diff options
Diffstat (limited to 'module/ri-wireguard/src/main/resources')
-rw-r--r-- | module/ri-wireguard/src/main/resources/META-INF/kmodule.xml | 9 | ||||
-rw-r--r-- | module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl | 105 |
2 files changed, 114 insertions, 0 deletions
diff --git a/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml b/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml new file mode 100644 index 0000000..64cc4d2 --- /dev/null +++ b/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<kmodule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="http://www.drools.org/xsd/kmodule" + xsi:schemaLocation="http://www.drools.org/xsd/kmodule https://www.drools.org/xsd/kmodule_7_1.xsd"> + + <kbase name="wireguard" packages="io.trygvis.rules.acme"> + <ksession name="wireguard"/> + </kbase> +</kmodule> diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl new file mode 100644 index 0000000..7896953 --- /dev/null +++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl @@ -0,0 +1,105 @@ +package io.trygvis.rules.acme; + +import java.util.ArrayList +import io.trygvis.rules.machine.Machine; +import io.trygvis.rules.dns.DnsEntry; +import io.trygvis.rules.acme.AcmeServer +import io.trygvis.rules.network.Ipv4Address +import io.trygvis.rules.network.Ipv4Cidr + +dialect "mvel" + +declare WgNet + name : String + domain : String + linkCidr : String + networkCidr : String +end + +declare WgIpPool + net : String + role : String + cidr : Ipv4Cidr +end + +rule "Create link network" when + $net : WgNet() + not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) +then + insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) + insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) +end + +declare WgHost + name : String + net : String + publicName : String + netToNetIp : String + networkIp : String +end + +rule "WgHost VPN machines" +when + $machine : Machine() + $wgNet : WgNet(name == "vpn0") + not(WgHost(name == $machine.name)) +then + var wgHost = new WgHost(); + wgHost.name = $machine.name; + wgHost.net = $wgNet.name; + wgHost.publicName = $machine.fqdn; + insert(wgHost) +end + +rule "Set public name of WgHost" +when + $host : WgHost(publicName == null) + $m : Machine(name == $host.name, fqdn != null) +then + modify($host) { + publicName = $m.fqdn + } +end + +rule "Make DNS entries for all VPN hosts" +when + $h : WgHost() + $net : WgNet(name == $h.net) + not(DnsEntry(fqdn == "%s.%s".formatted($h.name, $net.domain), type == "A")) +then + var fqdn = "%s.%s".formatted($h.name, $net.domain); + insert(DnsEntry.a(fqdn)) +end + +declare WgConnection + host : String + to : String +end + +rule "Connect VPN nodes" + salience -1 +when + $h : WgHost() + $other : WgHost(publicName != null, name != $h.name) +then + insert(new WgConnection($h.name, $other.name)) +end + +declare WgIpAllocation + host : String + role : String + ip : Ipv4Address +end + +rule "Assign IP" +when + $net : WgNet() + $host : WgHost(net == $net.name) + $pool : WgIpPool(net == $net.name) + not(WgIpAllocation(host == $host.name, role == $pool.role)) + $ip : Ipv4Address() from $pool.cidr.addresses() + not(WgIpAllocation(ip == $ip)) +then + System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); + insert(new WgIpAllocation($host.name, $pool.role, $ip)) +end |