io/trygvis/rules/engine/default.drl b/module/ri-engine/src/main/resources/io/trygvis/rules/engine/init.drl
index a933bd9..267cc4a 100644
--- a/module/ri-engine/src/main/resources/io/trygvis/rules/engine/default.drl
+++ b/module/ri-engine/src/main/resources/io/trygvis/rules/engine/init.drl
@@ -5,12 +5,13 @@ import org.apache.commons.io.FileSystem
import org.apache.commons.io.FileUtils
import java.io.File
+global io.trygvis.rules.engine.TemplateEngine te;
+
rule "Clean directories"
agenda-group "init"
when
not(KeyValue(key == "rm-gen"));
then
- System.out.println("Cleaning gen!");
- FileUtils.deleteDirectory(new File("gen"));
+ te.clean();
insert(new KeyValue("rm-gen", null));
end
diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/generate.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/generate.drl
deleted file mode 100644
index 3ee0583..0000000
--- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/generate.drl
+++ /dev/null
@@ -1,18 +0,0 @@
-package io.trygvis.rules.wireguard;
-
-import java.util.ArrayList
-import io.trygvis.rules.dns.DnsEntry;
-import io.trygvis.rules.machine.Machine;
-import io.trygvis.rules.network.Ipv4Address
-import io.trygvis.rules.network.Ipv4Cidr
-import io.trygvis.rules.network.IpCalc
-
-rule "Generate base"
- agenda-group "generate"
- salience 10
-when
- $net : WgNet()
- $h : WgHost(net == $net.name)
-then
- System.out.println("%s : %s".formatted($net.name, $h.name));
-end
diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
index 342cbb5..06b9bbf 100644
--- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
+++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
@@ -6,6 +6,9 @@ import io.trygvis.rules.machine.Machine;
import io.trygvis.rules.network.Ipv4Address
import io.trygvis.rules.network.Ipv4Cidr
import io.trygvis.rules.network.IpCalc
+import java.util.Map
+
+global io.trygvis.rules.engine.TemplateEngine te;
dialect "mvel"
@@ -103,3 +106,38 @@ then
System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip);
insert(new WgIpAllocation($host.name, $pool.role, $ip))
end
+
+rule "Generate per-net files"
+ agenda-group "generate"
+ salience 10
+when
+ $net : WgNet()
+then
+ te.template("wireguard/ansible", "wireguard-" + $net.name + ".yml", Map.of(
+ "net", $net
+ ));
+
+ // TODO: Generate hosts file
+end
+
+rule "Generate per-net, per-host files"
+ agenda-group "generate"
+ salience 10
+when
+ $net : WgNet()
+ $host : WgHost(net == $net.name)
+ $link : WgIpAllocation(host == $host.name, role == "link")
+ // Needs to be a sub-cidr of the WgNet network cidr, not a specific IP
+ $network : WgIpAllocation(host == $host.name, role == "network")
+then
+ System.out.printf("%s : %s%n", $net.name, $host.name);
+
+ String output = "host_vars/%s/wireguard.yml".formatted($host.name);
+
+ te.template("wireguard/ansible-host", output, Map.of(
+ "net", $net,
+ "host", $host,
+ "link", $link.ip,
+ "network", "TODO"
+ ));
+end
diff --git a/out/acme/wireguard.yaml b/out/acme/wireguard.yaml
index 4601931..ebad93a 100644
--- a/out/acme/wireguard.yaml
+++ b/out/acme/wireguard.yaml
@@ -1,31 +1,16 @@
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-1.machine.acme.com"
- type: "A"
----
-type: "io.trygvis.rules.dns.DnsEntry"
-data:
fqdn: "acme-1.vpn.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-2.machine.acme.com"
- type: "A"
----
-type: "io.trygvis.rules.dns.DnsEntry"
-data:
fqdn: "acme-2.vpn.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-3.machine.acme.com"
- type: "A"
----
-type: "io.trygvis.rules.dns.DnsEntry"
-data:
fqdn: "acme-3.vpn.acme.com"
type: "A"
---