From 70d0ad3c9f37e44a9504a0d7f66e412a3f3bba6f Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Thu, 7 Jan 2021 12:20:02 +0100 Subject: More Wireguard. Fixing broken myapps too. --- .../io/trygvis/rules/wireguard/wireguard.drl | 79 +++++++++++++++------- 1 file changed, 53 insertions(+), 26 deletions(-) (limited to 'module/ri-wireguard/src/main/resources/io/trygvis') diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl index 06b9bbf..2e4498f 100644 --- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl +++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl @@ -17,6 +17,7 @@ declare WgNet domain : String linkCidr : String networkCidr : String + networkBits : int end declare WgIpPool @@ -25,14 +26,6 @@ declare WgIpPool cidr : Ipv4Cidr end -rule "Create link network" when - $net : WgNet() - not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) -then - insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) - insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) -end - declare WgHost name : String net : String @@ -41,6 +34,32 @@ declare WgHost networkIp : String end +declare WgConnection + host : String + to : String +end + +declare WgIpAllocation + host : String + role : String + ip : Ipv4Address +end + +declare WgNetworkAllocation + host : String + role : String + cidr : Ipv4Cidr +end + +rule "Create IP pools" when + $net : WgNet() +// not(Ipv4Cidr(network == Ipv4Cidr.parseCidr($net.linkCidr).network)) +then + System.out.println("Creating main IP pools"); + insert(new WgIpPool($net.name, "link", Ipv4Cidr.parseCidr($net.linkCidr))) + insert(new WgIpPool($net.name, "networks", Ipv4Cidr.parseCidr($net.networkCidr))) +end + rule "WgHost VPN machines" when $machine : Machine() @@ -74,31 +93,21 @@ then insert(DnsEntry.a(fqdn)) end -declare WgConnection - host : String - to : String -end - rule "Connect VPN nodes" salience -1 when $h : WgHost() $other : WgHost(publicName != null, name != $h.name) then + System.out.printf("VPN connection from %s to %s%n", $h.name, $other.name); insert(new WgConnection($h.name, $other.name)) end -declare WgIpAllocation - host : String - role : String - ip : Ipv4Address -end - -rule "Assign IP" +rule "Assign link IP" when $net : WgNet() $host : WgHost(net == $net.name) - $pool : WgIpPool(net == $net.name) + $pool : WgIpPool(net == $net.name, role == "link") not(WgIpAllocation(host == $host.name, role == $pool.role)) $ip : Ipv4Address() from $pool.cidr.addresses() not(WgIpAllocation(ip == $ip)) @@ -107,17 +116,33 @@ then insert(new WgIpAllocation($host.name, $pool.role, $ip)) end +rule "Assign network CIDR" +when + $net : WgNet() + $host : WgHost(net == $net.name) + $network : Ipv4Cidr() from Ipv4Cidr.parseCidr($net.networkCidr).partition($net.networkBits) + not(WgNetworkAllocation(host == $host.name, role == "network")) + not(WgNetworkAllocation(cidr == $network)) +then + System.out.printf("Network CIDR: net=%s, host=%s, network=%s%n", $net.name, $host.name, $network); + insert(new WgNetworkAllocation($host.name, "network", $network)) +end + rule "Generate per-net files" agenda-group "generate" salience 10 when $net : WgNet() + $names : ArrayList() from accumulate(WgHost(net == $net.name, $name: name), collectList($name)) + $hosts : ArrayList() from accumulate(Machine($names contains name, $m: this), collectList($m)) then te.template("wireguard/ansible", "wireguard-" + $net.name + ".yml", Map.of( "net", $net )); - // TODO: Generate hosts file + te.template("wireguard/inventory", "inventory.yml", Map.of( + "hosts", $hosts + )); end rule "Generate per-net, per-host files" @@ -127,10 +152,11 @@ when $net : WgNet() $host : WgHost(net == $net.name) $link : WgIpAllocation(host == $host.name, role == "link") - // Needs to be a sub-cidr of the WgNet network cidr, not a specific IP - $network : WgIpAllocation(host == $host.name, role == "network") + $network : WgNetworkAllocation(host == $host.name, role == "network") + $peerMachines : ArrayList() from accumulate(WgConnection(host == $host.name, $to: to), collectList($to)) + $peers : ArrayList() from accumulate(Machine($peerMachines contains name, $fqdn: fqdn), collectList($fqdn)) then - System.out.printf("%s : %s%n", $net.name, $host.name); + System.out.printf("Generating per-host files: net=%s, host=%s%n", $net.name, $host.name); String output = "host_vars/%s/wireguard.yml".formatted($host.name); @@ -138,6 +164,7 @@ then "net", $net, "host", $host, "link", $link.ip, - "network", "TODO" + "network", $network.cidr, + "peers", $peers )); end -- cgit v1.2.3