diplonat helps you exposing your public services in a dynamic environment
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Alex 05872634a4 Merge pull request 'public IP address autodiscovery' (#20) from stun into main
Reviewed-on: #20
5 months ago
src match numeric protocol values 5 months ago
.dockerignore Dockerize app 3 years ago
.drone.yml CI: make rustfmt work in nix 10 months ago
.gitignore Make repo a nix flake 10 months ago
CONTRIBUTING.md Fix the CONTRIBUTING doc for the new formatting 2 years ago
Cargo.lock Add STUN actor that saves autodiscovered IPv4/IPv6 to Consul 6 months ago
Cargo.nix Add STUN actor that saves autodiscovered IPv4/IPv6 to Consul 6 months ago
Cargo.toml Add STUN actor that saves autodiscovered IPv4/IPv6 to Consul 6 months ago
Dockerfile Update Rust version in docker build 2 years ago
LICENSE Add the AGPLv3 license 1 year ago
README.md Add license in the readme 1 year ago
docker-compose.yml change image name 3 years ago
flake.lock Make repo a nix flake 10 months ago
flake.nix Make repo a nix flake 10 months ago



Feature set

  • (Re)Configure NAT via UPNP/IGD (prio: high)
  • (Re)Configure iptables (prio: low)
  • (Re)Configure DNS via ??? (prio: low)

Understand scope

  • Reconfigure local environment when provisionning a cluster service
    • Reconfigure host on demand according to service needs (Firewall)
    • Reconfigure host local network according to service needs (Router NAT)
  • Operate a global reconfiguration that associate the tuple (local environment information, a cluster service)
    • Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)


The reqwest crate "will make use of system-native transport layer security to connect to HTTPS destinations". See reqwest's documentation for more information.


You need to add the following to your nomad config file :

client {

  options {
    docker.privileged.enabled = "true"
cargo build
consul agent -dev # in a separate terminal

# adapt following values to your configuration
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
export RUST_LOG=debug
cargo run



Design Guidelines

Diplonat is made of a set of Components. Components communicate between them thanks to tokio::sync::watch transferring copiable messages. Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received. This choice has been made to limit bugs. If you need to watch two actors and merge their content, you may use tokio::sync::select. When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.

About Consul Catalog

  • We query the /v1/catalog/node/<node> endpoint
  • We can watch it thanks to Blocking Queries


curl -vvv
# returns X-Consul-Index: 15
curl -vvv

Each time you do the request, the whole list of services bound to the node is returned.

To test the Consul Catalog part, you can do:

consul agent -dev #in a separate terminal, if not already running
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns  -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc  -tag="(diplonat (udp_port 6667 6666))"
consul services -id=example


This software is published under the AGPLv3 license.