module sovereign-sdwan { namespace "urn:sovereign:sdwan"; prefix ssdwan; import ietf-inet-types { prefix inet; } organization "Guildhouse Sovereign Infrastructure"; description "Custom YANG module for sovereign SD-WAN site configuration. Extends OpenConfig concepts with dual-mode (overlay/underlay) site management, zone-based security policy, and WAN circuit SLA definitions."; revision 2024-01-01 { description "Initial revision for Phase 1 homelab topology."; } container site { description "Top-level site configuration."; leaf site-id { type string; description "Unique site identifier."; } leaf sovereignty-domain { type string; description "Guildhouse sovereignty domain this site belongs to."; } container oob-mesh { description "Overlay mode configuration — Kedge WireGuard mesh."; leaf wireguard-pubkey { type string; description "This site's WireGuard public key."; } list cloud-anchors { key "anchor-id"; description "Cloud anchor endpoints for overlay connectivity."; leaf anchor-id { type string; description "Unique identifier for this cloud anchor."; } leaf endpoint { type inet:host; description "Cloud anchor WireGuard endpoint (host:port)."; } leaf priority { type uint8; description "Priority for anchor selection (lower = preferred)."; } } } } container zone-policy { description "Underlay mode configuration — physical device zone-based security policy programming."; list zone { key "name"; description "A network zone managed by this site."; leaf name { type string; description "Zone name (e.g., transit, tyler-lab, dmz)."; } leaf subnet { type inet:ipv4-prefix; description "IPv4 subnet for this zone."; } leaf vlan-id { type uint16 { range "1..4094"; } description "VLAN ID associated with this zone."; } leaf owner-device { type string; description "Device responsible for this zone's gateway (e.g., fortigate.transit.local)."; } list policy { key "dst-zone"; description "Inter-zone policy rules."; leaf dst-zone { type string; description "Destination zone name."; } leaf action { type enumeration { enum allow-stateful { description "Allow stateful traffic."; } enum allow-restricted { description "Allow restricted set of services."; } enum deny { description "Deny all traffic."; } } description "Policy action for traffic to the destination zone."; } leaf-list services { type string; description "Allowed services when action is allow-restricted (e.g., ssh, https, dns)."; } } } } container wan-circuits { description "WAN circuit definitions for SD-WAN path selection."; list circuit { key "name"; description "A WAN circuit available at this site."; leaf name { type string; description "Circuit name (e.g., fios-primary, lte-backup)."; } leaf type { type enumeration { enum primary { description "Primary WAN circuit."; } enum secondary { description "Secondary/backup WAN circuit."; } enum oob { description "Out-of-band management circuit."; } } description "Circuit role in the WAN topology."; } leaf interface-name { type string; description "Network interface name for this circuit."; } container sla { description "SLA targets for path selection."; leaf latency-target-ms { type uint32; description "Maximum acceptable latency in milliseconds."; } leaf jitter-target-ms { type uint32; description "Maximum acceptable jitter in milliseconds."; } leaf loss-target-pct { type decimal64 { fraction-digits 2; } description "Maximum acceptable packet loss percentage."; } } } } }