@highstate/library 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highstate/library",
3
- "version": "0.8.0",
3
+ "version": "0.9.1",
4
4
  "type": "module",
5
5
  "files": [
6
6
  "dist",
@@ -19,12 +19,12 @@
19
19
  "build": "highstate build --library"
20
20
  },
21
21
  "dependencies": {
22
- "@highstate/contract": "^0.8.0",
22
+ "@highstate/contract": "^0.9.1",
23
23
  "@sinclair/typebox": "^0.34.11",
24
24
  "remeda": "^2.21.0"
25
25
  },
26
26
  "devDependencies": {
27
- "@highstate/cli": "^0.8.0"
27
+ "@highstate/cli": "^0.9.1"
28
28
  },
29
- "gitHead": "8590eea089a016c9b4b797299fc94ddc9afe10ba"
29
+ "gitHead": "2f9fdd9542fbdd11d4337fb59ac4f5728535fa0c"
30
30
  }
package/src/common.ts CHANGED
@@ -15,16 +15,30 @@ export const serverEntity = defineEntity({
15
15
  },
16
16
  })
17
17
 
18
- export const endpointEntity = defineEntity({
19
- type: "common.endpoint",
18
+ export const l3EndpointEntity = defineEntity({
19
+ type: "common.l3-endpoint",
20
20
 
21
21
  schema: Type.Object({
22
22
  endpoint: Type.String(),
23
23
  }),
24
24
 
25
25
  meta: {
26
- color: "#FFC107",
27
- description: "The L3-L4 endpoint for some network service.",
26
+ color: "#1B5E20",
27
+ description: "The L3 endpoint for some service. May be a domain name or an IP address.",
28
+ },
29
+ })
30
+
31
+ export const l4EndpointEntity = defineEntity({
32
+ type: "common.l4-endpoint",
33
+
34
+ schema: Type.Object({
35
+ endpoint: Type.String(),
36
+ port: Type.Number(),
37
+ }),
38
+
39
+ meta: {
40
+ color: "#F57F17",
41
+ description: "The L4 endpoint for some service. Extends an L3 endpoint with a port.",
28
42
  },
29
43
  })
30
44
 
@@ -145,7 +159,8 @@ export const fileEntity = defineEntity({
145
159
  })
146
160
 
147
161
  export type Server = Static<typeof serverEntity.schema>
148
- export type Endpoint = Static<typeof endpointEntity.schema>
162
+ export type L3Endpoint = Static<typeof l3EndpointEntity.schema>
163
+ export type L4Endpoint = Static<typeof l4EndpointEntity.schema>
149
164
 
150
165
  export type File = Static<typeof fileEntity.schema>
151
166
  export type FileMeta = Static<typeof fileMetaEntity.schema>
package/src/index.ts CHANGED
@@ -7,10 +7,10 @@ export * as wireguard from "./wireguard"
7
7
  export * as apps from "./apps"
8
8
  export * as cloudflare from "./cloudflare"
9
9
  export * as k3s from "./k3s"
10
- // export * as xtWgobfs from "./xt-wgobfs"
11
10
  export * as restic from "./restic"
12
11
  export * as mullvad from "./mullvad"
13
12
  export * as dns from "./dns"
14
13
  export * as timeweb from "./timeweb"
15
14
  export * as nixos from "./nixos"
16
15
  export * as sops from "./sops"
16
+ export * as obfuscators from "./obfuscators"
package/src/k8s.ts CHANGED
@@ -1,6 +1,18 @@
1
1
  import { defineEntity, defineUnit, Type, type Static } from "@highstate/contract"
2
+ import { Literal } from "@sinclair/typebox"
2
3
  import { providerEntity } from "./dns"
3
4
 
5
+ export const tunDevicePolicySchema = Type.Union([
6
+ Type.Object({
7
+ type: Literal("host"),
8
+ }),
9
+ Type.Object({
10
+ type: Literal("plugin"),
11
+ resourceName: Type.String(),
12
+ resourceValue: Type.String(),
13
+ }),
14
+ ])
15
+
4
16
  export const clusterInfoSchema = Type.Object({
5
17
  id: Type.String(),
6
18
  name: Type.String(),
@@ -9,6 +21,15 @@ export const clusterInfoSchema = Type.Object({
9
21
  fqdn: Type.Optional(Type.String()),
10
22
  kubeApiServerIp: Type.Optional(Type.String()),
11
23
  kubeApiServerPort: Type.Optional(Type.Number()),
24
+
25
+ /**
26
+ * Specifies the policy for using the tun device inside containers.
27
+ *
28
+ * If not provided, the default policy is `host` which assumes just mounting /dev/net/tun from the host.
29
+ *
30
+ * For some runtimes, like Talos's one, the /dev/net/tun device is not available in the host, so the plugin policy should be used.
31
+ */
32
+ tunDevicePolicy: Type.Optional(tunDevicePolicySchema),
12
33
  })
13
34
 
14
35
  export const serviceTypeSchema = Type.StringEnum(["NodePort", "LoadBalancer", "ClusterIP"])
@@ -111,6 +132,17 @@ export const existingCluster = defineUnit({
111
132
 
112
133
  args: {
113
134
  ...sharedClusterArgs,
135
+
136
+ /**
137
+ * The policy for using the tun device inside containers.
138
+ *
139
+ * If not provided, the default policy is `host` which assumes just mounting /dev/net/tun from the host.
140
+ *
141
+ * For some runtimes, like Talos's one, the /dev/net/tun device is not available in the host, so the plugin policy should be used.
142
+ *
143
+ * @schema
144
+ */
145
+ tunDevicePolicy: Type.Optional(tunDevicePolicySchema),
114
146
  },
115
147
 
116
148
  secrets: {
package/src/mullvad.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { defineUnit, Type } from "@highstate/contract"
2
2
  import { networkEntity, peerEntity } from "./wireguard"
3
+ import { l4EndpointEntity } from "./common"
3
4
 
4
5
  export const endpointType = Type.Union([
5
6
  Type.Literal("fqdn"),
@@ -13,6 +14,13 @@ export const peer = defineUnit({
13
14
  args: {
14
15
  hostname: Type.Optional(Type.String()),
15
16
  endpointType: Type.Optional({ ...endpointType, default: "fqdn" }),
17
+
18
+ /**
19
+ * Whether to include Mullvad DNS servers in the peer configuration.
20
+ *
21
+ * @schema
22
+ */
23
+ includeDns: Type.Default(Type.Boolean(), true),
16
24
  },
17
25
 
18
26
  inputs: {
@@ -29,6 +37,7 @@ export const peer = defineUnit({
29
37
 
30
38
  outputs: {
31
39
  peer: peerEntity,
40
+ l4Endpoint: l4EndpointEntity,
32
41
  },
33
42
 
34
43
  meta: {
@@ -0,0 +1 @@
1
+ export * as phantun from "./phantun"
@@ -0,0 +1,36 @@
1
+ import { defineUnit } from "@highstate/contract"
2
+ import { deobfuscatorSpec, obfuscatorSpec } from "./shared"
3
+
4
+ export const deobfuscator = defineUnit({
5
+ type: "obfuscators.phantun.deobfuscator",
6
+ ...deobfuscatorSpec,
7
+
8
+ meta: {
9
+ displayName: "Phantun Deobfuscator",
10
+ description: "The Phantun Deobfuscator deployed on Kubernetes.",
11
+ primaryIcon: "mdi:network-outline",
12
+ secondaryIcon: "mdi:hide",
13
+ },
14
+
15
+ source: {
16
+ package: "@highstate/obfuscators",
17
+ path: "phantun/deobfuscator",
18
+ },
19
+ })
20
+
21
+ export const obfuscator = defineUnit({
22
+ type: "obfuscators.phantun.obfuscator",
23
+ ...obfuscatorSpec,
24
+
25
+ meta: {
26
+ displayName: "Phantun Obfuscator",
27
+ description: "The Phantun Obfuscator deployed on Kubernetes.",
28
+ primaryIcon: "mdi:network-outline",
29
+ secondaryIcon: "mdi:hide",
30
+ },
31
+
32
+ source: {
33
+ package: "@highstate/obfuscators",
34
+ path: "phantun/obfuscator",
35
+ },
36
+ })
@@ -0,0 +1,82 @@
1
+ import { Type } from "@sinclair/typebox"
2
+ import { clusterEntity } from "../k8s"
3
+ import { l4EndpointEntity } from "../common"
4
+
5
+ export const deobfuscatorSpec = {
6
+ args: {
7
+ /**
8
+ * The L4 endpoint to forward deobfuscated traffic to.
9
+ *
10
+ * Will take precedence over the `targetEndpoint` input.
11
+ *
12
+ * @schema
13
+ */
14
+ targetEndpoint: Type.Optional(Type.String()),
15
+ },
16
+
17
+ inputs: {
18
+ /**
19
+ * The Kubernetes cluster to deploy the deobfuscator on.
20
+ *
21
+ * @schema
22
+ */
23
+ k8sCluster: clusterEntity,
24
+
25
+ /**
26
+ * The L4 endpoint to forward deobfuscated traffic to.
27
+ *
28
+ * @schema
29
+ */
30
+ targetEndpoint: l4EndpointEntity,
31
+ },
32
+
33
+ outputs: {
34
+ /**
35
+ * The L4 endpoint of the deobfuscator accepting obfuscated traffic.
36
+ *
37
+ * @schema
38
+ */
39
+ endpoint: l4EndpointEntity,
40
+ },
41
+ }
42
+
43
+ export const obfuscatorSpec = {
44
+ args: {
45
+ /**
46
+ * The endpoint of the deobfuscator to pass obfuscated traffic to.
47
+ *
48
+ * Will take precedence over the `l4Endpoint` input.
49
+ *
50
+ * @schema
51
+ */
52
+ endpoint: Type.Optional(Type.String()),
53
+ },
54
+
55
+ inputs: {
56
+ /**
57
+ * The Kubernetes cluster to deploy the obfuscator on.
58
+ *
59
+ * @schema
60
+ */
61
+ k8sCluster: clusterEntity,
62
+
63
+ /**
64
+ * The L4 endpoint of the deobfuscator to pass obfuscated traffic to.
65
+ *
66
+ * @schema
67
+ */
68
+ endpoint: {
69
+ entity: l4EndpointEntity,
70
+ required: false,
71
+ },
72
+ },
73
+
74
+ outputs: {
75
+ /**
76
+ * The L4 endpoint accepting unobfuscated traffic.
77
+ *
78
+ * @schema
79
+ */
80
+ entryEndpoint: l4EndpointEntity,
81
+ },
82
+ }
package/src/talos.ts CHANGED
@@ -26,6 +26,8 @@ export const cluster = defineUnit({
26
26
  * Allow scheduling workloads on the master nodes.
27
27
  *
28
28
  * By default, "true" if no worker nodes are provided.
29
+ *
30
+ * @schema
29
31
  */
30
32
  scheduleOnMasters: Type.Boolean(),
31
33
 
@@ -33,6 +35,8 @@ export const cluster = defineUnit({
33
35
  * The endpoint of the cluster.
34
36
  *
35
37
  * By default, the first master node's endpoint is used.
38
+ *
39
+ * @schema
36
40
  */
37
41
  endpoint: Type.Optional(Type.String()),
38
42
 
@@ -40,6 +44,8 @@ export const cluster = defineUnit({
40
44
  * The name of the cluster.
41
45
  *
42
46
  * By default, the name of the instance is used.
47
+ *
48
+ * @schema
43
49
  */
44
50
  clusterName: Type.Optional(Type.String()),
45
51
 
@@ -52,8 +58,10 @@ export const cluster = defineUnit({
52
58
  * - "none" (disable CNI, must be installed manually)
53
59
  *
54
60
  * The "cilium" CNI plugin is recommended to cover advanced network policies like FQDNs.
61
+ *
62
+ * @schema
55
63
  */
56
- cni: { ...cniSchema, default: "cilium" },
64
+ cni: Type.Default(cniSchema, "cilium"),
57
65
 
58
66
  /**
59
67
  * The CSI plugin to use.
@@ -61,24 +69,32 @@ export const cluster = defineUnit({
61
69
  * The following options are available:
62
70
  * - "local-path-provisioner" (default)
63
71
  * - "none" (disable CSI, must be installed manually if needed)
72
+ *
73
+ * @schema
64
74
  */
65
- csi: { ...csiSchema, default: "local-path-provisioner" },
75
+ csi: Type.Default(csiSchema, "local-path-provisioner"),
66
76
 
67
77
  /**
68
78
  * The shared configuration patch.
69
79
  * It will be applied to all nodes.
80
+ *
81
+ * @schema
70
82
  */
71
83
  sharedConfigPatch: Type.Optional(Type.Record(Type.String(), Type.Any())),
72
84
 
73
85
  /**
74
86
  * The master configuration patch.
75
87
  * It will be applied to all master nodes.
88
+ *
89
+ * @schema
76
90
  */
77
91
  masterConfigPatch: Type.Optional(Type.Record(Type.String(), Type.Any())),
78
92
 
79
93
  /**
80
94
  * The worker configuration patch.
81
95
  * It will be applied to all worker nodes.
96
+ *
97
+ * @schema
82
98
  */
83
99
  workerConfigPatch: Type.Optional(Type.Record(Type.String(), Type.Any())),
84
100
  },
package/src/wireguard.ts CHANGED
@@ -8,6 +8,7 @@ import {
8
8
  statefulSetEntity,
9
9
  } from "./k8s"
10
10
  import { providerEntity } from "./dns"
11
+ import { l4EndpointEntity } from "./common"
11
12
 
12
13
  export const backendSchema = Type.StringEnum(["wireguard", "amneziawg"])
13
14
  export const presharedKeyModeSchema = Type.StringEnum(["none", "global", "secure"])
@@ -101,7 +102,7 @@ export const network = defineUnit({
101
102
  *
102
103
  * @schema
103
104
  */
104
- backend: backendSchema,
105
+ backend: Type.Default(backendSchema, "wireguard"),
105
106
 
106
107
  /**
107
108
  * The option which defines how to handle pre-shared keys between peers.
@@ -284,7 +285,7 @@ export const peer = defineUnit({
284
285
  *
285
286
  * @schema
286
287
  */
287
- publicKey: Type.String(),
288
+ publicKey: Type.Optional(Type.String()),
288
289
  },
289
290
 
290
291
  inputs: {
@@ -299,6 +300,28 @@ export const peer = defineUnit({
299
300
  entity: networkEntity,
300
301
  required: false,
301
302
  },
303
+
304
+ /**
305
+ * The existing WireGuard peer to extend.
306
+ *
307
+ * @schema
308
+ */
309
+ peer: {
310
+ entity: peerEntity,
311
+ required: false,
312
+ },
313
+
314
+ /**
315
+ * The L4 endpoint of the peer.
316
+ *
317
+ * Will take priority over all calculated endpoints if provided.
318
+ *
319
+ * @schema
320
+ */
321
+ l4Endpoint: {
322
+ entity: l4EndpointEntity,
323
+ required: false,
324
+ },
302
325
  },
303
326
 
304
327
  outputs: {
@@ -349,6 +372,8 @@ export const identity = defineUnit({
349
372
  *
350
373
  * If overridden, does not affect node which implements the identity, but is used in the peer configuration of other nodes.
351
374
  *
375
+ * Will take priority over all calculated endpoints and `l4Endpoint` input.
376
+ *
352
377
  * @schema
353
378
  */
354
379
  endpoint: Type.Optional(Type.String()),
@@ -365,7 +390,7 @@ export const identity = defineUnit({
365
390
  fqdn: Type.Optional(Type.String()),
366
391
 
367
392
  /**
368
- * Whether to register the FQDN of the identity with the DNS provider.
393
+ * Whether to register the FQDN of the identity with the matching DNS providers.
369
394
  *
370
395
  * By default, `true`.
371
396
  *
@@ -424,21 +449,46 @@ export const identity = defineUnit({
424
449
  * The Kubernetes cluster associated with the identity.
425
450
  *
426
451
  * If provided, will be used to obtain the external IP or FQDN of the identity.
452
+ *
453
+ * @schema
427
454
  */
428
455
  k8sCluster: {
429
456
  entity: clusterEntity,
430
457
  required: false,
431
458
  },
432
459
 
433
- dnsProvider: {
460
+ /**
461
+ * The L4 endpoint of the identity.
462
+ *
463
+ * Will take priority over all calculated endpoints if provided.
464
+ *
465
+ * @schema
466
+ */
467
+ l4Endpoint: {
468
+ entity: l4EndpointEntity,
469
+ required: false,
470
+ },
471
+
472
+ /**
473
+ * The DNS providers to register the FQDN of the identity with.
474
+ *
475
+ * @schema
476
+ */
477
+ dnsProviders: {
434
478
  entity: providerEntity,
435
479
  required: false,
480
+ multiple: true,
436
481
  },
437
482
  },
438
483
 
439
484
  outputs: {
440
485
  identity: identityEntity,
441
486
  peer: peerEntity,
487
+
488
+ l4Endpoint: {
489
+ entity: l4EndpointEntity,
490
+ required: false,
491
+ },
442
492
  },
443
493
 
444
494
  meta: {
package/src/xt-wgobfs.ts DELETED
@@ -1,49 +0,0 @@
1
- import { defineEntity, defineUnit, Type } from "@highstate/contract"
2
- import { endpointEntity } from "./common"
3
-
4
- export const channelEntity = defineEntity({
5
- type: "xt-wgobfs.target",
6
-
7
- schema: Type.Object({
8
- endpoint: Type.String(),
9
- }),
10
- })
11
-
12
- export const obfuscatorNode = defineUnit({
13
- type: "xt-wgobfs.obfuscator",
14
-
15
- outputs: {
16
- outerCircuit: endpointEntity,
17
- channel: channelEntity,
18
- },
19
-
20
- source: {
21
- package: "@highstate/xt-wgobfs",
22
- path: "target-node",
23
- },
24
-
25
- meta: {
26
- displayName: "xt-wgobfs Deobfuscator",
27
- },
28
- })
29
-
30
- export const deobfuscatorNode = defineUnit({
31
- type: "xt-wgobfs.deobfuscator",
32
-
33
- inputs: {
34
- channel: channelEntity,
35
- },
36
-
37
- outputs: {
38
- outerCircuit: endpointEntity,
39
- },
40
-
41
- source: {
42
- package: "@highstate/xt-wgobfs",
43
- path: "source-node",
44
- },
45
-
46
- meta: {
47
- displayName: "xt-wgobfs Obfuscator",
48
- },
49
- })