From 9eac79348242b5dc33f4cccdd86beda2a4ed4746 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Wed, 6 Jan 2021 10:16:51 +0100
Subject: Implementing VPN connections.

---
 out/phase-1.yaml                                   | 120 ++++++++++++++-------
 out/vpn0.yaml                                      | 120 ++++++++++++++-------
 src/main/java/io/trygvis/rules/engine/Main.java    |  11 +-
 .../java/io/trygvis/rules/network/Ipv4Address.java |  24 ++++-
 src/main/resources/io/trygvis/rules/acme/vpn.drl   |  52 +++++----
 5 files changed, 228 insertions(+), 99 deletions(-)

diff --git a/out/phase-1.yaml b/out/phase-1.yaml
index c9974d0..c0d093a 100644
--- a/out/phase-1.yaml
+++ b/out/phase-1.yaml
@@ -130,6 +130,90 @@ data:
   netToNetIp: null
   networkIp: null
 ---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-1"
+  role: "link"
+  ip:
+    value: "192.168.10.4"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-1"
+  role: "network"
+  ip:
+    value: "10.55.55.4"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-2"
+  role: "link"
+  ip:
+    value: "192.168.10.3"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-2"
+  role: "network"
+  ip:
+    value: "10.55.55.3"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-3"
+  role: "link"
+  ip:
+    value: "192.168.10.2"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-3"
+  role: "network"
+  ip:
+    value: "10.55.55.2"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-1"
+  role: "link"
+  ip:
+    value: "192.168.10.1"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-1"
+  role: "network"
+  ip:
+    value: "10.55.55.1"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-2"
+  role: "link"
+  ip:
+    value: "192.168.10.0"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-2"
+  role: "network"
+  ip:
+    value: "10.55.55.0"
+---
+type: "io.trygvis.rules.acme.WgIpPool"
+data:
+  net: "vpn0"
+  role: "link"
+  cidr:
+    value: "192.168.10.0/29"
+---
+type: "io.trygvis.rules.acme.WgIpPool"
+data:
+  net: "vpn0"
+  role: "network"
+  cidr:
+    value: "10.55.55.0/24"
+---
 type: "io.trygvis.rules.acme.WgNet"
 data:
   name: "vpn0"
@@ -347,42 +431,6 @@ data:
   name: "ws-2"
   fqdn: null
 ---
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.7"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.6"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.5"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.4"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.3"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.2"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.1"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.0"
----
-type: "io.trygvis.rules.network.Ipv4Cidr"
-data:
-  value: "192.168.10.0/29"
----
 type: "io.trygvis.rules.terraform.ScalewayMachine"
 data:
   machine:
diff --git a/out/vpn0.yaml b/out/vpn0.yaml
index bf5aee6..fb8c684 100644
--- a/out/vpn0.yaml
+++ b/out/vpn0.yaml
@@ -99,6 +99,90 @@ data:
   netToNetIp: null
   networkIp: null
 ---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-1"
+  role: "link"
+  ip:
+    value: "192.168.10.4"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-1"
+  role: "network"
+  ip:
+    value: "10.55.55.4"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-2"
+  role: "link"
+  ip:
+    value: "192.168.10.3"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-2"
+  role: "network"
+  ip:
+    value: "10.55.55.3"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-3"
+  role: "link"
+  ip:
+    value: "192.168.10.2"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "acme-3"
+  role: "network"
+  ip:
+    value: "10.55.55.2"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-1"
+  role: "link"
+  ip:
+    value: "192.168.10.1"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-1"
+  role: "network"
+  ip:
+    value: "10.55.55.1"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-2"
+  role: "link"
+  ip:
+    value: "192.168.10.0"
+---
+type: "io.trygvis.rules.acme.WgIpAllocation"
+data:
+  host: "ws-2"
+  role: "network"
+  ip:
+    value: "10.55.55.0"
+---
+type: "io.trygvis.rules.acme.WgIpPool"
+data:
+  net: "vpn0"
+  role: "link"
+  cidr:
+    value: "192.168.10.0/29"
+---
+type: "io.trygvis.rules.acme.WgIpPool"
+data:
+  net: "vpn0"
+  role: "network"
+  cidr:
+    value: "10.55.55.0/24"
+---
 type: "io.trygvis.rules.acme.WgNet"
 data:
   name: "vpn0"
@@ -170,39 +254,3 @@ type: "io.trygvis.rules.machine.Machine"
 data:
   name: "ws-2"
   fqdn: null
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.7"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.6"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.5"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.4"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.3"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.2"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.1"
----
-type: "io.trygvis.rules.network.Ipv4Address"
-data:
-  value: "192.168.10.0"
----
-type: "io.trygvis.rules.network.Ipv4Cidr"
-data:
-  value: "192.168.10.0/29"
diff --git a/src/main/java/io/trygvis/rules/engine/Main.java b/src/main/java/io/trygvis/rules/engine/Main.java
index 6f04a98..7c96be6 100644
--- a/src/main/java/io/trygvis/rules/engine/Main.java
+++ b/src/main/java/io/trygvis/rules/engine/Main.java
@@ -41,11 +41,12 @@ public class Main {
         io.dump("phase-1", session.getFactHandles());
 
         io.dump("vpn0", session.getFactHandles(), (Object o) ->
-                o.getClass().getName().contains("Wg") ||
-                o instanceof Machine ||
-                o instanceof DnsEntry ||
-                o instanceof Ipv4Cidr ||
-                o instanceof Ipv4Address);
+                o.getClass().getName().contains("Wg")
+                        || o instanceof Machine
+                        || o instanceof DnsEntry
+                        || o instanceof Ipv4Cidr
+                        || o instanceof Ipv4Address
+        );
 
         session.dispose();
     }
diff --git a/src/main/java/io/trygvis/rules/network/Ipv4Address.java b/src/main/java/io/trygvis/rules/network/Ipv4Address.java
index 071bca9..7ca9ca5 100644
--- a/src/main/java/io/trygvis/rules/network/Ipv4Address.java
+++ b/src/main/java/io/trygvis/rules/network/Ipv4Address.java
@@ -6,15 +6,37 @@ import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 
 import java.io.IOException;
+import java.util.Objects;
 
 @JsonSerialize(using = Ipv4Address.Serializer.class)
-public class Ipv4Address {
+public class Ipv4Address implements Comparable<Ipv4Address> {
     public final int address;
 
     public Ipv4Address(int address) {
         this.address = address;
     }
 
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+
+        if (o instanceof Ipv4Address other) {
+            return address == other.address;
+        }
+
+        return false;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(address);
+    }
+
+    @Override
+    public int compareTo(Ipv4Address o) {
+        return address - o.address;
+    }
+
     @Override
     public String toString() {
         return "%d.%d.%d.%d".formatted(
diff --git a/src/main/resources/io/trygvis/rules/acme/vpn.drl b/src/main/resources/io/trygvis/rules/acme/vpn.drl
index 456cbae..88c44f1 100644
--- a/src/main/resources/io/trygvis/rules/acme/vpn.drl
+++ b/src/main/resources/io/trygvis/rules/acme/vpn.drl
@@ -16,18 +16,23 @@ declare WgNet
     networkCidr : String
 end
 
+declare WgIpPool
+    net  : String
+    role : String
+    cidr : Ipv4Cidr
+end
+
+declare WgIpPool
+    net  : String
+    cidr : Ipv4Cidr
+end
+
 rule "Create link network" when
     $net : WgNet()
     not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network))
 then
-    insert(IpCalc.cidr($net.linkCidr))
-end
-
-rule "Create link network addresses" when
-    $cidr : Ipv4Cidr()
-    $addresses : Ipv4Address() from $cidr.addresses
-then
-    insert($addresses)
+    insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr)))
+    insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr)))
 end
 
 declare WgHost
@@ -85,16 +90,21 @@ then
     insert(new WgConnection($h.name, $other.name))
 end
 
-//declare AllocatedIp
-//    owner : Object
-//    ip    : Ipv4Address
-//end
-//
-//rule "Assign IP"
-//when
-//    $host : WgHost()
-//    $ip : Ipv4Address()
-//then
-//    var allocation = new AllocatedIp($host, $ip);
-//    insert(allocation)
-//end
+declare WgIpAllocation
+    host : String
+    role : String
+    ip   : Ipv4Address
+end
+
+rule "Assign IP"
+when
+    $net : WgNet()
+    $host : WgHost(net == $net.name)
+    $pool : WgIpPool(net == $net.name)
+    not(WgIpAllocation(host == $host.name, role == $pool.role))
+    $ip : Ipv4Address() from $pool.cidr.addresses()
+    not(WgIpAllocation(ip == $ip))
+then
+    System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip);
+    insert(new WgIpAllocation($host.name, $pool.role, $ip))
+end
-- 
cgit v1.2.3