From b40cab15f4d01a4e8455e5808ca82e40ff291a92 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Wed, 6 Jan 2021 12:12:39 +0100 Subject: Renaming VPN stuff to wireguard. --- .../main/resources/io/trygvis/rules/acme/vpn.drl | 105 --------------------- .../io/trygvis/rules/wireguard/wireguard.drl | 105 +++++++++++++++++++++ 2 files changed, 105 insertions(+), 105 deletions(-) delete mode 100644 module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl create mode 100644 module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl (limited to 'module/ri-wireguard/src/main/resources/io/trygvis') diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl deleted file mode 100644 index 7896953..0000000 --- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/acme/vpn.drl +++ /dev/null @@ -1,105 +0,0 @@ -package io.trygvis.rules.acme; - -import java.util.ArrayList -import io.trygvis.rules.machine.Machine; -import io.trygvis.rules.dns.DnsEntry; -import io.trygvis.rules.acme.AcmeServer -import io.trygvis.rules.network.Ipv4Address -import io.trygvis.rules.network.Ipv4Cidr - -dialect "mvel" - -declare WgNet - name : String - domain : String - linkCidr : String - networkCidr : String -end - -declare WgIpPool - net : String - role : String - cidr : Ipv4Cidr -end - -rule "Create link network" when - $net : WgNet() - not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) -then - insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) - insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) -end - -declare WgHost - name : String - net : String - publicName : String - netToNetIp : String - networkIp : String -end - -rule "WgHost VPN machines" -when - $machine : Machine() - $wgNet : WgNet(name == "vpn0") - not(WgHost(name == $machine.name)) -then - var wgHost = new WgHost(); - wgHost.name = $machine.name; - wgHost.net = $wgNet.name; - wgHost.publicName = $machine.fqdn; - insert(wgHost) -end - -rule "Set public name of WgHost" -when - $host : WgHost(publicName == null) - $m : Machine(name == $host.name, fqdn != null) -then - modify($host) { - publicName = $m.fqdn - } -end - -rule "Make DNS entries for all VPN hosts" -when - $h : WgHost() - $net : WgNet(name == $h.net) - not(DnsEntry(fqdn == "%s.%s".formatted($h.name, $net.domain), type == "A")) -then - var fqdn = "%s.%s".formatted($h.name, $net.domain); - insert(DnsEntry.a(fqdn)) -end - -declare WgConnection - host : String - to : String -end - -rule "Connect VPN nodes" - salience -1 -when - $h : WgHost() - $other : WgHost(publicName != null, name != $h.name) -then - insert(new WgConnection($h.name, $other.name)) -end - -declare WgIpAllocation - host : String - role : String - ip : Ipv4Address -end - -rule "Assign IP" -when - $net : WgNet() - $host : WgHost(net == $net.name) - $pool : WgIpPool(net == $net.name) - not(WgIpAllocation(host == $host.name, role == $pool.role)) - $ip : Ipv4Address() from $pool.cidr.addresses() - not(WgIpAllocation(ip == $ip)) -then - System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); - insert(new WgIpAllocation($host.name, $pool.role, $ip)) -end diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl new file mode 100644 index 0000000..342cbb5 --- /dev/null +++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl @@ -0,0 +1,105 @@ +package io.trygvis.rules.wireguard; + +import java.util.ArrayList +import io.trygvis.rules.dns.DnsEntry; +import io.trygvis.rules.machine.Machine; +import io.trygvis.rules.network.Ipv4Address +import io.trygvis.rules.network.Ipv4Cidr +import io.trygvis.rules.network.IpCalc + +dialect "mvel" + +declare WgNet + name : String + domain : String + linkCidr : String + networkCidr : String +end + +declare WgIpPool + net : String + role : String + cidr : Ipv4Cidr +end + +rule "Create link network" when + $net : WgNet() + not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) +then + insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) + insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) +end + +declare WgHost + name : String + net : String + publicName : String + netToNetIp : String + networkIp : String +end + +rule "WgHost VPN machines" +when + $machine : Machine() + $wgNet : WgNet(name == "vpn0") + not(WgHost(name == $machine.name)) +then + var wgHost = new WgHost(); + wgHost.name = $machine.name; + wgHost.net = $wgNet.name; + wgHost.publicName = $machine.fqdn; + insert(wgHost) +end + +rule "Set public name of WgHost" +when + $host : WgHost(publicName == null) + $m : Machine(name == $host.name, fqdn != null) +then + modify($host) { + publicName = $m.fqdn + } +end + +rule "Make DNS entries for all VPN hosts" +when + $h : WgHost() + $net : WgNet(name == $h.net) + not(DnsEntry(fqdn == "%s.%s".formatted($h.name, $net.domain), type == "A")) +then + var fqdn = "%s.%s".formatted($h.name, $net.domain); + insert(DnsEntry.a(fqdn)) +end + +declare WgConnection + host : String + to : String +end + +rule "Connect VPN nodes" + salience -1 +when + $h : WgHost() + $other : WgHost(publicName != null, name != $h.name) +then + insert(new WgConnection($h.name, $other.name)) +end + +declare WgIpAllocation + host : String + role : String + ip : Ipv4Address +end + +rule "Assign IP" +when + $net : WgNet() + $host : WgHost(net == $net.name) + $pool : WgIpPool(net == $net.name) + not(WgIpAllocation(host == $host.name, role == $pool.role)) + $ip : Ipv4Address() from $pool.cidr.addresses() + not(WgIpAllocation(ip == $ip)) +then + System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); + insert(new WgIpAllocation($host.name, $pool.role, $ip)) +end -- cgit v1.2.3