From b40cab15f4d01a4e8455e5808ca82e40ff291a92 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Wed, 6 Jan 2021 12:12:39 +0100 Subject: Renaming VPN stuff to wireguard. --- acme.yaml | 2 +- .../main/java/io/trygvis/rules/acme/IpCalc.java | 67 ---- .../main/java/io/trygvis/rules/network/IpCalc.java | 51 +++ .../main/resources/io/trygvis/rules/acme/acme.drl | 10 +- .../java/io/trygvis/rules/acme/IpCalcTest.java | 27 -- .../java/io/trygvis/rules/network/IpCalcTest.java | 27 ++ .../src/main/java/io/trygvis/rules/acme/Foo.java | 7 - .../src/main/resources/META-INF/kmodule.xml | 2 +- .../main/resources/io/trygvis/rules/acme/vpn.drl | 105 ------ .../io/trygvis/rules/wireguard/wireguard.drl | 105 ++++++ out/phase-1.yaml | 382 ++++++++++----------- out/vpn0.yaml | 190 +++++----- 12 files changed, 474 insertions(+), 501 deletions(-) delete mode 100644 module/ri-engine/src/main/java/io/trygvis/rules/acme/IpCalc.java create mode 100644 module/ri-engine/src/main/java/io/trygvis/rules/network/IpCalc.java delete mode 100644 module/ri-engine/src/test/java/io/trygvis/rules/acme/IpCalcTest.java create mode 100644 module/ri-engine/src/test/java/io/trygvis/rules/network/IpCalcTest.java delete mode 100644 module/ri-wireguard/src/main/java/io/trygvis/rules/acme/Foo.java delete mode 100644 module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl create mode 100644 module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl diff --git a/acme.yaml b/acme.yaml index 818422a..24c07cb 100644 --- a/acme.yaml +++ b/acme.yaml @@ -35,7 +35,7 @@ data: name: ws-2 --- # Wireguard VPN network -type: io.trygvis.rules.acme.WgNet +type: io.trygvis.rules.wireguard.WgNet data: name: vpn0 domain: vpn.acme.com diff --git a/module/ri-engine/src/main/java/io/trygvis/rules/acme/IpCalc.java b/module/ri-engine/src/main/java/io/trygvis/rules/acme/IpCalc.java deleted file mode 100644 index 5369d62..0000000 --- a/module/ri-engine/src/main/java/io/trygvis/rules/acme/IpCalc.java +++ /dev/null @@ -1,67 +0,0 @@ -package io.trygvis.rules.acme; - -import io.trygvis.rules.network.Ipv4Cidr; - -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Pattern; - -public class IpCalc { - private static final Pattern pattern = Pattern.compile("([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})/([0-9]{1,3})"); - - public static class FirstLast { - public final int first; - public final int last; - - public FirstLast(int first, int last) { - this.first = first; - this.last = last; - } - } - - public static Ipv4Cidr cidr(String cidr) { - var matcher = pattern.matcher(cidr); - if (!matcher.matches()) { - throw new IllegalArgumentException("Not a CIDR: " + cidr); - } - - var b1 = matcher.group(1); - var b2 = matcher.group(2); - var b3 = matcher.group(3); - var b4 = matcher.group(4); - - int network = parse(b1) << 24 | - parse(b2) << 16 | - parse(b3) << 8 | - parse(b4); - -// System.out.printf("network = %x%n", network); - - var l = matcher.group(5); - var bits = Integer.parseInt(l); - var hostBits = 32 - bits; - int size = 1 << hostBits; - - int netmask = (-1 >> hostBits) << hostBits; -// System.out.printf("netmask = %08x%n", netmask); - - int x = network & ~netmask; - - if (x != 0) { - throw new IllegalArgumentException("Not a CIDR: " + cidr); - } - - return new Ipv4Cidr(network, netmask, size, bits); - } - - private static int parse(String s) { - var i = Integer.parseInt(s); - if (i > 255) { - throw new IllegalArgumentException("Not a CIDR"); - } - - return i; - } -} diff --git a/module/ri-engine/src/main/java/io/trygvis/rules/network/IpCalc.java b/module/ri-engine/src/main/java/io/trygvis/rules/network/IpCalc.java new file mode 100644 index 0000000..e40e169 --- /dev/null +++ b/module/ri-engine/src/main/java/io/trygvis/rules/network/IpCalc.java @@ -0,0 +1,51 @@ +package io.trygvis.rules.network; + +import java.util.regex.Pattern; + +public class IpCalc { + private static final Pattern pattern = Pattern.compile("([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})/([0-9]{1,3})"); + + public static Ipv4Cidr cidr(String cidr) { + var matcher = pattern.matcher(cidr); + if (!matcher.matches()) { + throw new IllegalArgumentException("Not a CIDR: " + cidr); + } + + var b1 = matcher.group(1); + var b2 = matcher.group(2); + var b3 = matcher.group(3); + var b4 = matcher.group(4); + + int network = parse(b1) << 24 | + parse(b2) << 16 | + parse(b3) << 8 | + parse(b4); + +// System.out.printf("network = %x%n", network); + + var l = matcher.group(5); + var bits = Integer.parseInt(l); + var hostBits = 32 - bits; + int size = 1 << hostBits; + + int netmask = (-1 >> hostBits) << hostBits; +// System.out.printf("netmask = %08x%n", netmask); + + int x = network & ~netmask; + + if (x != 0) { + throw new IllegalArgumentException("Not a CIDR: " + cidr); + } + + return new Ipv4Cidr(network, netmask, size, bits); + } + + private static int parse(String s) { + var i = Integer.parseInt(s); + if (i > 255) { + throw new IllegalArgumentException("Not a CIDR"); + } + + return i; + } +} diff --git a/module/ri-engine/src/main/resources/io/trygvis/rules/acme/acme.drl b/module/ri-engine/src/main/resources/io/trygvis/rules/acme/acme.drl index 0465343..7d53763 100644 --- a/module/ri-engine/src/main/resources/io/trygvis/rules/acme/acme.drl +++ b/module/ri-engine/src/main/resources/io/trygvis/rules/acme/acme.drl @@ -4,16 +4,13 @@ import io.trygvis.rules.machine.Machine; import io.trygvis.rules.dba.Cluster; import io.trygvis.rules.dba.Container; +dialect "mvel" + declare AcmeServer name : String machine : Machine end -//declare MachinePublicName -// machine : Machine -// fqdn : String -//end - rule "Ops" when $ops: AcmeOps() @@ -56,7 +53,6 @@ when $m : Machine(fqdn == null) $s : AcmeServer(machine == $m) then - var fqdn = "%s.machine.acme.com".formatted($s.machine.name); - $s.machine.fqdn = fqdn; + $s.machine.fqdn = "%s.machine.acme.com".formatted($s.machine.name); update($s.machine) end diff --git a/module/ri-engine/src/test/java/io/trygvis/rules/acme/IpCalcTest.java b/module/ri-engine/src/test/java/io/trygvis/rules/acme/IpCalcTest.java deleted file mode 100644 index 8b1e2c6..0000000 --- a/module/ri-engine/src/test/java/io/trygvis/rules/acme/IpCalcTest.java +++ /dev/null @@ -1,27 +0,0 @@ -package io.trygvis.rules.acme; - -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.ValueSource; - -import static org.junit.jupiter.api.Assertions.*; - -class IpCalcTest { - - @Test - public void basic() { - Assertions.assertThrows(IllegalArgumentException.class, () -> IpCalc.cidr("192.168.1.1/24").addresses()); - assertEquals(256, IpCalc.cidr("192.168.1.0/24").addresses().size()); - assertEquals(128, IpCalc.cidr("192.168.1.128/25").addresses().size()); - } - - @ParameterizedTest - @ValueSource(strings = { - "192.168.1.0/24", - "192.168.1.128/25", - }) - public void testParsing(String s) { - assertEquals(s, IpCalc.cidr(s).toString()); - } -} diff --git a/module/ri-engine/src/test/java/io/trygvis/rules/network/IpCalcTest.java b/module/ri-engine/src/test/java/io/trygvis/rules/network/IpCalcTest.java new file mode 100644 index 0000000..e0642d6 --- /dev/null +++ b/module/ri-engine/src/test/java/io/trygvis/rules/network/IpCalcTest.java @@ -0,0 +1,27 @@ +package io.trygvis.rules.network; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; + +class IpCalcTest { + + @Test + public void basic() { + assertThrows(IllegalArgumentException.class, () -> IpCalc.cidr("192.168.1.1/24").addresses()); + assertEquals(256, IpCalc.cidr("192.168.1.0/24").addresses().size()); + assertEquals(128, IpCalc.cidr("192.168.1.128/25").addresses().size()); + } + + @ParameterizedTest + @ValueSource(strings = { + "192.168.1.0/24", + "192.168.1.128/25", + }) + public void testParsing(String s) { + assertEquals(s, IpCalc.cidr(s).toString()); + } +} diff --git a/module/ri-wireguard/src/main/java/io/trygvis/rules/acme/Foo.java b/module/ri-wireguard/src/main/java/io/trygvis/rules/acme/Foo.java deleted file mode 100644 index 44f5eba..0000000 --- a/module/ri-wireguard/src/main/java/io/trygvis/rules/acme/Foo.java +++ /dev/null @@ -1,7 +0,0 @@ -package io.trygvis.rules.acme; - -public class Foo { - public static void main(String[] args) { - System.out.println("Foo.main"); - } -} diff --git a/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml b/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml index 64cc4d2..f046259 100644 --- a/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml +++ b/module/ri-wireguard/src/main/resources/META-INF/kmodule.xml @@ -3,7 +3,7 @@ xmlns="http://www.drools.org/xsd/kmodule" xsi:schemaLocation="http://www.drools.org/xsd/kmodule https://www.drools.org/xsd/kmodule_7_1.xsd"> - + diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl deleted file mode 100644 index 7896953..0000000 --- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl +++ /dev/null @@ -1,105 +0,0 @@ -package io.trygvis.rules.acme; - -import java.util.ArrayList -import io.trygvis.rules.machine.Machine; -import io.trygvis.rules.dns.DnsEntry; -import io.trygvis.rules.acme.AcmeServer -import io.trygvis.rules.network.Ipv4Address -import io.trygvis.rules.network.Ipv4Cidr - -dialect "mvel" - -declare WgNet - name : String - domain : String - linkCidr : String - networkCidr : String -end - -declare WgIpPool - net : String - role : String - cidr : Ipv4Cidr -end - -rule "Create link network" when - $net : WgNet() - not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) -then - insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) - insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) -end - -declare WgHost - name : String - net : String - publicName : String - netToNetIp : String - networkIp : String -end - -rule "WgHost VPN machines" -when - $machine : Machine() - $wgNet : WgNet(name == "vpn0") - not(WgHost(name == $machine.name)) -then - var wgHost = new WgHost(); - wgHost.name = $machine.name; - wgHost.net = $wgNet.name; - wgHost.publicName = $machine.fqdn; - insert(wgHost) -end - -rule "Set public name of WgHost" -when - $host : WgHost(publicName == null) - $m : Machine(name == $host.name, fqdn != null) -then - modify($host) { - publicName = $m.fqdn - } -end - -rule "Make DNS entries for all VPN hosts" -when - $h : WgHost() - $net : WgNet(name == $h.net) - not(DnsEntry(fqdn == "%s.%s".formatted($h.name, $net.domain), type == "A")) -then - var fqdn = "%s.%s".formatted($h.name, $net.domain); - insert(DnsEntry.a(fqdn)) -end - -declare WgConnection - host : String - to : String -end - -rule "Connect VPN nodes" - salience -1 -when - $h : WgHost() - $other : WgHost(publicName != null, name != $h.name) -then - insert(new WgConnection($h.name, $other.name)) -end - -declare WgIpAllocation - host : String - role : String - ip : Ipv4Address -end - -rule "Assign IP" -when - $net : WgNet() - $host : WgHost(net == $net.name) - $pool : WgIpPool(net == $net.name) - not(WgIpAllocation(host == $host.name, role == $pool.role)) - $ip : Ipv4Address() from $pool.cidr.addresses() - not(WgIpAllocation(ip == $ip)) -then - System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); - insert(new WgIpAllocation($host.name, $pool.role, $ip)) -end diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl new file mode 100644 index 0000000..342cbb5 --- /dev/null +++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl @@ -0,0 +1,105 @@ +package io.trygvis.rules.wireguard; + +import java.util.ArrayList +import io.trygvis.rules.dns.DnsEntry; +import io.trygvis.rules.machine.Machine; +import io.trygvis.rules.network.Ipv4Address +import io.trygvis.rules.network.Ipv4Cidr +import io.trygvis.rules.network.IpCalc + +dialect "mvel" + +declare WgNet + name : String + domain : String + linkCidr : String + networkCidr : String +end + +declare WgIpPool + net : String + role : String + cidr : Ipv4Cidr +end + +rule "Create link network" when + $net : WgNet() + not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) +then + insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) + insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) +end + +declare WgHost + name : String + net : String + publicName : String + netToNetIp : String + networkIp : String +end + +rule "WgHost VPN machines" +when + $machine : Machine() + $wgNet : WgNet(name == "vpn0") + not(WgHost(name == $machine.name)) +then + var wgHost = new WgHost(); + wgHost.name = $machine.name; + wgHost.net = $wgNet.name; + wgHost.publicName = $machine.fqdn; + insert(wgHost) +end + +rule "Set public name of WgHost" +when + $host : WgHost(publicName == null) + $m : Machine(name == $host.name, fqdn != null) +then + modify($host) { + publicName = $m.fqdn + } +end + +rule "Make DNS entries for all VPN hosts" +when + $h : WgHost() + $net : WgNet(name == $h.net) + not(DnsEntry(fqdn == "%s.%s".formatted($h.name, $net.domain), type == "A")) +then + var fqdn = "%s.%s".formatted($h.name, $net.domain); + insert(DnsEntry.a(fqdn)) +end + +declare WgConnection + host : String + to : String +end + +rule "Connect VPN nodes" + salience -1 +when + $h : WgHost() + $other : WgHost(publicName != null, name != $h.name) +then + insert(new WgConnection($h.name, $other.name)) +end + +declare WgIpAllocation + host : String + role : String + ip : Ipv4Address +end + +rule "Assign IP" +when + $net : WgNet() + $host : WgHost(net == $net.name) + $pool : WgIpPool(net == $net.name) + not(WgIpAllocation(host == $host.name, role == $pool.role)) + $ip : Ipv4Address() from $pool.cidr.addresses() + not(WgIpAllocation(ip == $ip)) +then + System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); + insert(new WgIpAllocation($host.name, $pool.role, $ip)) +end diff --git a/out/phase-1.yaml b/out/phase-1.yaml index c0d093a..9ebaa02 100644 --- a/out/phase-1.yaml +++ b/out/phase-1.yaml @@ -30,197 +30,6 @@ data: name: "acme-3" fqdn: "acme-3.machine.acme.com" --- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "acme-1" - to: "acme-2" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "acme-1" - to: "acme-3" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "acme-2" - to: "acme-1" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "acme-2" - to: "acme-3" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "acme-3" - to: "acme-1" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "acme-3" - to: "acme-2" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "ws-1" - to: "acme-1" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "ws-1" - to: "acme-2" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "ws-1" - to: "acme-3" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "ws-2" - to: "acme-1" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "ws-2" - to: "acme-2" ---- -type: "io.trygvis.rules.acme.WgConnection" -data: - host: "ws-2" - to: "acme-3" ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-1" - net: "vpn0" - publicName: "acme-1.machine.acme.com" - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-2" - net: "vpn0" - publicName: "acme-2.machine.acme.com" - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-3" - net: "vpn0" - publicName: "acme-3.machine.acme.com" - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "ws-1" - net: "vpn0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "ws-2" - net: "vpn0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "acme-1" - role: "link" - ip: - value: "192.168.10.4" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "acme-1" - role: "network" - ip: - value: "10.55.55.4" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "acme-2" - role: "link" - ip: - value: "192.168.10.3" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "acme-2" - role: "network" - ip: - value: "10.55.55.3" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "acme-3" - role: "link" - ip: - value: "192.168.10.2" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "acme-3" - role: "network" - ip: - value: "10.55.55.2" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "ws-1" - role: "link" - ip: - value: "192.168.10.1" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "ws-1" - role: "network" - ip: - value: "10.55.55.1" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "ws-2" - role: "link" - ip: - value: "192.168.10.0" ---- -type: "io.trygvis.rules.acme.WgIpAllocation" -data: - host: "ws-2" - role: "network" - ip: - value: "10.55.55.0" ---- -type: "io.trygvis.rules.acme.WgIpPool" -data: - net: "vpn0" - role: "link" - cidr: - value: "192.168.10.0/29" ---- -type: "io.trygvis.rules.acme.WgIpPool" -data: - net: "vpn0" - role: "network" - cidr: - value: "10.55.55.0/24" ---- -type: "io.trygvis.rules.acme.WgNet" -data: - name: "vpn0" - domain: "vpn.acme.com" - linkCidr: "192.168.10.0/29" - networkCidr: "10.55.55.0/24" ---- type: "io.trygvis.rules.dba.Cluster" data: name: "acme-ci" @@ -486,3 +295,194 @@ data: name: "ws-2" fqdn: null key: "ws-2" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "acme-1" + to: "acme-2" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "acme-1" + to: "acme-3" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "acme-2" + to: "acme-1" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "acme-2" + to: "acme-3" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "acme-3" + to: "acme-1" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "acme-3" + to: "acme-2" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "ws-1" + to: "acme-1" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "ws-1" + to: "acme-2" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "ws-1" + to: "acme-3" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "ws-2" + to: "acme-1" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "ws-2" + to: "acme-2" +--- +type: "io.trygvis.rules.wireguard.WgConnection" +data: + host: "ws-2" + to: "acme-3" +--- +type: "io.trygvis.rules.wireguard.WgHost" +data: + name: "acme-1" + net: "vpn0" + publicName: "acme-1.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.wireguard.WgHost" +data: + name: "acme-2" + net: "vpn0" + publicName: "acme-2.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.wireguard.WgHost" +data: + name: "acme-3" + net: "vpn0" + publicName: "acme-3.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.wireguard.WgHost" +data: + name: "ws-1" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.wireguard.WgHost" +data: + name: "ws-2" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "acme-1" + role: "link" + ip: + value: "192.168.10.4" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "acme-1" + role: "network" + ip: + value: "10.55.55.4" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "acme-2" + role: "link" + ip: + value: "192.168.10.3" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "acme-2" + role: "network" + ip: + value: "10.55.55.3" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "acme-3" + role: "link" + ip: + value: "192.168.10.2" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "acme-3" + role: "network" + ip: + value: "10.55.55.2" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "ws-1" + role: "link" + ip: + value: "192.168.10.1" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "ws-1" + role: "network" + ip: + value: "10.55.55.1" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "ws-2" + role: "link" + ip: + value: "192.168.10.0" +--- +type: "io.trygvis.rules.wireguard.WgIpAllocation" +data: + host: "ws-2" + role: "network" + ip: + value: "10.55.55.0" +--- +type: "io.trygvis.rules.wireguard.WgIpPool" +data: + net: "vpn0" + role: "link" + cidr: + value: "192.168.10.0/29" +--- +type: "io.trygvis.rules.wireguard.WgIpPool" +data: + net: "vpn0" + role: "network" + cidr: + value: "10.55.55.0/24" +--- +type: "io.trygvis.rules.wireguard.WgNet" +data: + name: "vpn0" + domain: "vpn.acme.com" + linkCidr: "192.168.10.0/29" + networkCidr: "10.55.55.0/24" diff --git a/out/vpn0.yaml b/out/vpn0.yaml index fb8c684..4601931 100644 --- a/out/vpn0.yaml +++ b/out/vpn0.yaml @@ -1,65 +1,130 @@ --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-1.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-1.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-2.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-2.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-3.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-3.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "ws-1.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "ws-2.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "acme-1" + fqdn: "acme-1.machine.acme.com" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "ws-1" + fqdn: null +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "ws-2" + fqdn: null +--- +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "acme-1" to: "acme-2" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "acme-1" to: "acme-3" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "acme-2" to: "acme-1" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "acme-2" to: "acme-3" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "acme-3" to: "acme-1" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "acme-3" to: "acme-2" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "ws-1" to: "acme-1" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "ws-1" to: "acme-2" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "ws-1" to: "acme-3" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "ws-2" to: "acme-1" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "ws-2" to: "acme-2" --- -type: "io.trygvis.rules.acme.WgConnection" +type: "io.trygvis.rules.wireguard.WgConnection" data: host: "ws-2" to: "acme-3" --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.wireguard.WgHost" data: name: "acme-1" net: "vpn0" @@ -67,7 +132,7 @@ data: netToNetIp: null networkIp: null --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.wireguard.WgHost" data: name: "acme-2" net: "vpn0" @@ -75,7 +140,7 @@ data: netToNetIp: null networkIp: null --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.wireguard.WgHost" data: name: "acme-3" net: "vpn0" @@ -83,7 +148,7 @@ data: netToNetIp: null networkIp: null --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.wireguard.WgHost" data: name: "ws-1" net: "vpn0" @@ -91,7 +156,7 @@ data: netToNetIp: null networkIp: null --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.wireguard.WgHost" data: name: "ws-2" net: "vpn0" @@ -99,158 +164,93 @@ data: netToNetIp: null networkIp: null --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "acme-1" role: "link" ip: value: "192.168.10.4" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "acme-1" role: "network" ip: value: "10.55.55.4" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "acme-2" role: "link" ip: value: "192.168.10.3" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "acme-2" role: "network" ip: value: "10.55.55.3" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "acme-3" role: "link" ip: value: "192.168.10.2" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "acme-3" role: "network" ip: value: "10.55.55.2" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "ws-1" role: "link" ip: value: "192.168.10.1" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "ws-1" role: "network" ip: value: "10.55.55.1" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "ws-2" role: "link" ip: value: "192.168.10.0" --- -type: "io.trygvis.rules.acme.WgIpAllocation" +type: "io.trygvis.rules.wireguard.WgIpAllocation" data: host: "ws-2" role: "network" ip: value: "10.55.55.0" --- -type: "io.trygvis.rules.acme.WgIpPool" +type: "io.trygvis.rules.wireguard.WgIpPool" data: net: "vpn0" role: "link" cidr: value: "192.168.10.0/29" --- -type: "io.trygvis.rules.acme.WgIpPool" +type: "io.trygvis.rules.wireguard.WgIpPool" data: net: "vpn0" role: "network" cidr: value: "10.55.55.0/24" --- -type: "io.trygvis.rules.acme.WgNet" +type: "io.trygvis.rules.wireguard.WgNet" data: name: "vpn0" domain: "vpn.acme.com" linkCidr: "192.168.10.0/29" networkCidr: "10.55.55.0/24" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-1.machine.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-1.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-2.machine.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-2.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-3.machine.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-3.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "ws-1.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "ws-2.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "acme-1" - fqdn: "acme-1.machine.acme.com" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "acme-2" - fqdn: "acme-2.machine.acme.com" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "ws-1" - fqdn: null ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "ws-2" - fqdn: null -- cgit v1.2.3