diplonat helps you exposing your public services in a dynamic environment
Go to file
Quentin 5483db8dd4
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Add the AGPLv3 license
2022-04-23 11:57:06 +02:00
src repaired test, now that private IP is an Option 2021-12-28 10:43:10 +01:00
.dockerignore Dockerize app 2020-05-23 16:29:02 +02:00
.drone.yml Use the official rust image 2021-09-20 16:01:42 +02:00
.gitignore environment.rs successfully replaced with new config/ configuration loader. No API changes, more tests, cleaner code: life is swell. 2021-08-16 11:19:16 +02:00
.rustfmt.toml Stricter Rust formating rules and build in the CI 2021-09-20 15:13:16 +02:00
Cargo.lock Allow Diplonat to automatically detect it's private IP 2021-12-25 19:23:18 +01:00
Cargo.toml Allow Diplonat to automatically detect it's private IP 2021-12-25 19:23:18 +01:00
CONTRIBUTING.md Fix the CONTRIBUTING doc for the new formatting 2021-09-20 15:18:49 +02:00
docker-compose.yml change image name 2020-07-13 19:34:04 +02:00
Dockerfile update README & Dockerfile 2020-06-28 17:01:12 +02:00
LICENSE Add the AGPLv3 license 2022-04-23 11:57:06 +02:00
README.md added rustfmt: a rustfmt.toml file diescribing syntax (soft tabs of 2 spaces), a CONTRIBUTING.md file to explain how to use rustfmt, a .drone.yml file to add code style checks in CI, 2 lines in README.md to present CONTRIBUTING.md, and applied rustfmt on the source 2021-09-11 16:34:03 +02:00


Feature set

  • (Re)Configure NAT via UPNP/IGD (prio: high)
  • (Re)Configure iptables (prio: low)
  • (Re)Configure DNS via ??? (prio: low)

Understand scope

  • Reconfigure local environment when provisionning a cluster service
    • Reconfigure host on demand according to service needs (Firewall)
    • Reconfigure host local network according to service needs (Router NAT)
  • Operate a global reconfiguration that associate the tuple (local environment information, a cluster service)
    • Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)


The reqwest crate "will make use of system-native transport layer security to connect to HTTPS destinations". See reqwest's documentation for more information.


You need to add the following to your nomad config file :

client {

  options {
    docker.privileged.enabled = "true"
cargo build
consul agent -dev # in a separate terminal

# adapt following values to your configuration
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
export RUST_LOG=debug
cargo run



Design Guidelines

Diplonat is made of a set of Components. Components communicate between them thanks to tokio::sync::watch transferring copiable messages. Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received. This choice has been made to limit bugs. If you need to watch two actors and merge their content, you may use tokio::sync::select. When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.

About Consul Catalog

  • We query the /v1/catalog/node/<node> endpoint
  • We can watch it thanks to Blocking Queries


curl -vvv
# returns X-Consul-Index: 15
curl -vvv

Each time you do the request, the whole list of services bound to the node is returned.

To test the Consul Catalog part, you can do:

consul agent -dev #in a separate terminal, if not already running
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns  -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc  -tag="(diplonat (udp_port 6667 6666))"
consul services -id=example