import * as pulumi from "@pulumi/pulumi"; import { Group, Policy, SetupKey, NetBirdConfig } from "./netbird"; // ============================================================================= // Configuration // ============================================================================= const config = new pulumi.Config("netbird"); const netbirdConfig: NetBirdConfig = { url: config.require("url"), token: config.requireSecret("token"), }; // ============================================================================= // Groups - Achilles Network Structure // ============================================================================= const groups = { groundStations: new Group( "ground-stations", { name: "ground-stations", peers: [] }, netbirdConfig ), pilots: new Group("pilots", { name: "pilots", peers: [] }, netbirdConfig), operators: new Group( "operators", { name: "operators", peers: [] }, netbirdConfig ), fusionServers: new Group( "fusion-servers", { name: "fusion-servers", peers: [] }, netbirdConfig ), }; // ============================================================================= // Policies - Access Control // ============================================================================= const policies = { pilotToGs: new Policy( "pilot-to-ground-station", { name: "pilot-to-ground-station", description: "Allow pilots to connect to ground stations", enabled: true, rules: [ { name: "pilot-gs-access", description: "Pilots can access ground stations", enabled: true, sources: [groups.pilots.id], destinations: [groups.groundStations.id], bidirectional: true, protocol: "all", action: "accept", }, ], }, netbirdConfig, { dependsOn: [groups.pilots, groups.groundStations] } ), operatorFullAccess: new Policy( "operator-full-access", { name: "operator-full-access", description: "Operators can access all network resources", enabled: true, rules: [ { name: "operator-all", description: "Full operator access", enabled: true, sources: [groups.operators.id], destinations: [ groups.groundStations.id, groups.pilots.id, groups.fusionServers.id, ], bidirectional: true, protocol: "all", action: "accept", }, ], }, netbirdConfig, { dependsOn: [ groups.operators, groups.groundStations, groups.pilots, groups.fusionServers, ], } ), fusionToGs: new Policy( "fusion-to-ground-station", { name: "fusion-to-ground-station", description: "Fusion servers coordinate with ground stations", enabled: true, rules: [ { name: "fusion-gs", description: "Fusion to GS access", enabled: true, sources: [groups.fusionServers.id], destinations: [groups.groundStations.id], bidirectional: true, protocol: "all", action: "accept", }, ], }, netbirdConfig, { dependsOn: [groups.fusionServers, groups.groundStations] } ), }; // ============================================================================= // Setup Keys - Peer Onboarding // ============================================================================= const setupKeys = { gsOnboarding: new SetupKey( "ground-station-onboarding", { name: "ground-station-onboarding", type: "reusable", autoGroups: [groups.groundStations.id], usageLimit: 0, expiresIn: 0, ephemeral: false, }, netbirdConfig, { dependsOn: [groups.groundStations] } ), pilotOnboarding: new SetupKey( "pilot-onboarding", { name: "pilot-onboarding", type: "reusable", autoGroups: [groups.pilots.id], usageLimit: 0, expiresIn: 2592000, // 30 days ephemeral: false, }, netbirdConfig, { dependsOn: [groups.pilots] } ), }; // ============================================================================= // Outputs // ============================================================================= export const groupIds = { groundStations: groups.groundStations.id, pilots: groups.pilots.id, operators: groups.operators.id, fusionServers: groups.fusionServers.id, }; export const gsSetupKey = pulumi.secret(setupKeys.gsOnboarding.key); export const pilotSetupKey = pulumi.secret(setupKeys.pilotOnboarding.key);