summaryrefslogtreecommitdiff
path: root/module/ri-wireguard/src/main/resources
diff options
context:
space:
mode:
Diffstat (limited to 'module/ri-wireguard/src/main/resources')
-rw-r--r--module/ri-wireguard/src/main/resources/META-INF/kmodule.xml9
-rw-r--r--module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl105
2 files changed, 114 insertions, 0 deletions
diff --git a/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml b/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml
new file mode 100644
index 0000000..64cc4d2
--- /dev/null
+++ b/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<kmodule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://www.drools.org/xsd/kmodule"
+ xsi:schemaLocation="http://www.drools.org/xsd/kmodule https://www.drools.org/xsd/kmodule_7_1.xsd">
+
+ <kbase name="wireguard" packages="io.trygvis.rules.acme">
+ <ksession name="wireguard"/>
+ </kbase>
+</kmodule>
diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl
new file mode 100644
index 0000000..7896953
--- /dev/null
+++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl
@@ -0,0 +1,105 @@
+package io.trygvis.rules.acme;
+
+import java.util.ArrayList
+import io.trygvis.rules.machine.Machine;
+import io.trygvis.rules.dns.DnsEntry;
+import io.trygvis.rules.acme.AcmeServer
+import io.trygvis.rules.network.Ipv4Address
+import io.trygvis.rules.network.Ipv4Cidr
+
+dialect "mvel"
+
+declare WgNet
+ name : String
+ domain : String
+ linkCidr : String
+ networkCidr : String
+end
+
+declare WgIpPool
+ net : String
+ role : String
+ cidr : Ipv4Cidr
+end
+
+rule "Create link network" when
+ $net : WgNet()
+ not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network))
+then
+ insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr)))
+ insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr)))
+end
+
+declare WgHost
+ name : String
+ net : String
+ publicName : String
+ netToNetIp : String
+ networkIp : String
+end
+
+rule "WgHost VPN machines"
+when
+ $machine : Machine()
+ $wgNet : WgNet(name == "vpn0")
+ not(WgHost(name == $machine.name))
+then
+ var wgHost = new WgHost();
+ wgHost.name = $machine.name;
+ wgHost.net = $wgNet.name;
+ wgHost.publicName = $machine.fqdn;
+ insert(wgHost)
+end
+
+rule "Set public name of WgHost"
+when
+ $host : WgHost(publicName == null)
+ $m : Machine(name == $host.name, fqdn != null)
+then
+ modify($host) {
+ publicName = $m.fqdn
+ }
+end
+
+rule "Make DNS entries for all VPN hosts"
+when
+ $h : WgHost()
+ $net : WgNet(name == $h.net)
+ not(DnsEntry(fqdn == "%s.%s".formatted($h.name, $net.domain), type == "A"))
+then
+ var fqdn = "%s.%s".formatted($h.name, $net.domain);
+ insert(DnsEntry.a(fqdn))
+end
+
+declare WgConnection
+ host : String
+ to : String
+end
+
+rule "Connect VPN nodes"
+ salience -1
+when
+ $h : WgHost()
+ $other : WgHost(publicName != null, name != $h.name)
+then
+ insert(new WgConnection($h.name, $other.name))
+end
+
+declare WgIpAllocation
+ host : String
+ role : String
+ ip : Ipv4Address
+end
+
+rule "Assign IP"
+when
+ $net : WgNet()
+ $host : WgHost(net == $net.name)
+ $pool : WgIpPool(net == $net.name)
+ not(WgIpAllocation(host == $host.name, role == $pool.role))
+ $ip : Ipv4Address() from $pool.cidr.addresses()
+ not(WgIpAllocation(ip == $ip))
+then
+ System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip);
+ insert(new WgIpAllocation($host.name, $pool.role, $ip))
+end