@highstate/library 0.7.2 → 0.7.3

package/dist/index.js

@@ -0,0 +1,2111 @@
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/common.ts
+var common_exports = {};
+__export(common_exports, {
+  endpointEntity: () => endpointEntity,
+  existingServer: () => existingServer,
+  serverEntity: () => serverEntity
+});
+import { defineEntity as defineEntity2, defineUnit as defineUnit2, Type as Type2 } from "@highstate/contract";
+
+// src/ssh.ts
+var ssh_exports = {};
+__export(ssh_exports, {
+  credentialsSchema: () => credentialsSchema,
+  keyPair: () => keyPair,
+  keyPairEntity: () => keyPairEntity,
+  keyTypeSchema: () => keyTypeSchema
+});
+import { defineEntity, defineUnit, Type } from "@highstate/contract";
+var keyTypeSchema = Type.Union([
+  //
+  Type.Literal("rsa"),
+  Type.Literal("ed25519")
+]);
+var keyPairEntity = defineEntity({
+  type: "ssh.key-pair",
+  schema: Type.Object({
+    type: keyTypeSchema,
+    privateKey: Type.String(),
+    publicKey: Type.String()
+  }),
+  meta: {
+    color: "#2b5797"
+  }
+});
+var credentialsSchema = Type.Object({
+  endpoint: Type.Optional(Type.String()),
+  user: Type.Optional(Type.String()),
+  port: Type.Optional(Type.Number()),
+  password: Type.Optional(Type.String()),
+  privateKey: Type.Optional(Type.String())
+});
+var keyPair = defineUnit({
+  type: "ssh.key-pair",
+  secrets: {
+    privateKey: Type.Optional(Type.String())
+  },
+  outputs: {
+    keyPair: keyPairEntity
+  },
+  meta: {
+    displayName: "SSH Key Pair",
+    description: "Holds the ED25519 SSH key pair and generates the private key if not provided.",
+    category: "ssh",
+    primaryIcon: "charm:key",
+    primaryIconColor: "#ffffff",
+    secondaryIcon: "mdi:lock",
+    secondaryIconColor: "#ffffff"
+  },
+  source: {
+    package: "@highstate/common",
+    path: "ssh/key-pair"
+  }
+});
+
+// src/common.ts
+var serverEntity = defineEntity2({
+  type: "common.server",
+  schema: Type2.Object({
+    endpoint: Type2.String(),
+    hostname: Type2.String(),
+    sshCredentials: Type2.Optional(credentialsSchema)
+  }),
+  meta: {
+    color: "#009688"
+  }
+});
+var endpointEntity = defineEntity2({
+  type: "common.endpoint",
+  schema: Type2.Object({
+    endpoint: Type2.String()
+  }),
+  meta: {
+    color: "#FFC107",
+    description: "The L3-L4 endpoint for some network service."
+  }
+});
+var existingServer = defineUnit2({
+  type: "common.existing-server",
+  args: {
+    endpoint: Type2.String(),
+    sshUser: Type2.Optional(Type2.String({ default: "root" })),
+    sshPort: Type2.Optional(Type2.Number({ default: 22 }))
+  },
+  secrets: {
+    sshPassword: Type2.Optional(Type2.String()),
+    sshPrivateKey: Type2.Optional(Type2.String())
+  },
+  inputs: {
+    sshKeyPair: {
+      entity: keyPairEntity,
+      required: false
+    }
+  },
+  outputs: {
+    server: serverEntity
+  },
+  meta: {
+    displayName: "Existing Server",
+    description: "An existing server that can be used in the configuration.",
+    primaryIcon: "mdi:server",
+    defaultNamePrefix: "server"
+  },
+  source: {
+    package: "@highstate/common",
+    path: "existing-server"
+  }
+});
+
+// src/proxmox.ts
+var proxmox_exports = {};
+__export(proxmox_exports, {
+  clusterEntity: () => clusterEntity,
+  connection: () => connection,
+  existingImage: () => existingImage,
+  image: () => image,
+  imageEntity: () => imageEntity,
+  virtualMachine: () => virtualMachine
+});
+import { defineEntity as defineEntity3, defineUnit as defineUnit3, Type as Type3 } from "@highstate/contract";
+var clusterEntity = defineEntity3({
+  type: "proxmox.cluster",
+  schema: Type3.Object({
+    endpoint: Type3.String(),
+    insecure: Type3.Optional(Type3.Boolean()),
+    username: Type3.Optional(Type3.String()),
+    defaultNodeName: Type3.String(),
+    defaultDatastoreId: Type3.String(),
+    password: Type3.Optional(Type3.String()),
+    apiToken: Type3.Optional(Type3.String())
+  }),
+  meta: {
+    color: "#e56901"
+  }
+});
+var imageEntity = defineEntity3({
+  type: "proxmox.image",
+  schema: Type3.Object({
+    id: Type3.String()
+  }),
+  meta: {
+    color: "#e56901"
+  }
+});
+var connection = defineUnit3({
+  type: "proxmox.connection",
+  args: {
+    endpoint: Type3.String(),
+    insecure: Type3.Optional(Type3.Boolean()),
+    username: Type3.Optional(Type3.String()),
+    defaultNodeName: Type3.Optional(Type3.String()),
+    defaultDatastoreId: Type3.Optional(Type3.String())
+  },
+  secrets: {
+    password: Type3.Optional(Type3.String()),
+    apiToken: Type3.Optional(Type3.String())
+  },
+  outputs: {
+    proxmoxCluster: clusterEntity
+  },
+  meta: {
+    displayName: "Proxmox Connection",
+    description: "The connection to an existing Proxmox cluster.",
+    category: "Proxmox",
+    primaryIcon: "simple-icons:proxmox",
+    primaryIconColor: "#e56901",
+    secondaryIcon: "codicon:vm"
+  },
+  source: {
+    package: "@highstate/proxmox",
+    path: "connection"
+  }
+});
+var image = defineUnit3({
+  type: "proxmox.image",
+  args: {
+    url: Type3.String(),
+    nodeName: Type3.Optional(Type3.String()),
+    sha256: Type3.Optional(Type3.String()),
+    datastoreId: Type3.Optional(Type3.String())
+  },
+  inputs: {
+    proxmoxCluster: clusterEntity
+  },
+  outputs: {
+    image: imageEntity
+  },
+  meta: {
+    displayName: "Proxmox Image",
+    description: "The image to upload to a Proxmox cluster.",
+    category: "Proxmox",
+    primaryIcon: "simple-icons:proxmox",
+    primaryIconColor: "#e56901",
+    secondaryIcon: "mage:compact-disk-fill"
+  },
+  source: {
+    package: "@highstate/proxmox",
+    path: "image"
+  }
+});
+var existingImage = defineUnit3({
+  type: "proxmox.existing-image",
+  args: {
+    id: Type3.String()
+  },
+  outputs: {
+    image: imageEntity
+  },
+  meta: {
+    displayName: "Proxmox Existing Image",
+    description: "The existing image on a Proxmox cluster.",
+    category: "Proxmox",
+    primaryIcon: "simple-icons:proxmox",
+    primaryIconColor: "#e56901",
+    secondaryIcon: "mage:compact-disk-fill"
+  },
+  source: {
+    package: "@highstate/proxmox",
+    path: "existing-image"
+  }
+});
+var virtualMachine = defineUnit3({
+  type: "proxmox.virtual-machine",
+  args: {
+    nodeName: Type3.Optional(Type3.String()),
+    cpuType: Type3.Optional(Type3.String({ default: "host" })),
+    cores: Type3.Optional(Type3.Number({ default: 1 })),
+    sockets: Type3.Optional(Type3.Number({ default: 1 })),
+    memory: Type3.Optional(Type3.Number({ default: 512 })),
+    ipv4: Type3.Optional(Type3.String()),
+    ipv4Gateway: Type3.Optional(Type3.String()),
+    dns: Type3.Optional(Type3.Array(Type3.String())),
+    datastoreId: Type3.Optional(Type3.String()),
+    diskSize: Type3.Optional(Type3.Number({ default: 8 })),
+    bridge: Type3.Optional(Type3.String({ default: "vmbr0" })),
+    sshPort: Type3.Optional(Type3.Number({ default: 22 })),
+    sshUser: Type3.Optional(Type3.String({ default: "root" })),
+    waitForAgent: Type3.Optional(Type3.Boolean({ default: true }))
+  },
+  inputs: {
+    proxmoxCluster: clusterEntity,
+    image: imageEntity,
+    sshKeyPair: {
+      entity: keyPairEntity,
+      required: false
+    }
+  },
+  secrets: {
+    sshPassword: Type3.Optional(Type3.String())
+  },
+  outputs: {
+    server: serverEntity
+  },
+  meta: {
+    displayName: "Proxmox Virtual Machine",
+    description: "The virtual machine on a Proxmox cluster.",
+    category: "Proxmox",
+    primaryIcon: "simple-icons:proxmox",
+    primaryIconColor: "#e56901",
+    secondaryIcon: "codicon:vm"
+  },
+  source: {
+    package: "@highstate/proxmox",
+    path: "virtual-machine"
+  }
+});
+
+// src/k8s.ts
+var k8s_exports = {};
+__export(k8s_exports, {
+  accessPoint: () => accessPoint,
+  accessPointEntity: () => accessPointEntity,
+  certManager: () => certManager,
+  clusterEntity: () => clusterEntity2,
+  clusterInfoSchema: () => clusterInfoSchema,
+  containerSchema: () => containerSchema,
+  deploymentEntity: () => deploymentEntity,
+  deploymentSpecSchema: () => deploymentSpecSchema,
+  dns01TlsIssuer: () => dns01TlsIssuer,
+  existingCluster: () => existingCluster,
+  gatewayEntity: () => gatewayEntity,
+  interfaceEntity: () => interfaceEntity,
+  internalIpsPolicySchema: () => internalIpsPolicySchema,
+  labelSelectorSchema: () => labelSelectorSchema,
+  metadataSchema: () => metadataSchema,
+  persistentVolumeClaimEntity: () => persistentVolumeClaimEntity,
+  serviceEntity: () => serviceEntity,
+  servicePortSchema: () => servicePortSchema,
+  serviceSpecSchema: () => serviceSpecSchema,
+  serviceTypeSchema: () => serviceTypeSchema,
+  statefulSetEntity: () => statefulSetEntity,
+  tlsIssuerEntity: () => tlsIssuerEntity
+});
+import { defineEntity as defineEntity5, defineUnit as defineUnit5, Type as Type5 } from "@highstate/contract";
+
+// src/dns.ts
+var dns_exports = {};
+__export(dns_exports, {
+  providerEntity: () => providerEntity,
+  record: () => record
+});
+import { defineEntity as defineEntity4, defineUnit as defineUnit4, Type as Type4 } from "@highstate/contract";
+var providerEntity = defineEntity4({
+  type: "dns.provider",
+  schema: Type4.Object({
+    name: Type4.String(),
+    type: Type4.String(),
+    data: Type4.Record(Type4.String(), Type4.Unknown()),
+    domain: Type4.String()
+  }),
+  meta: {
+    color: "#FF5722"
+  }
+});
+var record = defineUnit4({
+  type: "common.dns-record",
+  args: {
+    name: Type4.String(),
+    type: Type4.String(),
+    value: Type4.String(),
+    ttl: Type4.Optional(Type4.Number())
+  },
+  inputs: {
+    dnsProvider: providerEntity
+  },
+  meta: {
+    displayName: "DNS Record",
+    description: "A DNS record to create.",
+    primaryIcon: "mdi:server",
+    defaultNamePrefix: "record"
+  },
+  source: {
+    package: "@highstate/common",
+    path: "dns/record"
+  }
+});
+
+// src/k8s.ts
+var clusterInfoSchema = Type5.Object({
+  id: Type5.String(),
+  name: Type5.String(),
+  cni: Type5.Optional(Type5.String()),
+  externalIps: Type5.Array(Type5.String())
+});
+var serviceTypeSchema = Type5.StringEnum(["NodePort", "LoadBalancer", "ClusterIP"]);
+var metadataSchema = Type5.Object({
+  namespace: Type5.Optional(Type5.String()),
+  name: Type5.String(),
+  labels: Type5.Optional(Type5.Record(Type5.String(), Type5.String())),
+  annotations: Type5.Optional(Type5.Record(Type5.String(), Type5.String()))
+});
+var servicePortSchema = Type5.Object({
+  name: Type5.Optional(Type5.String()),
+  port: Type5.Optional(Type5.Number()),
+  targetPort: Type5.Optional(Type5.Union([Type5.Number(), Type5.String()])),
+  protocol: Type5.Optional(Type5.String())
+});
+var serviceSpecSchema = Type5.Object({
+  type: Type5.Optional(Type5.String()),
+  selector: Type5.Record(Type5.String(), Type5.String()),
+  ports: Type5.Array(servicePortSchema),
+  clusterIP: Type5.Optional(Type5.String()),
+  clusterIPs: Type5.Optional(Type5.Array(Type5.String())),
+  externalIPs: Type5.Optional(Type5.Array(Type5.String()))
+});
+var serviceEntity = defineEntity5({
+  type: "k8s.service",
+  schema: Type5.Object({
+    type: Type5.Literal("k8s.service"),
+    clusterInfo: clusterInfoSchema,
+    metadata: metadataSchema,
+    spec: serviceSpecSchema
+  }),
+  meta: {
+    color: "#2196F3"
+  }
+});
+var clusterEntity2 = defineEntity5({
+  type: "k8s.cluster",
+  schema: Type5.Object({
+    info: clusterInfoSchema,
+    kubeconfig: Type5.String()
+  }),
+  meta: {
+    color: "#2196F3"
+  }
+});
+var internalIpsPolicySchema = Type5.StringEnum(["always", "public", "never"]);
+var existingCluster = defineUnit5({
+  type: "k8s.existing-cluster",
+  args: {
+    /**
+     * The list of external IPs of the cluster nodes allowed to be used for external access.
+     *
+     * If not provided, will be automatically detected by querying the cluster nodes.
+     *
+     * @schema
+     */
+    externalIps: {
+      ...Type5.Optional(Type5.Array(Type5.String())),
+      description: `The list of external IPs of the cluster nodes allowed to be used for external access.
+
+ If not provided, will be automatically detected by querying the cluster nodes.`
+    },
+    /**
+     * The policy for using internal IPs of the nodes as external IPs.
+     *
+     * - `always`: always use internal IPs as external IPs;
+     * - `public`: use internal IPs as external IPs only if they are (theoretically) routable from the public internet **(default)**;
+     * - `never`: never use internal IPs as external IPs.
+     *
+     * @schema
+     */
+    internalIpsPolicy: {
+      ...{ ...internalIpsPolicySchema, default: "public" },
+      description: `The policy for using internal IPs of the nodes as external IPs.
+
+ - \`always\`: always use internal IPs as external IPs;
+ - \`public\`: use internal IPs as external IPs only if they are (theoretically) routable from the public internet **(default)**;
+ - \`never\`: never use internal IPs as external IPs.`
+    },
+    /**
+     * The FQDN to register the cluster nodes with.
+     *
+     * If provided and `registerFqdn` is set to `true`, the corresponding DNS provider must be provided to set up the DNS records.
+     *
+     * @schema
+     */
+    fqdn: {
+      ...Type5.Optional(Type5.String()),
+      description: `The FQDN to register the cluster nodes with.
+
+ If provided and \`registerFqdn\` is set to \`true\`, the corresponding DNS provider must be provided to set up the DNS records.`
+    },
+    /**
+     * Whether to register the cluster nodes with the provided FQDN.
+     *
+     * By default, `true`.
+     *
+     * @schema
+     */
+    registerFqdn: {
+      ...Type5.Boolean({ default: true }),
+      description: `Whether to register the cluster nodes with the provided FQDN.
+
+ By default, \`true\`.`
+    }
+  },
+  secrets: {
+    /**
+     * The kubeconfig of the cluster to use for connecting to the cluster.
+     *
+     * Will be available for all components using `cluster` output of this unit.
+     *
+     * @schema
+     */
+    kubeconfig: {
+      ...Type5.Record(Type5.String(), Type5.Any()),
+      description: `The kubeconfig of the cluster to use for connecting to the cluster.
+
+ Will be available for all components using \`cluster\` output of this unit.`
+    }
+  },
+  outputs: {
+    cluster: clusterEntity2
+  },
+  meta: {
+    displayName: "Existing Cluster",
+    description: "An existing Kubernetes cluster.",
+    primaryIcon: "mdi:kubernetes"
+  },
+  source: {
+    package: "@highstate/k8s",
+    path: "existing-cluster"
+  }
+});
+var gatewayEntity = defineEntity5({
+  type: "k8s.gateway",
+  schema: Type5.Object({
+    clusterInfo: clusterInfoSchema,
+    gatewayClassName: Type5.String(),
+    httpListenerPort: Type5.Number(),
+    httpsListenerPort: Type5.Number(),
+    ip: Type5.String(),
+    service: Type5.Optional(serviceEntity.schema)
+  }),
+  meta: {
+    color: "#4CAF50"
+  }
+});
+var tlsIssuerEntity = defineEntity5({
+  type: "k8s.tls-issuer",
+  schema: Type5.Object({
+    clusterInfo: clusterInfoSchema,
+    clusterIssuerName: Type5.String()
+  }),
+  meta: {
+    color: "#f06292"
+  }
+});
+var accessPointEntity = defineEntity5({
+  type: "common.access-point",
+  schema: Type5.Object({
+    gateway: gatewayEntity.schema,
+    tlsIssuer: tlsIssuerEntity.schema,
+    dnsProvider: providerEntity.schema
+  }),
+  meta: {
+    color: "#FFC107"
+  }
+});
+var accessPoint = defineUnit5({
+  type: "k8s.access-point",
+  inputs: {
+    gateway: gatewayEntity,
+    tlsIssuer: tlsIssuerEntity,
+    dnsProvider: providerEntity
+  },
+  outputs: {
+    accessPoint: accessPointEntity
+  },
+  meta: {
+    displayName: "Access Point",
+    description: "An access point which can be used to connect to services.",
+    primaryIcon: "mdi:access-point"
+  },
+  source: {
+    package: "@highstate/k8s",
+    path: "access-point"
+  }
+});
+var certManager = defineUnit5({
+  type: "k8s.cert-manager",
+  inputs: {
+    k8sCluster: clusterEntity2
+  },
+  outputs: {
+    k8sCluster: clusterEntity2
+  },
+  meta: {
+    displayName: "Cert Manager",
+    description: "A certificate manager for managing TLS certificates.",
+    primaryIcon: "simple-icons:letsencrypt"
+  },
+  source: {
+    package: "@highstate/k8s",
+    path: "cert-manager"
+  }
+});
+var dns01TlsIssuer = defineUnit5({
+  type: "k8s.dns01-issuer",
+  inputs: {
+    k8sCluster: clusterEntity2,
+    dnsProvider: providerEntity
+  },
+  outputs: {
+    tlsIssuer: tlsIssuerEntity
+  },
+  meta: {
+    displayName: "DNS01 Issuer",
+    description: "A TLS issuer for issuing certificate using DNS01 challenge.",
+    primaryIcon: "mdi:certificate"
+  },
+  source: {
+    package: "@highstate/k8s",
+    path: "dns01-issuer"
+  }
+});
+var containerSchema = Type5.Object({
+  name: Type5.String(),
+  image: Type5.String()
+});
+var labelSelectorSchema = Type5.Object({
+  matchLabels: Type5.Record(Type5.String(), Type5.String())
+});
+var deploymentSpecSchema = Type5.Object({
+  replicas: Type5.Number(),
+  selector: labelSelectorSchema,
+  template: Type5.Object({
+    metadata: metadataSchema,
+    spec: Type5.Object({
+      containers: Type5.Array(containerSchema)
+    })
+  })
+});
+var deploymentEntity = defineEntity5({
+  type: "k8s.deployment",
+  schema: Type5.Object({
+    type: Type5.Literal("k8s.deployment"),
+    clusterInfo: clusterInfoSchema,
+    metadata: metadataSchema,
+    service: Type5.Optional(serviceEntity.schema)
+  }),
+  meta: {
+    color: "#4CAF50"
+  }
+});
+var statefulSetEntity = defineEntity5({
+  type: "k8s.stateful-set",
+  schema: Type5.Object({
+    type: Type5.Literal("k8s.stateful-set"),
+    clusterInfo: clusterInfoSchema,
+    metadata: metadataSchema,
+    service: Type5.Optional(serviceEntity.schema)
+  }),
+  meta: {
+    color: "#FFC107"
+  }
+});
+var persistentVolumeClaimEntity = defineEntity5({
+  type: "k8s.persistent-volume-claim",
+  schema: Type5.Object({
+    type: Type5.Literal("k8s.persistent-volume-claim"),
+    clusterInfo: clusterInfoSchema,
+    metadata: metadataSchema
+  }),
+  meta: {
+    color: "#FFC107"
+  }
+});
+var interfaceEntity = defineEntity5({
+  type: "k8s.interface",
+  schema: Type5.Object({
+    name: Type5.String(),
+    deployment: deploymentEntity.schema
+  }),
+  meta: {
+    color: "#2196F3",
+    description: "The interface in a network space of pod kernel which can accept or transmit packets."
+  }
+});
+
+// src/talos.ts
+var talos_exports = {};
+__export(talos_exports, {
+  cluster: () => cluster,
+  clusterEntity: () => clusterEntity3,
+  cniSchema: () => cniSchema,
+  csiSchema: () => csiSchema
+});
+import { defineEntity as defineEntity6, defineUnit as defineUnit6, Type as Type6 } from "@highstate/contract";
+var clusterEntity3 = defineEntity6({
+  type: "talos.cluster",
+  schema: Type6.Object({
+    clientConfiguration: Type6.String(),
+    machineSecrets: Type6.String()
+  }),
+  meta: {
+    color: "#2d2d2d"
+  }
+});
+var cniSchema = Type6.StringEnum(["none", "cilium", "flannel"]);
+var csiSchema = Type6.StringEnum(["none", "local-path-provisioner"]);
+var cluster = defineUnit6({
+  type: "talos.cluster",
+  args: {
+    /**
+     * Allow scheduling workloads on the master nodes.
+     *
+     * By default, "true" if no worker nodes are provided.
+     */
+    scheduleOnMasters: Type6.Boolean(),
+    /**
+     * The endpoint of the cluster.
+     *
+     * By default, the first master node's endpoint is used.
+     */
+    endpoint: Type6.Optional(Type6.String()),
+    /**
+     * The name of the cluster.
+     *
+     * By default, the name of the instance is used.
+     */
+    clusterName: Type6.Optional(Type6.String()),
+    /**
+     * The CNI plugin to use.
+     *
+     * The following options are available:
+     * - "cilium" (default)
+     * - "flannel" (built-in in Talos)
+     * - "none" (disable CNI, must be installed manually)
+     *
+     * The "cilium" CNI plugin is recommended to cover advanced network policies like FQDNs.
+     */
+    cni: { ...cniSchema, default: "cilium" },
+    /**
+     * The CSI plugin to use.
+     *
+     * The following options are available:
+     * - "local-path-provisioner" (default)
+     * - "none" (disable CSI, must be installed manually if needed)
+     */
+    csi: { ...csiSchema, default: "local-path-provisioner" },
+    /**
+     * The shared configuration patch.
+     * It will be applied to all nodes.
+     */
+    sharedConfigPatch: Type6.Optional(Type6.Record(Type6.String(), Type6.Any())),
+    /**
+     * The master configuration patch.
+     * It will be applied to all master nodes.
+     */
+    masterConfigPatch: Type6.Optional(Type6.Record(Type6.String(), Type6.Any())),
+    /**
+     * The worker configuration patch.
+     * It will be applied to all worker nodes.
+     */
+    workerConfigPatch: Type6.Optional(Type6.Record(Type6.String(), Type6.Any()))
+  },
+  inputs: {
+    masters: {
+      entity: serverEntity,
+      multiple: true
+    },
+    workers: {
+      entity: serverEntity,
+      multiple: true,
+      required: false
+    }
+  },
+  outputs: {
+    k8sCluster: clusterEntity2,
+    talosCluster: clusterEntity3
+  },
+  meta: {
+    displayName: "Talos Cluster",
+    description: "A Kubernetes cluster managed by Talos.",
+    category: "Talos",
+    color: "#2d2d2d",
+    primaryIcon: "simple-icons:talos",
+    secondaryIcon: "devicon:kubernetes"
+  },
+  source: {
+    package: "@highstate/talos",
+    path: "cluster"
+  }
+});
+
+// src/wireguard.ts
+var wireguard_exports = {};
+__export(wireguard_exports, {
+  backendSchema: () => backendSchema,
+  config: () => config,
+  configBundle: () => configBundle,
+  identity: () => identity,
+  identityEntity: () => identityEntity,
+  k8sNodeEntity: () => k8sNodeEntity,
+  network: () => network,
+  networkEntity: () => networkEntity,
+  node: () => node,
+  peer: () => peer,
+  peerEntity: () => peerEntity,
+  presharedKeyModeSchema: () => presharedKeyModeSchema
+});
+import { defineEntity as defineEntity7, defineUnit as defineUnit7, Type as Type7 } from "@highstate/contract";
+var backendSchema = Type7.StringEnum(["wireguard", "amneziawg"]);
+var presharedKeyModeSchema = Type7.StringEnum(["none", "global", "secure"]);
+var networkEntity = defineEntity7({
+  type: "wireguard.network",
+  schema: Type7.Object({
+    backend: Type7.Optional(backendSchema),
+    presharedKeyMode: presharedKeyModeSchema,
+    globalPresharedKey: Type7.Optional(Type7.String()),
+    ipv6: Type7.Optional(Type7.Boolean())
+  })
+});
+var identityEntity = defineEntity7({
+  type: "wireguard.identity",
+  schema: Type7.Object({
+    name: Type7.String(),
+    network: Type7.Optional(networkEntity.schema),
+    address: Type7.Optional(Type7.String()),
+    privateKey: Type7.String(),
+    presharedKeyPart: Type7.Optional(Type7.String()),
+    k8sServices: Type7.Array(serviceEntity.schema),
+    exitNode: Type7.Boolean(),
+    listenPort: Type7.Optional(Type7.Number()),
+    externalIp: Type7.Optional(Type7.String()),
+    endpoint: Type7.Optional(Type7.String()),
+    fqdn: Type7.Optional(Type7.String())
+  }),
+  meta: {
+    color: "#F44336"
+  }
+});
+var peerEntity = defineEntity7({
+  type: "wireguard.peer",
+  schema: Type7.Object({
+    name: Type7.String(),
+    network: Type7.Optional(networkEntity.schema),
+    publicKey: Type7.String(),
+    address: Type7.Optional(Type7.String()),
+    allowedIps: Type7.Array(Type7.String()),
+    endpoint: Type7.Optional(Type7.String()),
+    presharedKeyPart: Type7.Optional(Type7.String()),
+    excludedIps: Type7.Optional(Type7.Array(Type7.String())),
+    dns: Type7.Optional(Type7.Array(Type7.String()))
+  }),
+  meta: {
+    color: "#673AB7"
+  }
+});
+var k8sNodeEntity = defineEntity7({
+  type: "wireguard.node",
+  schema: Type7.Object({
+    network: Type7.String(),
+    address: Type7.String(),
+    endpoint: Type7.Optional(Type7.String()),
+    peers: Type7.Array(Type7.String())
+  })
+});
+var network = defineUnit7({
+  type: "wireguard.network",
+  args: {
+    /**
+     * The backend to use for the WireGuard network.
+     *
+     * Possible values are:
+     * 1. `wireguard` - The default backend.
+     * 2. `amneziawg` - The censorship-resistant fork of WireGuard.
+     *
+     * By default, the `wireguard` backend is used.
+     *
+     * @schema
+     */
+    backend: {
+      ...backendSchema,
+      description: `The backend to use for the WireGuard network.
+
+ Possible values are:
+ 1. \`wireguard\` - The default backend.
+ 2. \`amneziawg\` - The censorship-resistant fork of WireGuard.
+
+ By default, the \`wireguard\` backend is used.`
+    },
+    /**
+     * The option which defines how to handle pre-shared keys between peers.
+     *
+     * 1. `none` - No pre-shared keys will be used.
+     * 2. `global` - A single pre-shared key will be used for all peer pairs in the network.
+     * 3. `secure` - Each peer pair will have its own pre-shared key.
+     * In this case, each identity generates `presharedKeyPart` and the actual pre-shared key
+     * for each peer pair will be computed as `xor(peer1.presharedKeyPart, peer2.presharedKeyPart)`.
+     *
+     * If the whole network is managed by the HighState, the `secure` mode is recommended.
+     *
+     * By default, the `none` mode is used.
+     *
+     * @schema
+     */
+    presharedKeyMode: {
+      ...Type7.Optional(presharedKeyModeSchema),
+      description: `The option which defines how to handle pre-shared keys between peers.
+
+ 1. \`none\` - No pre-shared keys will be used.
+ 2. \`global\` - A single pre-shared key will be used for all peer pairs in the network.
+ 3. \`secure\` - Each peer pair will have its own pre-shared key.
+ In this case, each identity generates \`presharedKeyPart\` and the actual pre-shared key
+ for each peer pair will be computed as \`xor(peer1.presharedKeyPart, peer2.presharedKeyPart)\`.
+
+ If the whole network is managed by the HighState, the \`secure\` mode is recommended.
+
+ By default, the \`none\` mode is used.`
+    },
+    /**
+     * The option to enable IPv6 support in the network.
+     *
+     * By default, IPv6 support is disabled.
+     *
+     * @schema
+     */
+    ipv6: {
+      ...Type7.Optional(Type7.Boolean()),
+      description: `The option to enable IPv6 support in the network.
+
+ By default, IPv6 support is disabled.`
+    }
+  },
+  secrets: {
+    /**
+     * The global pre-shared key to use for all peer pairs in the network.
+     *
+     * Will be used only if `presharedKeyMode` is set to `global`.
+     * Will be generated automatically if not provided.
+     *
+     * @schema
+     */
+    globalPresharedKey: {
+      ...Type7.Optional(Type7.String()),
+      description: `The global pre-shared key to use for all peer pairs in the network.
+
+ Will be used only if \`presharedKeyMode\` is set to \`global\`.
+ Will be generated automatically if not provided.`
+    }
+  },
+  outputs: {
+    network: networkEntity
+  },
+  meta: {
+    description: "The WireGuard network with some shared configuration.",
+    primaryIcon: "simple-icons:wireguard",
+    primaryIconColor: "#88171a",
+    secondaryIcon: "mdi:local-area-network-connect"
+  },
+  source: {
+    package: "@highstate/wireguard",
+    path: "network"
+  }
+});
+var sharedPeerArgs = {
+  /**
+   * The name of the WireGuard peer.
+   *
+   * If not provided, the peer will be named after the unit.
+   *
+   * @schema
+   */
+  peerName: {
+    ...Type7.Optional(Type7.String()),
+    description: `The name of the WireGuard peer.
+
+ If not provided, the peer will be named after the unit.`
+  },
+  /**
+   * The address of the WireGuard interface.
+   *
+   * The address may be any IPv4 or IPv6 address. CIDR notation is also supported.
+   *
+   * @schema
+   */
+  address: {
+    ...Type7.Optional(Type7.String()),
+    description: `The address of the WireGuard interface.
+
+ The address may be any IPv4 or IPv6 address. CIDR notation is also supported.`
+  },
+  /**
+   * The list of allowed IPs for the peer.
+   *
+   * @schema
+   */
+  allowedIps: {
+    ...Type7.Optional(Type7.Array(Type7.String())),
+    description: `The list of allowed IPs for the peer.`
+  },
+  /**
+   * The convenience option to set `allowedIps` to `0.0.0.0/0, ::/0`.
+   *
+   * Will be merged with the `allowedIps` if provided.
+   *
+   * @schema
+   */
+  exitNode: {
+    ...Type7.Optional(Type7.Boolean()),
+    description: `The convenience option to set \`allowedIps\` to \`0.0.0.0/0, ::/0\`.
+
+ Will be merged with the \`allowedIps\` if provided.`
+  },
+  /**
+   * The list of IP ranges to exclude from the tunnel.
+   *
+   * Implementation notes:
+   *
+   * - This list will not be used to generate the allowed IPs for the peer.
+   * - Instead, the node will setup extra direct routes to these IPs via default gateway.
+   * - This allows to use `0.0.0.0/0, ::/0` in the `allowedIps` (and corresponding fwmark magic) and still have some IPs excluded from the tunnel.
+   *
+   * @schema
+   */
+  excludedIps: {
+    ...Type7.Optional(Type7.Array(Type7.String())),
+    description: `The list of IP ranges to exclude from the tunnel.
+
+ Implementation notes:
+
+ - This list will not be used to generate the allowed IPs for the peer.
+ - Instead, the node will setup extra direct routes to these IPs via default gateway.
+ - This allows to use \`0.0.0.0/0, ::/0\` in the \`allowedIps\` (and corresponding fwmark magic) and still have some IPs excluded from the tunnel.`
+  },
+  /**
+   * The convenience option to exclude private IPs from the tunnel.
+   *
+   * For IPv4, the private IPs are:
+   *
+   * - `10.0.0.0/8`
+   * - `172.16.0.0/12`
+   * - `192.168.0.0/16`
+   *
+   * For IPv6, the private IPs are:
+   *
+   * - `fc00::/7`
+   * - `fe80::/10`
+   *
+   * Will be merged with `excludedIps` if provided.
+   *
+   * @schema
+   */
+  excludePrivateIps: {
+    ...Type7.Optional(Type7.Boolean()),
+    description: `The convenience option to exclude private IPs from the tunnel.
+
+ For IPv4, the private IPs are:
+
+ - \`10.0.0.0/8\`
+ - \`172.16.0.0/12\`
+ - \`192.168.0.0/16\`
+
+ For IPv6, the private IPs are:
+
+ - \`fc00::/7\`
+ - \`fe80::/10\`
+
+ Will be merged with \`excludedIps\` if provided.`
+  },
+  /**
+   * The endpoint of the WireGuard peer.
+   *
+   * @schema
+   */
+  endpoint: {
+    ...Type7.Optional(Type7.String()),
+    description: `The endpoint of the WireGuard peer.`
+  },
+  /**
+   * The DNS servers that should be used by the interface connected to the WireGuard peer.
+   *
+   * If multiple peers define DNS servers, the node will merge them into a single list (but this is discouraged).
+   *
+   * @schema
+   */
+  dns: {
+    ...Type7.Optional(Type7.Array(Type7.String())),
+    description: `The DNS servers that should be used by the interface connected to the WireGuard peer.
+
+ If multiple peers define DNS servers, the node will merge them into a single list (but this is discouraged).`
+  },
+  /**
+   * The convenience option to include the DNS servers to the allowed IPs.
+   *
+   * By default, is `true`.
+   *
+   * @schema
+   */
+  includeDns: {
+    ...Type7.Optional(Type7.Boolean({ default: true })),
+    description: `The convenience option to include the DNS servers to the allowed IPs.
+
+ By default, is \`true\`.`
+  }
+};
+var sharedInterfaceArgs = {
+  /**
+   * The port to listen on.
+   *
+   * Will override the `listenPort` of the identity if provided.
+   *
+   * @schema
+   */
+  listenPort: {
+    ...Type7.Optional(Type7.Number()),
+    description: `The port to listen on.
+
+ Will override the \`listenPort\` of the identity if provided.`
+  },
+  /**
+   * The DNS servers that should be used by the interface connected to the WireGuard node.
+   *
+   * Will be merged with the DNS servers of the peers.
+   *
+   * @schema
+   */
+  dns: {
+    ...Type7.Optional(Type7.Array(Type7.String())),
+    description: `The DNS servers that should be used by the interface connected to the WireGuard node.
+
+ Will be merged with the DNS servers of the peers.`
+  }
+};
+var peer = defineUnit7({
+  type: "wireguard.peer",
+  args: {
+    ...sharedPeerArgs,
+    /**
+     * The public key of the WireGuard peer.
+     *
+     * @schema
+     */
+    publicKey: {
+      ...Type7.String(),
+      description: `The public key of the WireGuard peer.`
+    }
+  },
+  inputs: {
+    /**
+     * The network to use for the WireGuard peer.
+     *
+     * If not provided, the peer will use default network configuration.
+     *
+     * @schema
+     */
+    network: {
+      ...{
+        entity: networkEntity,
+        required: false
+      },
+      description: `The network to use for the WireGuard peer.
+
+ If not provided, the peer will use default network configuration.`
+    }
+  },
+  outputs: {
+    peer: peerEntity
+  },
+  meta: {
+    description: "The WireGuard peer with the public key.",
+    primaryIcon: "simple-icons:wireguard",
+    primaryIconColor: "#88171a",
+    secondaryIcon: "mdi:badge-account-horizontal"
+  },
+  source: {
+    package: "@highstate/wireguard",
+    path: "peer"
+  }
+});
+var identity = defineUnit7({
+  type: "wireguard.identity",
+  args: {
+    ...sharedPeerArgs,
+    /**
+     * The port to listen on.
+     *
+     * Used by the implementation of the identity and to calculate the endpoint of the peer.
+     *
+     * @schema
+     */
+    listenPort: {
+      ...Type7.Optional(Type7.Number()),
+      description: `The port to listen on.
+
+ Used by the implementation of the identity and to calculate the endpoint of the peer.`
+    },
+    /**
+     * The external IP address of the WireGuard identity.
+     *
+     * Used by the implementation of the identity and to calculate the endpoint of the peer.
+     *
+     * @schema
+     */
+    externalIp: {
+      ...Type7.Optional(Type7.String()),
+      description: `The external IP address of the WireGuard identity.
+
+ Used by the implementation of the identity and to calculate the endpoint of the peer.`
+    },
+    /**
+     * The endpoint of the WireGuard peer.
+     *
+     * By default, the endpoint is calculated as `externalIp:listenPort`.
+     *
+     * If overridden, does not affect node which implements the identity, but is used in the peer configuration of other nodes.
+     *
+     * @schema
+     */
+    endpoint: {
+      ...Type7.Optional(Type7.String()),
+      description: `The endpoint of the WireGuard peer.
+
+ By default, the endpoint is calculated as \`externalIp:listenPort\`.
+
+ If overridden, does not affect node which implements the identity, but is used in the peer configuration of other nodes.`
+    },
+    /**
+     * The FQDN of the WireGuard identity.
+     * Will be used as endpoint for the peer.
+     *
+     * If `dnsProvider` is provided and `externalIp` is available, the FQDN will be registered automatically.
+     *
+     * @schema
+     */
+    fqdn: {
+      ...Type7.Optional(Type7.String()),
+      description: `The FQDN of the WireGuard identity.
+ Will be used as endpoint for the peer.
+
+ If \`dnsProvider\` is provided and \`externalIp\` is available, the FQDN will be registered automatically.`
+    }
+  },
+  secrets: {
+    /**
+     * The private key of the WireGuard identity.
+     *
+     * If not provided, the key will be generated automatically.
+     *
+     * @schema
+     */
+    privateKey: {
+      ...Type7.Optional(Type7.String()),
+      description: `The private key of the WireGuard identity.
+
+ If not provided, the key will be generated automatically.`
+    },
+    /**
+     * The part of the pre-shared of the WireGuard identity.
+     *
+     * Will be generated automatically if not provided.
+     *
+     * @schema
+     */
+    presharedKeyPart: {
+      ...Type7.Optional(Type7.String()),
+      description: `The part of the pre-shared of the WireGuard identity.
+
+ Will be generated automatically if not provided.`
+    }
+  },
+  inputs: {
+    /**
+     * The network to use for the WireGuard identity.
+     *
+     * If not provided, the identity will use default network configuration.
+     *
+     * @schema
+     */
+    network: {
+      ...{
+        entity: networkEntity,
+        required: false
+      },
+      description: `The network to use for the WireGuard identity.
+
+ If not provided, the identity will use default network configuration.`
+    },
+    /**
+     * The list of Kubernetes services to expose the WireGuard identity.
+     *
+     * Their IP addresses will be added to the `allowedIps` of the identity and passed to the node to set up network policies.
+     *
+     * @schema
+     */
+    k8sServices: {
+      ...{
+        entity: serviceEntity,
+        multiple: true,
+        required: false
+      },
+      description: `The list of Kubernetes services to expose the WireGuard identity.
+
+ Their IP addresses will be added to the \`allowedIps\` of the identity and passed to the node to set up network policies.`
+    },
+    dnsProvider: {
+      entity: providerEntity,
+      required: false
+    }
+  },
+  outputs: {
+    identity: identityEntity,
+    peer: peerEntity
+  },
+  meta: {
+    description: "The WireGuard identity with the public key.",
+    primaryIcon: "simple-icons:wireguard",
+    primaryIconColor: "#88171a",
+    secondaryIcon: "mdi:account"
+  },
+  source: {
+    package: "@highstate/wireguard",
+    path: "identity"
+  }
+});
+var node = defineUnit7({
+  type: "wireguard.node",
+  args: {
+    appName: Type7.Optional(Type7.String()),
+    serviceType: Type7.Optional(serviceTypeSchema),
+    ...sharedInterfaceArgs,
+    /**
+     * The external IP address of the WireGuard node.
+     *
+     * Will override the `externalIp` of the identity if provided.
+     *
+     * @schema
+     */
+    externalIp: {
+      ...Type7.Optional(Type7.String()),
+      description: `The external IP address of the WireGuard node.
+
+ Will override the \`externalIp\` of the identity if provided.`
+    },
+    /**
+     * The extra specification of the container which runs the WireGuard node.
+     *
+     * Will override any overlapping fields.
+     *
+     * @schema
+     */
+    containerSpec: {
+      ...Type7.Optional(Type7.Record(Type7.String(), Type7.Any())),
+      description: `The extra specification of the container which runs the WireGuard node.
+
+ Will override any overlapping fields.`
+    }
+  },
+  inputs: {
+    identity: identityEntity,
+    k8sCluster: clusterEntity2,
+    deployment: {
+      entity: deploymentEntity,
+      required: false
+    },
+    statefulSet: {
+      entity: statefulSetEntity,
+      required: false
+    },
+    interface: {
+      entity: interfaceEntity,
+      required: false
+    },
+    peers: {
+      entity: peerEntity,
+      multiple: true,
+      required: false
+    }
+  },
+  outputs: {
+    deployment: {
+      entity: deploymentEntity,
+      required: false
+    },
+    interface: {
+      entity: interfaceEntity,
+      required: false
+    },
+    service: {
+      entity: serviceEntity,
+      required: false
+    }
+  },
+  meta: {
+    description: "The WireGuard node running on the Kubernetes.",
+    primaryIcon: "simple-icons:wireguard",
+    primaryIconColor: "#88171a",
+    secondaryIcon: "mdi:server"
+  },
+  source: {
+    package: "@highstate/wireguard",
+    path: "node"
+  }
+});
+var config = defineUnit7({
+  type: "wireguard.config",
+  args: {
+    ...sharedInterfaceArgs,
+    /**
+     * The name of the "default" interface where non-tunneled traffic should go.
+     *
+     * If not provided, the config will not respect `excludedIps`.
+     *
+     * @schema
+     */
+    defaultInterface: {
+      ...Type7.Optional(Type7.String()),
+      description: `The name of the "default" interface where non-tunneled traffic should go.
+
+ If not provided, the config will not respect \`excludedIps\`.`
+    }
+  },
+  inputs: {
+    identity: identityEntity,
+    peers: {
+      entity: peerEntity,
+      multiple: true,
+      required: false
+    }
+  },
+  meta: {
+    displayName: "WireGuard Config",
+    description: "Just the WireGuard configuration for the identity and peers.",
+    primaryIcon: "simple-icons:wireguard",
+    primaryIconColor: "#88171a",
+    secondaryIcon: "mdi:settings"
+  },
+  source: {
+    package: "@highstate/wireguard",
+    path: "config"
+  }
+});
+var configBundle = defineUnit7({
+  type: "wireguard.config-bundle",
+  inputs: {
+    identity: identityEntity,
+    peers: {
+      entity: peerEntity,
+      multiple: true
+    },
+    sharedPeers: {
+      entity: peerEntity,
+      multiple: true,
+      required: false
+    }
+  },
+  meta: {
+    displayName: "WireGuard Config Bundle",
+    description: "The WireGuard configuration bundle for the identity and peers.",
+    primaryIcon: "simple-icons:wireguard",
+    primaryIconColor: "#88171a",
+    secondaryIcon: "mdi:folder-settings-variant"
+  },
+  source: {
+    package: "@highstate/wireguard",
+    path: "config-bundle"
+  }
+});
+
+// src/apps/index.ts
+var apps_exports = {};
+__export(apps_exports, {
+  backupModeSchema: () => backupModeSchema,
+  codeServer: () => codeServer,
+  deployment: () => deployment,
+  grocy: () => grocy,
+  kubernetesDashboard: () => kubernetesDashboard,
+  mariadb: () => mariadb,
+  mariadbDatabase: () => mariadbDatabase,
+  mariadbEntity: () => mariadbEntity,
+  maybe: () => maybe,
+  mongodb: () => mongodb,
+  mongodbDatabase: () => mongodbDatabase,
+  mongodbEntity: () => mongodbEntity,
+  postgresql: () => postgresql,
+  postgresqlDatabase: () => postgresqlDatabase,
+  postgresqlEntity: () => postgresqlEntity,
+  syncthing: () => syncthing,
+  traefikGateway: () => traefikGateway,
+  vaultwarden: () => vaultwarden
+});
+
+// src/apps/mariadb.ts
+import { defineEntity as defineEntity9, defineUnit as defineUnit9, Type as Type9 } from "@highstate/contract";
+
+// src/restic.ts
+var restic_exports = {};
+__export(restic_exports, {
+  repo: () => repo,
+  repoEntity: () => repoEntity
+});
+import { defineEntity as defineEntity8, defineUnit as defineUnit8, Type as Type8 } from "@highstate/contract";
+var repoEntity = defineEntity8({
+  type: "restic.repo",
+  schema: Type8.Object({
+    password: Type8.String(),
+    remoteDomains: Type8.Array(Type8.String()),
+    type: Type8.Literal("rclone"),
+    rcloneConfig: Type8.String(),
+    remoteName: Type8.String(),
+    basePath: Type8.String()
+  }),
+  meta: {
+    color: "#e56901"
+  }
+});
+var repo = defineUnit8({
+  type: "restic.repo",
+  args: {
+    remoteDomains: Type8.Optional(Type8.Array(Type8.String())),
+    basePath: Type8.Optional(Type8.String())
+  },
+  secrets: {
+    password: Type8.Optional(Type8.String()),
+    rcloneConfig: Type8.String({ multiline: true })
+  },
+  outputs: {
+    repo: repoEntity
+  },
+  meta: {
+    displayName: "Restic Repo",
+    description: "Holds the configuration for a Restic repository and its remote storage.",
+    primaryIconColor: "#e56901",
+    primaryIcon: "material-symbols:backup"
+  },
+  source: {
+    package: "@highstate/restic",
+    path: "repo"
+  }
+});
+
+// src/apps/mariadb.ts
+var mariadbEntity = defineEntity9({
+  type: "apps.mariadb",
+  schema: Type9.Object({
+    service: Type9.Optional(serviceEntity.schema),
+    host: Type9.String(),
+    port: Type9.Number(),
+    rootPassword: Type9.String()
+  }),
+  meta: {
+    color: "#f06292"
+  }
+});
+var mariadb = defineUnit9({
+  type: "apps.mariadb",
+  args: {
+    fqdn: Type9.Optional(Type9.String()),
+    appName: Type9.Optional(Type9.String())
+  },
+  secrets: {
+    rootPassword: Type9.Optional(Type9.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    dnsProvider: {
+      entity: providerEntity,
+      required: false
+    }
+  },
+  outputs: {
+    mariadb: mariadbEntity,
+    service: serviceEntity
+  },
+  meta: {
+    displayName: "MariaDB",
+    description: "The MariaDB database deployed on Kubernetes.",
+    primaryIcon: "simple-icons:mariadb",
+    secondaryIcon: "mdi:database"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "mariadb/app"
+  }
+});
+var mariadbDatabase = defineUnit9({
+  type: "apps.mariadb.database",
+  args: {
+    database: Type9.Optional(Type9.String()),
+    username: Type9.Optional(Type9.String())
+  },
+  secrets: {
+    password: Type9.Optional(Type9.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    mariadb: mariadbEntity
+  },
+  meta: {
+    displayName: "MariaDB Database",
+    description: "The virtual MariaDB database created on the MariaDB instance. Works only for MariaDB instances deployed on Kubernetes.",
+    primaryIcon: "simple-icons:mariadb",
+    secondaryIcon: "mdi:database-plus"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "mariadb/database"
+  }
+});
+
+// src/apps/postgresql.ts
+import { defineEntity as defineEntity10, defineUnit as defineUnit10, Type as Type10 } from "@highstate/contract";
+var postgresqlEntity = defineEntity10({
+  type: "apps.postgresql",
+  schema: Type10.Object({
+    service: Type10.Optional(serviceEntity.schema),
+    host: Type10.String(),
+    port: Type10.Number(),
+    rootPassword: Type10.String()
+  }),
+  meta: {
+    color: "#336791"
+  }
+});
+var postgresql = defineUnit10({
+  type: "apps.postgresql",
+  args: {
+    fqdn: Type10.Optional(Type10.String()),
+    appName: Type10.Optional(Type10.String())
+  },
+  secrets: {
+    rootPassword: Type10.Optional(Type10.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    dnsProvider: {
+      entity: providerEntity,
+      required: false
+    }
+  },
+  outputs: {
+    postgresql: postgresqlEntity,
+    service: serviceEntity
+  },
+  meta: {
+    displayName: "PostgreSQL",
+    description: "The PostgreSQL database deployed on Kubernetes.",
+    primaryIcon: "simple-icons:postgresql",
+    secondaryIcon: "mdi:database"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "postgresql/app"
+  }
+});
+var postgresqlDatabase = defineUnit10({
+  type: "apps.postgresql.database",
+  args: {
+    database: Type10.Optional(Type10.String()),
+    username: Type10.Optional(Type10.String())
+  },
+  secrets: {
+    password: Type10.Optional(Type10.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    postgresql: postgresqlEntity
+  },
+  meta: {
+    displayName: "PostgreSQL Database",
+    description: "The virtual PostgreSQL database created on the PostgreSQL instance. Works only for PostgreSQL instances deployed on Kubernetes.",
+    primaryIcon: "simple-icons:postgresql",
+    secondaryIcon: "mdi:database-plus"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "postgresql/database"
+  }
+});
+
+// src/apps/vaultwarden.ts
+import { defineUnit as defineUnit11, Type as Type11 } from "@highstate/contract";
+var vaultwarden = defineUnit11({
+  type: "apps.vaultwarden",
+  args: {
+    fqdn: Type11.String(),
+    appName: Type11.Optional(Type11.String())
+  },
+  inputs: {
+    mariadb: mariadbEntity,
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity2
+  },
+  secrets: {
+    mariadbPassword: Type11.Optional(Type11.String())
+  },
+  meta: {
+    displayName: "Vaultwarden",
+    description: "The Vaultwarden password manager deployed on Kubernetes.",
+    primaryIcon: "simple-icons:vaultwarden"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "vaultwarden"
+  }
+});
+
+// src/apps/traefik.ts
+import { defineUnit as defineUnit12, Type as Type12 } from "@highstate/contract";
+var traefikGateway = defineUnit12({
+  type: "apps.traefik-gateway",
+  args: {
+    appName: Type12.Optional(Type12.String()),
+    className: Type12.Optional(Type12.String()),
+    serviceType: Type12.Optional(serviceTypeSchema)
+  },
+  inputs: {
+    k8sCluster: clusterEntity2
+  },
+  outputs: {
+    gateway: gatewayEntity,
+    service: serviceEntity
+  },
+  meta: {
+    displayName: "Traefik Gateway",
+    description: "A Traefik gateway for routing traffic to services.",
+    primaryIcon: "simple-icons:traefikproxy"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "traefik"
+  }
+});
+
+// src/apps/kubernetes-dashboard.ts
+import { defineUnit as defineUnit13, Type as Type13 } from "@highstate/contract";
+var kubernetesDashboard = defineUnit13({
+  type: "apps.kubernetes-dashboard",
+  args: {
+    fqdn: Type13.String(),
+    appName: Type13.Optional(Type13.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    accessPoint: accessPointEntity
+  },
+  meta: {
+    displayName: "Kubernetes Dashboard",
+    description: "The Kubernetes Dashboard deployed on Kubernetes.",
+    primaryIcon: "simple-icons:kubernetes",
+    secondaryIcon: "mdi:dashboard"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "kubernetes-dashboard"
+  }
+});
+
+// src/apps/grocy.ts
+import { defineUnit as defineUnit14, Type as Type14 } from "@highstate/contract";
+var grocy = defineUnit14({
+  type: "apps.grocy",
+  args: {
+    fqdn: Type14.String(),
+    appName: Type14.Optional(Type14.String())
+  },
+  inputs: {
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity2
+  },
+  meta: {
+    displayName: "Grocy",
+    description: "Grocy is a web-based self-hosted groceries & household management solution for your home.",
+    primaryIcon: "simple-icons:grocy"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "grocy"
+  }
+});
+
+// src/apps/maybe.ts
+import { defineUnit as defineUnit15, Type as Type15 } from "@highstate/contract";
+var maybe = defineUnit15({
+  type: "apps.maybe",
+  args: {
+    fqdn: Type15.String(),
+    appName: Type15.Optional(Type15.String())
+  },
+  inputs: {
+    postgresql: postgresqlEntity,
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity2,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    }
+  },
+  secrets: {
+    postgresqlPassword: Type15.Optional(Type15.String()),
+    secretKey: Type15.Optional(Type15.String())
+  },
+  meta: {
+    displayName: "Maybe",
+    description: "The OS for your personal finances.",
+    primaryIcon: "arcticons:finance-manager"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "maybe"
+  }
+});
+
+// src/apps/mongodb.ts
+import { defineEntity as defineEntity11, defineUnit as defineUnit16, Type as Type16 } from "@highstate/contract";
+var mongodbEntity = defineEntity11({
+  type: "apps.mongodb",
+  schema: Type16.Object({
+    service: Type16.Optional(serviceEntity.schema),
+    host: Type16.String(),
+    port: Type16.Number(),
+    rootPassword: Type16.String()
+  }),
+  meta: {
+    color: "#13aa52"
+  }
+});
+var mongodb = defineUnit16({
+  type: "apps.mongodb",
+  args: {
+    fqdn: Type16.Optional(Type16.String()),
+    appName: Type16.Optional(Type16.String()),
+    serviceType: Type16.Optional(serviceTypeSchema)
+  },
+  secrets: {
+    rootPassword: Type16.Optional(Type16.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    dnsProvider: {
+      entity: providerEntity,
+      required: false
+    }
+  },
+  outputs: {
+    mongodb: mongodbEntity,
+    service: serviceEntity
+  },
+  meta: {
+    displayName: "MongoDB",
+    description: "The MongoDB instance deployed on Kubernetes.",
+    primaryIcon: "simple-icons:mongodb",
+    secondaryIcon: "mdi:database"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "mongodb/app"
+  }
+});
+var mongodbDatabase = defineUnit16({
+  type: "apps.mongodb.database",
+  args: {
+    database: Type16.Optional(Type16.String()),
+    username: Type16.Optional(Type16.String())
+  },
+  secrets: {
+    password: Type16.Optional(Type16.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    mongodb: mongodbEntity
+  },
+  meta: {
+    displayName: "MongoDB Database",
+    description: "The virtual MongoDB database created on the MongoDB instance. Works only for MongoDB instances deployed on Kubernetes.",
+    primaryIcon: "simple-icons:mongodb",
+    secondaryIcon: "mdi:database-plus"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "mongodb/database"
+  }
+});
+
+// src/apps/deployment.ts
+import { defineUnit as defineUnit17, Type as Type17 } from "@highstate/contract";
+var deployment = defineUnit17({
+  type: "apps.deployment",
+  args: {
+    appName: Type17.Optional(Type17.String()),
+    fqdn: Type17.Optional(Type17.String()),
+    serviceType: Type17.Optional(serviceTypeSchema),
+    image: Type17.Optional(Type17.String()),
+    port: Type17.Optional(Type17.Number()),
+    replicas: Type17.Optional(Type17.Number()),
+    dataPath: Type17.Optional(Type17.String()),
+    env: Type17.Optional(Type17.Record(Type17.String(), Type17.Any())),
+    mariadbEnvMapping: Type17.Optional(Type17.Record(Type17.String(), Type17.Any())),
+    postgresqlEnvMapping: Type17.Optional(Type17.Record(Type17.String(), Type17.Any())),
+    mongodbEnvMapping: Type17.Optional(Type17.Record(Type17.String(), Type17.Any())),
+    manifest: Type17.Optional(Type17.Record(Type17.String(), Type17.Any())),
+    serviceManifest: Type17.Optional(Type17.Record(Type17.String(), Type17.Any())),
+    httpRouteManifest: Type17.Optional(Type17.Record(Type17.String(), Type17.Any()))
+  },
+  inputs: {
+    k8sCluster: clusterEntity2,
+    mariadb: {
+      entity: mariadbEntity,
+      required: false
+    },
+    postgresql: {
+      entity: postgresqlEntity,
+      required: false
+    },
+    mongodb: {
+      entity: mongodbEntity,
+      required: false
+    },
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    dnsProvider: {
+      entity: providerEntity,
+      required: false
+    }
+  },
+  outputs: {
+    deployment: deploymentEntity,
+    service: serviceEntity
+  },
+  secrets: {
+    mariadbPassword: Type17.Optional(Type17.String()),
+    postgresqlPassword: Type17.Optional(Type17.String()),
+    mongodbPassword: Type17.Optional(Type17.String())
+  },
+  meta: {
+    displayName: "Kubernetes Deployment",
+    description: "A generic Kubernetes deployment with optional service and gateway routes.",
+    primaryIcon: "mdi:kubernetes",
+    secondaryIcon: "mdi:cube-outline"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "deployment"
+  }
+});
+
+// src/apps/syncthing.ts
+import { defineUnit as defineUnit18, Type as Type18 } from "@highstate/contract";
+var backupModeSchema = Type18.Union([Type18.Literal("metadata"), Type18.Literal("full")]);
+var syncthing = defineUnit18({
+  type: "apps.syncthing",
+  args: {
+    fqdn: Type18.String(),
+    deviceFqdn: Type18.Optional(Type18.String()),
+    appName: Type18.Optional(Type18.String()),
+    backupMode: Type18.Optional({ ...backupModeSchema, default: "metadata" })
+  },
+  inputs: {
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity2,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    volume: {
+      entity: persistentVolumeClaimEntity,
+      required: false
+    }
+  },
+  outputs: {
+    service: serviceEntity,
+    volume: persistentVolumeClaimEntity
+  },
+  meta: {
+    displayName: "Syncthing",
+    description: "The Syncthing instance deployed on Kubernetes.",
+    primaryIcon: "simple-icons:syncthing"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "syncthing"
+  }
+});
+
+// src/apps/code-server.ts
+import { defineUnit as defineUnit19, Type as Type19 } from "@highstate/contract";
+var codeServer = defineUnit19({
+  type: "apps.code-server",
+  args: {
+    fqdn: Type19.String(),
+    appName: Type19.Optional(Type19.String())
+  },
+  secrets: {
+    password: Type19.Optional(Type19.String()),
+    sudoPassword: Type19.Optional(Type19.String())
+  },
+  inputs: {
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity2,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    volume: {
+      entity: persistentVolumeClaimEntity,
+      required: false
+    }
+  },
+  outputs: {
+    statefulSet: statefulSetEntity,
+    volume: persistentVolumeClaimEntity
+  },
+  meta: {
+    displayName: "Code Server",
+    description: "The Code Server instance deployed on Kubernetes.",
+    primaryIcon: "material-icon-theme:vscode"
+  },
+  source: {
+    package: "@highstate/apps",
+    path: "code-server"
+  }
+});
+
+// src/cloudflare.ts
+var cloudflare_exports = {};
+__export(cloudflare_exports, {
+  connection: () => connection2
+});
+import { defineUnit as defineUnit20, Type as Type20 } from "@highstate/contract";
+var connection2 = defineUnit20({
+  type: "cloudflare.connection",
+  secrets: {
+    apiToken: Type20.String()
+  },
+  outputs: {
+    dnsProvider: providerEntity
+  },
+  meta: {
+    displayName: "Cloudflare Connection",
+    description: "Creates a new Cloudflare connection for one zone.",
+    primaryIcon: "simple-icons:cloudflare"
+  },
+  source: {
+    package: "@highstate/cloudflare",
+    path: "connection"
+  }
+});
+
+// src/k3s.ts
+var k3s_exports = {};
+__export(k3s_exports, {
+  cluster: () => cluster2
+});
+import { defineUnit as defineUnit21 } from "@highstate/contract";
+var cluster2 = defineUnit21({
+  type: "k3s.cluster",
+  inputs: {
+    server: serverEntity
+  },
+  outputs: {
+    k8sCluster: clusterEntity2
+  },
+  meta: {
+    displayName: "K3s Cluster",
+    description: "The K3s cluster created on top of the server.",
+    category: "k3s",
+    primaryIcon: "devicon:k3s",
+    secondaryIcon: "devicon:kubernetes"
+  },
+  source: {
+    package: "@highstate/k3s",
+    path: "cluster"
+  }
+});
+
+// src/mullvad.ts
+var mullvad_exports = {};
+__export(mullvad_exports, {
+  endpointType: () => endpointType,
+  peer: () => peer2
+});
+import { defineUnit as defineUnit22, Type as Type21 } from "@highstate/contract";
+var endpointType = Type21.Union([
+  Type21.Literal("fqdn"),
+  Type21.Literal("ipv4"),
+  Type21.Literal("ipv6")
+]);
+var peer2 = defineUnit22({
+  type: "mullvad.peer",
+  args: {
+    hostname: Type21.Optional(Type21.String()),
+    endpointType: Type21.Optional({ ...endpointType, default: "fqdn" })
+  },
+  inputs: {
+    /**
+     * The network to use for the WireGuard peer.
+     *
+     * If not provided, the peer will use default network configuration.
+     */
+    network: {
+      entity: networkEntity,
+      required: false
+    }
+  },
+  outputs: {
+    peer: peerEntity
+  },
+  meta: {
+    displayName: "Mullvad Peer",
+    description: "The Mullvad WireGuard peer fetched from the Mullvad API.",
+    primaryIcon: "simple-icons:mullvad",
+    secondaryIcon: "cib:wireguard",
+    secondaryIconColor: "#88171a"
+  },
+  source: {
+    package: "@highstate/mullvad",
+    path: "peer"
+  }
+});
+export {
+  apps_exports as apps,
+  cloudflare_exports as cloudflare,
+  common_exports as common,
+  dns_exports as dns,
+  k3s_exports as k3s,
+  k8s_exports as k8s,
+  mullvad_exports as mullvad,
+  proxmox_exports as proxmox,
+  restic_exports as restic,
+  ssh_exports as ssh,
+  talos_exports as talos,
+  wireguard_exports as wireguard
+};
+//# sourceMappingURL=index.js.map