local kube = import "../../../kube/kube.libsonnet";
local vpn = import "vpn.libsonnet";

{
    local top = self,
    tls: vpn.PKI("implr-vpn"),

    servers: {
        praisethesun: vpn.Server("openvpn-implr-praisethesun", 11223, top.tls) {
            cfg+: {
                namespace: "implr-vpn",
                configFile: |||
                    dev tun
                    tmp-dir /dev/shm/
                    proto udp
                    port 11223
                    topology subnet
                    server 172.17.1.0 255.255.255.0
                    keepalive 10 60
                    persist-tun
                    persist-key
                    cipher AES-256-CBC
                    dh none
                    ca /mnt/pki/ca.crt
                    cert /mnt/pki/tls.crt
                    key /mnt/pki/tls.key
                |||
            }
        },
        curssys: vpn.Server("openvpn-implr-curssys", 11224, top.tls) {
            cfg+: {
                namespace: "implr-vpn",
                configFile: |||
                    dev tun
                    tmp-dir /dev/shm/
                    proto udp
                    port 11224
                    topology subnet
                    server 172.20.1.0 255.255.255.0
                    keepalive 10 60
                    persist-tun
                    persist-key
                    cipher AES-256-CBC
                    dh none
                    ca /mnt/pki/ca.crt
                    cert /mnt/pki/tls.crt
                    key /mnt/pki/tls.key
                |||
            }
        },
    },
    clients: {
        kektop: vpn.Client("kektop", top.servers.praisethesun),
        admin1: vpn.Client("admin1", top.servers.praisethesun),
        desk1: vpn.Client("desk1", top.servers.praisethesun),
        desk2: vpn.Client("desk2", top.servers.curssys),
        thonk: vpn.Client("thonk", top.servers.curssys),
        anthracite: vpn.Client("anthracite", top.servers.curssys),
    }
}