admin/netbird-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
093b3ca5bd2bc5db4a7bc31334a41f107813c941
netbird-iac/config.ts
Prox 093b3ca5bd
All checks were successful
Pulumi / pulumi (push) Successful in 22s
Details
Add maintenance group
2026-02-15 17:30:32 +02:00

145 lines
4.0 KiB
TypeScript
Raw Blame History

// =============================================================================
// NetBird Configuration
// =============================================================================
// Edit this file to add/modify groups, policies, and setup keys.
// Changes are applied via CI/CD when merged to main.
export interface GroupConfig {
name: string;
description?: string;
}
export interface PolicyRuleConfig {
name: string;
description?: string;
sources: string[]; // Group names
destinations: string[]; // Group names
bidirectional?: boolean;
protocol?: string;
}
export interface PolicyConfig {
name: string;
description?: string;
rules: PolicyRuleConfig[];
}
export interface SetupKeyConfig {
name: string;
groups: string[]; // Group names
type?: "one-off" | "reusable";
expiresInDays?: number; // 0 = never
usageLimit?: number; // 0 = unlimited
}
// =============================================================================
// GROUPS
// =============================================================================
// Add new groups here. They define logical groupings of peers.
export const groups: GroupConfig[] = [
{ name: "ground-stations", description: "Ground station devices" },
{ name: "pilots", description: "Pilot control stations" },
{ name: "operators", description: "Operator workstations" },
{ name: "fusion-servers", description: "Data fusion servers" },
// New group added via GitOps
{ name: "maintenance", description: "Maintenance team devices" },
];
// =============================================================================
// POLICIES
// =============================================================================
// Define access control between groups.
export const policies: PolicyConfig[] = [
{
name: "pilot-to-ground-station",
description: "Allow pilots to connect to ground stations",
rules: [
{
name: "pilot-gs-access",
description: "Pilots can access ground stations",
sources: ["pilots"],
destinations: ["ground-stations"],
bidirectional: true,
protocol: "all",
},
],
},
{
name: "operator-full-access",
description: "Operators can access all network resources",
rules: [
{
name: "operator-all",
description: "Full operator access",
sources: ["operators"],
destinations: ["ground-stations", "pilots", "fusion-servers"],
bidirectional: true,
protocol: "all",
},
],
},
{
name: "fusion-to-ground-station",
description: "Fusion servers coordinate with ground stations",
rules: [
{
name: "fusion-gs",
description: "Fusion to GS access",
sources: ["fusion-servers"],
destinations: ["ground-stations"],
bidirectional: true,
protocol: "all",
},
],
},
// Add new policies below:
// {
// name: "maintenance-access",
// description: "Maintenance team can access all devices",
// rules: [
// {
// name: "maintenance-all",
// sources: ["maintenance"],
// destinations: ["ground-stations", "pilots", "fusion-servers"],
// bidirectional: true,
// protocol: "all",
// },
// ],
// },
];
// =============================================================================
// SETUP KEYS
// =============================================================================
// Setup keys for enrolling new peers.
export const setupKeys: SetupKeyConfig[] = [
{
name: "ground-station-onboarding",
groups: ["ground-stations"],
type: "reusable",
expiresInDays: 0, // Never expires
usageLimit: 0, // Unlimited
},
{
name: "pilot-onboarding",
groups: ["pilots"],
type: "reusable",
expiresInDays: 30,
usageLimit: 0,
},
// Add new setup keys below:
// {
// name: "operator-onboarding",
// groups: ["operators"],
// type: "reusable",
// expiresInDays: 7,
// usageLimit: 10,
// },
];
Reference in New Issue View Git Blame Copy Permalink