summaryrefslogtreecommitdiff
path: root/module/ri-wireguard
diff options
context:
space:
mode:
Diffstat (limited to 'module/ri-wireguard')
-rw-r--r--module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl79
1 files changed, 53 insertions, 26 deletions
diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
index 06b9bbf..2e4498f 100644
--- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
+++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
@@ -17,6 +17,7 @@ declare WgNet
domain : String
linkCidr : String
networkCidr : String
+ networkBits : int
end
declare WgIpPool
@@ -25,14 +26,6 @@ declare WgIpPool
cidr : Ipv4Cidr
end
-rule "Create link network" when
- $net : WgNet()
- not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network))
-then
- insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr)))
- insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr)))
-end
-
declare WgHost
name : String
net : String
@@ -41,6 +34,32 @@ declare WgHost
networkIp : String
end
+declare WgConnection
+ host : String
+ to : String
+end
+
+declare WgIpAllocation
+ host : String
+ role : String
+ ip : Ipv4Address
+end
+
+declare WgNetworkAllocation
+ host : String
+ role : String
+ cidr : Ipv4Cidr
+end
+
+rule "Create IP pools" when
+ $net : WgNet()
+// not(Ipv4Cidr(network == Ipv4Cidr.parseCidr($net.linkCidr).network))
+then
+ System.out.println("Creating main IP pools");
+ insert(new WgIpPool($net.name, "link", Ipv4Cidr.parseCidr($net.linkCidr)))
+ insert(new WgIpPool($net.name, "networks", Ipv4Cidr.parseCidr($net.networkCidr)))
+end
+
rule "WgHost VPN machines"
when
$machine : Machine()
@@ -74,31 +93,21 @@ then
insert(DnsEntry.a(fqdn))
end
-declare WgConnection
- host : String
- to : String
-end
-
rule "Connect VPN nodes"
salience -1
when
$h : WgHost()
$other : WgHost(publicName != null, name != $h.name)
then
+ System.out.printf("VPN connection from %s to %s%n", $h.name, $other.name);
insert(new WgConnection($h.name, $other.name))
end
-declare WgIpAllocation
- host : String
- role : String
- ip : Ipv4Address
-end
-
-rule "Assign IP"
+rule "Assign link IP"
when
$net : WgNet()
$host : WgHost(net == $net.name)
- $pool : WgIpPool(net == $net.name)
+ $pool : WgIpPool(net == $net.name, role == "link")
not(WgIpAllocation(host == $host.name, role == $pool.role))
$ip : Ipv4Address() from $pool.cidr.addresses()
not(WgIpAllocation(ip == $ip))
@@ -107,17 +116,33 @@ then
insert(new WgIpAllocation($host.name, $pool.role, $ip))
end
+rule "Assign network CIDR"
+when
+ $net : WgNet()
+ $host : WgHost(net == $net.name)
+ $network : Ipv4Cidr() from Ipv4Cidr.parseCidr($net.networkCidr).partition($net.networkBits)
+ not(WgNetworkAllocation(host == $host.name, role == "network"))
+ not(WgNetworkAllocation(cidr == $network))
+then
+ System.out.printf("Network CIDR: net=%s, host=%s, network=%s%n", $net.name, $host.name, $network);
+ insert(new WgNetworkAllocation($host.name, "network", $network))
+end
+
rule "Generate per-net files"
agenda-group "generate"
salience 10
when
$net : WgNet()
+ $names : ArrayList() from accumulate(WgHost(net == $net.name, $name: name), collectList($name))
+ $hosts : ArrayList() from accumulate(Machine($names contains name, $m: this), collectList($m))
then
te.template("wireguard/ansible", "wireguard-" + $net.name + ".yml", Map.of(
"net", $net
));
- // TODO: Generate hosts file
+ te.template("wireguard/inventory", "inventory.yml", Map.of(
+ "hosts", $hosts
+ ));
end
rule "Generate per-net, per-host files"
@@ -127,10 +152,11 @@ when
$net : WgNet()
$host : WgHost(net == $net.name)
$link : WgIpAllocation(host == $host.name, role == "link")
- // Needs to be a sub-cidr of the WgNet network cidr, not a specific IP
- $network : WgIpAllocation(host == $host.name, role == "network")
+ $network : WgNetworkAllocation(host == $host.name, role == "network")
+ $peerMachines : ArrayList() from accumulate(WgConnection(host == $host.name, $to: to), collectList($to))
+ $peers : ArrayList() from accumulate(Machine($peerMachines contains name, $fqdn: fqdn), collectList($fqdn))
then
- System.out.printf("%s : %s%n", $net.name, $host.name);
+ System.out.printf("Generating per-host files: net=%s, host=%s%n", $net.name, $host.name);
String output = "host_vars/%s/wireguard.yml".formatted($host.name);
@@ -138,6 +164,7 @@ then
"net", $net,
"host", $host,
"link", $link.ip,
- "network", "TODO"
+ "network", $network.cidr,
+ "peers", $peers
));
end