165 lines
4.6 KiB
TypeScript
165 lines
4.6 KiB
TypeScript
import * as pulumi from "@pulumi/pulumi";
|
|
import { Group, Policy, SetupKey, NetBirdConfig } from "./netbird";
|
|
|
|
// =============================================================================
|
|
// Configuration
|
|
// =============================================================================
|
|
const config = new pulumi.Config("netbird");
|
|
const netbirdConfig: NetBirdConfig = {
|
|
url: config.require("url"),
|
|
token: config.requireSecret("token"),
|
|
};
|
|
|
|
// =============================================================================
|
|
// Groups - Achilles Network Structure
|
|
// =============================================================================
|
|
const groups = {
|
|
groundStations: new Group(
|
|
"ground-stations",
|
|
{ name: "ground-stations", peers: [] },
|
|
netbirdConfig
|
|
),
|
|
pilots: new Group("pilots", { name: "pilots", peers: [] }, netbirdConfig),
|
|
operators: new Group(
|
|
"operators",
|
|
{ name: "operators", peers: [] },
|
|
netbirdConfig
|
|
),
|
|
fusionServers: new Group(
|
|
"fusion-servers",
|
|
{ name: "fusion-servers", peers: [] },
|
|
netbirdConfig
|
|
),
|
|
};
|
|
|
|
// =============================================================================
|
|
// Policies - Access Control
|
|
// =============================================================================
|
|
const policies = {
|
|
pilotToGs: new Policy(
|
|
"pilot-to-ground-station",
|
|
{
|
|
name: "pilot-to-ground-station",
|
|
description: "Allow pilots to connect to ground stations",
|
|
enabled: true,
|
|
rules: [
|
|
{
|
|
name: "pilot-gs-access",
|
|
description: "Pilots can access ground stations",
|
|
enabled: true,
|
|
sources: [groups.pilots.id],
|
|
destinations: [groups.groundStations.id],
|
|
bidirectional: true,
|
|
protocol: "all",
|
|
action: "accept",
|
|
},
|
|
],
|
|
},
|
|
netbirdConfig,
|
|
{ dependsOn: [groups.pilots, groups.groundStations] }
|
|
),
|
|
|
|
operatorFullAccess: new Policy(
|
|
"operator-full-access",
|
|
{
|
|
name: "operator-full-access",
|
|
description: "Operators can access all network resources",
|
|
enabled: true,
|
|
rules: [
|
|
{
|
|
name: "operator-all",
|
|
description: "Full operator access",
|
|
enabled: true,
|
|
sources: [groups.operators.id],
|
|
destinations: [
|
|
groups.groundStations.id,
|
|
groups.pilots.id,
|
|
groups.fusionServers.id,
|
|
],
|
|
bidirectional: true,
|
|
protocol: "all",
|
|
action: "accept",
|
|
},
|
|
],
|
|
},
|
|
netbirdConfig,
|
|
{
|
|
dependsOn: [
|
|
groups.operators,
|
|
groups.groundStations,
|
|
groups.pilots,
|
|
groups.fusionServers,
|
|
],
|
|
}
|
|
),
|
|
|
|
fusionToGs: new Policy(
|
|
"fusion-to-ground-station",
|
|
{
|
|
name: "fusion-to-ground-station",
|
|
description: "Fusion servers coordinate with ground stations",
|
|
enabled: true,
|
|
rules: [
|
|
{
|
|
name: "fusion-gs",
|
|
description: "Fusion to GS access",
|
|
enabled: true,
|
|
sources: [groups.fusionServers.id],
|
|
destinations: [groups.groundStations.id],
|
|
bidirectional: true,
|
|
protocol: "all",
|
|
action: "accept",
|
|
},
|
|
],
|
|
},
|
|
netbirdConfig,
|
|
{ dependsOn: [groups.fusionServers, groups.groundStations] }
|
|
),
|
|
};
|
|
|
|
// =============================================================================
|
|
// Setup Keys - Peer Onboarding
|
|
// =============================================================================
|
|
const setupKeys = {
|
|
gsOnboarding: new SetupKey(
|
|
"ground-station-onboarding",
|
|
{
|
|
name: "ground-station-onboarding",
|
|
type: "reusable",
|
|
autoGroups: [groups.groundStations.id],
|
|
usageLimit: 0,
|
|
expiresIn: 0,
|
|
ephemeral: false,
|
|
},
|
|
netbirdConfig,
|
|
{ dependsOn: [groups.groundStations] }
|
|
),
|
|
|
|
pilotOnboarding: new SetupKey(
|
|
"pilot-onboarding",
|
|
{
|
|
name: "pilot-onboarding",
|
|
type: "reusable",
|
|
autoGroups: [groups.pilots.id],
|
|
usageLimit: 0,
|
|
expiresIn: 2592000, // 30 days
|
|
ephemeral: false,
|
|
},
|
|
netbirdConfig,
|
|
{ dependsOn: [groups.pilots] }
|
|
),
|
|
};
|
|
|
|
// =============================================================================
|
|
// Outputs
|
|
// =============================================================================
|
|
export const groupIds = {
|
|
groundStations: groups.groundStations.id,
|
|
pilots: groups.pilots.id,
|
|
operators: groups.operators.id,
|
|
fusionServers: groups.fusionServers.id,
|
|
};
|
|
|
|
export const gsSetupKey = pulumi.secret(setupKeys.gsOnboarding.key);
|
|
export const pilotSetupKey = pulumi.secret(setupKeys.pilotOnboarding.key);
|