142 lines
3.8 KiB
TypeScript
142 lines
3.8 KiB
TypeScript
// =============================================================================
|
|
// NetBird Configuration
|
|
// =============================================================================
|
|
// Edit this file to add/modify groups, policies, and setup keys.
|
|
// Changes are applied via CI/CD when merged to main.
|
|
|
|
export interface GroupConfig {
|
|
name: string;
|
|
description?: string;
|
|
}
|
|
|
|
export interface PolicyRuleConfig {
|
|
name: string;
|
|
description?: string;
|
|
sources: string[]; // Group names
|
|
destinations: string[]; // Group names
|
|
bidirectional?: boolean;
|
|
protocol?: string;
|
|
}
|
|
|
|
export interface PolicyConfig {
|
|
name: string;
|
|
description?: string;
|
|
rules: PolicyRuleConfig[];
|
|
}
|
|
|
|
export interface SetupKeyConfig {
|
|
name: string;
|
|
groups: string[]; // Group names
|
|
type?: "one-off" | "reusable";
|
|
expiresInDays?: number; // 0 = never
|
|
usageLimit?: number; // 0 = unlimited
|
|
}
|
|
|
|
// =============================================================================
|
|
// GROUPS
|
|
// =============================================================================
|
|
// Add new groups here. They define logical groupings of peers.
|
|
|
|
export const groups: GroupConfig[] = [
|
|
{ name: "ground-stations", description: "Ground station devices" },
|
|
{ name: "pilots", description: "Pilot control stations" },
|
|
{ name: "operators", description: "Operator workstations" },
|
|
{ name: "fusion-servers", description: "Data fusion servers" },
|
|
];
|
|
|
|
// =============================================================================
|
|
// POLICIES
|
|
// =============================================================================
|
|
// Define access control between groups.
|
|
|
|
export const policies: PolicyConfig[] = [
|
|
{
|
|
name: "pilot-to-ground-station",
|
|
description: "Allow pilots to connect to ground stations",
|
|
rules: [
|
|
{
|
|
name: "pilot-gs-access",
|
|
description: "Pilots can access ground stations",
|
|
sources: ["pilots"],
|
|
destinations: ["ground-stations"],
|
|
bidirectional: true,
|
|
protocol: "all",
|
|
},
|
|
],
|
|
},
|
|
{
|
|
name: "operator-full-access",
|
|
description: "Operators can access all network resources",
|
|
rules: [
|
|
{
|
|
name: "operator-all",
|
|
description: "Full operator access",
|
|
sources: ["operators"],
|
|
destinations: ["ground-stations", "pilots", "fusion-servers"],
|
|
bidirectional: true,
|
|
protocol: "all",
|
|
},
|
|
],
|
|
},
|
|
{
|
|
name: "fusion-to-ground-station",
|
|
description: "Fusion servers coordinate with ground stations",
|
|
rules: [
|
|
{
|
|
name: "fusion-gs",
|
|
description: "Fusion to GS access",
|
|
sources: ["fusion-servers"],
|
|
destinations: ["ground-stations"],
|
|
bidirectional: true,
|
|
protocol: "all",
|
|
},
|
|
],
|
|
},
|
|
|
|
// Add new policies below:
|
|
// {
|
|
// name: "maintenance-access",
|
|
// description: "Maintenance team can access all devices",
|
|
// rules: [
|
|
// {
|
|
// name: "maintenance-all",
|
|
// sources: ["maintenance"],
|
|
// destinations: ["ground-stations", "pilots", "fusion-servers"],
|
|
// bidirectional: true,
|
|
// protocol: "all",
|
|
// },
|
|
// ],
|
|
// },
|
|
];
|
|
|
|
// =============================================================================
|
|
// SETUP KEYS
|
|
// =============================================================================
|
|
// Setup keys for enrolling new peers.
|
|
|
|
export const setupKeys: SetupKeyConfig[] = [
|
|
{
|
|
name: "ground-station-onboarding",
|
|
groups: ["ground-stations"],
|
|
type: "reusable",
|
|
expiresInDays: 0, // Never expires
|
|
usageLimit: 0, // Unlimited
|
|
},
|
|
{
|
|
name: "pilot-onboarding",
|
|
groups: ["pilots"],
|
|
type: "reusable",
|
|
expiresInDays: 30,
|
|
usageLimit: 0,
|
|
},
|
|
|
|
// Add new setup keys below:
|
|
// {
|
|
// name: "operator-onboarding",
|
|
// groups: ["operators"],
|
|
// type: "reusable",
|
|
// expiresInDays: 7,
|
|
// usageLimit: 10,
|
|
// },
|
|
];
|