# -*- mode: python; coding: utf-8 -*-
# 
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017  Gabriel Détraz
# Copyright © 2017  Goulven Kermarec
# Copyright © 2017  Augustin Lemesle
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

### Give me a role

# previously: routeur4 = routeur IPv4
role = ['routeur']


### Specify each interface role

interfaces_type = {
    'routable' : ['ens20', 'ens21', 'ens23'],
    'sortie' : ['ens19'],
    'admin' : ['ens18']
}


### Specify nat settings: name, interfaces with range, and global range for nat
### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
### contain /16 range

nat = [
    {
        'name' : 'Wifi',
        'interfaces_ip_to_nat' : {
            'ens19' : '45.66.109.0/24',
        },
        'ip_sources' : '10.{{ subnet_ids.users_wifi }}.0.0/16',
        'extra_nat' : {}
    },
    {
        'name' : 'Filaire',
        'interfaces_ip_to_nat' : {
            'ens19' : '45.66.108.0/24',
        },
        'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16',
        'extra_nat' : {
            'ens19': {
                '10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{
                apartment_block_id }}',
                '10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}',
            },
        }
    },
    {
        'name': 'Accueil',
        'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16',
        'extra_nat': {
            'ens19': {
                '10.{{ subnet_ids.users_accueil }}.1.0/24': '45.66.108.25{{ apartment_block_id }}',
                '10.{{ subnet_ids.users_accueil }}.2.0/24': '45.66.108.25{{ apartment_block_id }}',
            },
            'ens23' : {
                '10.{{ subnet_ids.users_accueil }}.1.0/24': '10.{{ subnet_ids.users_accueil }}.0.240',
                '10.{{ subnet_ids.users_accueil }}.2.0/24': '10.{{ subnet_ids.users_accueil }}.0.240',
            },
        },
        'extra_nat_group': {
            'ens19': 'accueil_ens23_allowed',
        },
    },
]

# ATTENTION: on doit avoir retry ≥ grace
# ATTENTION: il faut que ip_redirect gère tous les ports
# autorisés dans le profile re2o, sinon on laisse sortir
# du trafic
accueils = [
    {
        'iface': 'ens23',
        'grace_period': 1800,
        'retry_period': 86400,
        'ip_sources': [
            '10.{{ subnet_ids.users_accueil }}.1.0/24',
            '10.{{ subnet_ids.users_accueil }}.2.0/24',
        ],
        'ip_redirect': {
            "tcp": {
                "10.{{ subnet_ids.users_accueil }}.0.247": ["80", "443"],
            }
        },
        'triggers': [
            ('4', 'tcp', '46.255.53.35', 443),  # ComNPay
            ('4', 'tcp', '46.255.53.35', 80),
        ]
    }
]