Merge branch 'main' into dev

2026-03-09 20:26:48 +00:00 · 2026-01-22 16:15:23 -08:00
parent 4c41ef6e69 36254ae405
commit 1e8820f110
16 changed files with 161 additions and 218 deletions
--- a/manage/blueprints.mdx
+++ b/manage/blueprints.mdx
@@ -29,13 +29,13 @@ Some features in this documentation are marked with **(EE)**, indicating they ar

 YAML config can be applied using Docker labels, API, from a Newt site, or in the UI. _Application through a CLI tool is planned._

-<Card title="Newt YAML">
+<Card title="CLI YAML">

-    Newt automatically discovers and applies blueprints defined in YAML format when passing the `--blueprint-file` argument. For example
+    You can apply blueprints directly through the Pangolin CLI.

-    ```bash
-    newt --blueprint-file /path/to/blueprint.yaml <other-args>
-    ```
+```bash
+pangolin apply blueprint --file /path/to/blueprint.yaml
+```

 </Card>

@@ -49,6 +49,16 @@ YAML config can be applied using Docker labels, API, from a Newt site, or in the

 </Card>

+<Card title="Newt YAML">
+
+    Newt automatically discovers and applies blueprints defined in YAML format when passing the `--blueprint-file` argument. For example
+
+    ```bash
+    newt --blueprint-file /path/to/blueprint.yaml <other-args>
+    ```
+
+</Card>
+
 <Card title="API YAML">

    You can also apply blueprints directly through the Pangolin API with an API key. [Take a look at the API documentation for more details.](https://api.pangolin.net/v1/docs/#/Organization/put_org__orgId__blueprint)
@@ -86,9 +96,15 @@ public-resources:
      - action: allow
        match: ip
        value: 1.1.1.1
+        priority: 1
      - action: deny
        match: cidr
        value: 2.2.2.2/32
+        priority: 2
+      - action: allow
+        match: asn
+        value: AS13335
+        priority: 3
      - action: pass
        match: path
        value: /admin
@@ -203,6 +219,9 @@ private-resources:
    mode: host
    destination: 192.168.1.100
    site: lively-yosemite-toad
+    tcp-ports: "22,3389"
+    udp-ports: "*"
+    disable-icmp: false
    roles:
      - Developer
      - DevOps
@@ -216,6 +235,9 @@ private-resources:
    mode: cidr
    destination: 10.0.0.0/24
    site: lively-yosemite-toad
+    tcp-ports: "80,443,8000-9000"
+    udp-ports: "53,123"
+    disable-icmp: true
    users:
      - admin@example.com
 ```
@@ -472,6 +494,9 @@ These are resources used with Pangolin clients (e.g., SSH, RDP).
 | `mode` | string | Yes | Resource mode (`host` or `cidr`) | - |
 | `destination` | string | Yes | Target IP address, hostname, or CIDR block | For `host` mode: IP address or domain. For `cidr` mode: valid CIDR notation |
 | `site` | string | Yes | Site identifier where the resource is located | - |
+| `tcp-ports` | string | No | TCP port ranges to allow | Port range string (e.g., `"80,443,8000-9000"`), defaults to `"*"` (all ports) |
+| `udp-ports` | string | No | UDP port ranges to allow | Port range string (e.g., `"53,123,5000-6000"`), defaults to `"*"` (all ports) |
+| `disable-icmp` | boolean | No | Disable ICMP (ping) for this resource | Defaults to `false` |
 | `alias` | string | No | Fully qualified domain name alias | Must be a valid FQDN (e.g., example.com). Required when destination is a domain in `host` mode |
 | `roles` | array | No | Allowed SSO roles | Cannot include "Admin" role |
 | `users` | array | No | Allowed user emails | Must be valid email addresses |