103 lines
3.3 KiB
TypeScript
103 lines
3.3 KiB
TypeScript
import * as pulumi from "@pulumi/pulumi";
|
|
import { Group, Policy, SetupKey, NetBirdConfig } from "./netbird";
|
|
import { groups as groupConfigs, policies as policyConfigs, setupKeys as setupKeyConfigs } from "./config";
|
|
|
|
// =============================================================================
|
|
// Configuration
|
|
// =============================================================================
|
|
const config = new pulumi.Config("netbird");
|
|
const netbirdConfig: NetBirdConfig = {
|
|
url: config.require("url"),
|
|
token: config.requireSecret("token"),
|
|
};
|
|
|
|
// =============================================================================
|
|
// Create Groups from Config
|
|
// =============================================================================
|
|
const groups: Record<string, Group> = {};
|
|
|
|
for (const cfg of groupConfigs) {
|
|
groups[cfg.name] = new Group(
|
|
cfg.name,
|
|
{ name: cfg.name, peers: [] },
|
|
netbirdConfig
|
|
);
|
|
}
|
|
|
|
// =============================================================================
|
|
// Create Policies from Config
|
|
// =============================================================================
|
|
const policies: Record<string, Policy> = {};
|
|
|
|
for (const cfg of policyConfigs) {
|
|
// Resolve group names to group IDs
|
|
const rules = cfg.rules.map((rule) => ({
|
|
name: rule.name,
|
|
description: rule.description || "",
|
|
enabled: true,
|
|
sources: rule.sources.map((name) => groups[name].id),
|
|
destinations: rule.destinations.map((name) => groups[name].id),
|
|
bidirectional: rule.bidirectional ?? true,
|
|
protocol: rule.protocol || "all",
|
|
action: "accept" as const,
|
|
}));
|
|
|
|
// Collect all referenced groups for dependencies
|
|
const referencedGroups = [
|
|
...new Set([
|
|
...cfg.rules.flatMap((r) => r.sources),
|
|
...cfg.rules.flatMap((r) => r.destinations),
|
|
]),
|
|
].map((name) => groups[name]);
|
|
|
|
policies[cfg.name] = new Policy(
|
|
cfg.name,
|
|
{
|
|
name: cfg.name,
|
|
description: cfg.description || "",
|
|
enabled: true,
|
|
rules,
|
|
},
|
|
netbirdConfig,
|
|
{ dependsOn: referencedGroups }
|
|
);
|
|
}
|
|
|
|
// =============================================================================
|
|
// Create Setup Keys from Config
|
|
// =============================================================================
|
|
const setupKeys: Record<string, SetupKey> = {};
|
|
|
|
for (const cfg of setupKeyConfigs) {
|
|
const referencedGroups = cfg.groups.map((name) => groups[name]);
|
|
|
|
setupKeys[cfg.name] = new SetupKey(
|
|
cfg.name,
|
|
{
|
|
name: cfg.name,
|
|
type: cfg.type || "reusable",
|
|
autoGroups: cfg.groups.map((name) => groups[name].id),
|
|
usageLimit: cfg.usageLimit ?? 0,
|
|
expiresIn: (cfg.expiresInDays ?? 0) * 24 * 60 * 60, // Convert days to seconds
|
|
ephemeral: false,
|
|
},
|
|
netbirdConfig,
|
|
{ dependsOn: referencedGroups }
|
|
);
|
|
}
|
|
|
|
// =============================================================================
|
|
// Outputs
|
|
// =============================================================================
|
|
export const groupIds = Object.fromEntries(
|
|
Object.entries(groups).map(([name, group]) => [name, group.id])
|
|
);
|
|
|
|
export const policyIds = Object.fromEntries(
|
|
Object.entries(policies).map(([name, policy]) => [name, policy.id])
|
|
);
|
|
|
|
export const setupKeyValues = Object.fromEntries(
|
|
Object.entries(setupKeys).map(([name, key]) => [name, pulumi.secret(key.key)])
|
|
);
|