174 lines
7.3 KiB
Bash
174 lines
7.3 KiB
Bash
#!/bin/sh
|
|
# @file pfSense Setup
|
|
# @brief Configures pfSense
|
|
# @description
|
|
# This script sets up pfSense with features like:
|
|
#
|
|
# 1. [Netdata Cloud](https://learn.netdata.cloud/docs/installing/pfsense)
|
|
#
|
|
# ## Considerations
|
|
#
|
|
# The following items are not included in this script but may be added in the future:
|
|
#
|
|
# * https://github.com/pfelk/pfelk
|
|
#
|
|
# ## Useful Links
|
|
#
|
|
# * [pfSense to OPNSense configuration converter](https://www.pf2opn.com/)
|
|
# * [pfSense Ansible collection](https://github.com/pfsensible/core)
|
|
# * [pfSense API](https://github.com/jaredhendrickson13/pfsense-api) (Note: Need CLI or easy way of accessing it)
|
|
|
|
# @description This function logs with style using Gum if it is installed, otherwise it uses `echo`. It is also capable of leveraging Glow to render markdown.
|
|
# When Glow is not installed, it uses `cat`. The following sub-commands are available:
|
|
#
|
|
# | Sub-Command | Description |
|
|
# |-------------|-----------------------------------------------------------------------------------------------------|
|
|
# | `error` | Logs a bright red error message |
|
|
# | `info` | Logs a regular informational message |
|
|
# | `md` | Tries to render the specified file using `glow` if it is installed and uses `cat` as a fallback |
|
|
# | `prompt` | Alternative that logs a message intended to describe an upcoming user input prompt |
|
|
# | `star` | Alternative that logs a message that starts with a star icon |
|
|
# | `start` | Same as `success` |
|
|
# | `success` | Logs a success message that starts with green checkmark |
|
|
# | `warn` | Logs a bright yellow warning message |
|
|
# @example
|
|
# logger info "An informative log"
|
|
# @example
|
|
# logger md ~/README.md
|
|
logg() {
|
|
TYPE="$1"
|
|
MSG="$2"
|
|
if [ "$TYPE" == 'error' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style --border="thick" "$(gum style --foreground="#ff0000" "✖") $(gum style --bold --background="#ff0000" --foreground="#ffffff" " ERROR ") $(gum style --bold "$MSG")"
|
|
else
|
|
echo "ERROR: $MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'info' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#00ffff" "○") $(gum style --faint "$MSG")"
|
|
else
|
|
echo "INFO: $MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'md' ]; then
|
|
if command -v glow > /dev/null; then
|
|
glow "$MSG"
|
|
else
|
|
cat "$MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'prompt' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#00008b" "▶") $(gum style --bold "$MSG")"
|
|
else
|
|
echo "PROMPT: $MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'star' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#d1d100" "◆") $(gum style --bold "$MSG")"
|
|
else
|
|
echo "STAR: $MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'start' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#00ff00" "▶") $(gum style --bold "$MSG")"
|
|
else
|
|
echo "START: $MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'success' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#00ff00" "✔") $(gum style --bold "$MSG")"
|
|
else
|
|
echo "SUCCESS: $MSG"
|
|
fi
|
|
elif [ "$TYPE" == 'warn' ]; then
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#d1d100" "◆") $(gum style --bold --background="#ffff00" --foreground="#000000" " WARNING ") $(gum style --bold "$MSG")"
|
|
else
|
|
echo "WARNING: $MSG"
|
|
fi
|
|
else
|
|
if command -v gum > /dev/null; then
|
|
gum style " $(gum style --foreground="#00ff00" "▶") $(gum style --bold "$TYPE")"
|
|
else
|
|
echo "$MSG"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# @description This function adds Netdata to a pfSense environment. More specifically, it:
|
|
#
|
|
# 1. Enables the FreeBSD package repo
|
|
# 2. Installs Netdata system package dependencies
|
|
# 3. Configures Netdata to work with Netdata Cloud (if the `NETDATA_TOKEN` environment variable is appropriately assigned)
|
|
# 4. Starts the Netdata service
|
|
#
|
|
# **Note:** In order for Netdata to start on reboot, the shell command feature of pfSense should be configured to
|
|
# run `service netdata onestart` after reboots.
|
|
enableNetdata() {
|
|
### Enable FreeBSD package repo
|
|
logg info 'Enabling FreeBSD package repo'
|
|
FILE_PATH="/usr/local/etc/pkg/repos/pfSense.conf"
|
|
TMP_FILE=$(mktemp)
|
|
REPLACEMENT="FreeBSD: { enabled: yes }"
|
|
echo "$REPLACEMENT" > "$TMP_FILE"
|
|
tail -n +2 "$FILE_PATH" >> "$TMP_FILE"
|
|
mv -f "$TMP_FILE" "$FILE_PATH"
|
|
rm -f "$TMP_FILE"
|
|
|
|
### Install Netdata / dependencies
|
|
logg info 'Installing Netdata system package dependencies'
|
|
pkg update
|
|
pkg install -y curl pkgconf bash e2fsprogs-libuuid libuv nano
|
|
pkg install -y json-c-0.15_1
|
|
pkg install -y py39-certifi-2023.5.7
|
|
pkg install -y py39-asn1crypto
|
|
pkg install -y py39-pycparser
|
|
pkg install -y py39-cffi
|
|
pkg install -y py39-six
|
|
pkg install -y py39-cryptography
|
|
pkg install -y py39-idna
|
|
pkg install -y py39-openssl
|
|
pkg install -y py39-pysocks
|
|
pkg install -y py39-urllib3
|
|
pkg install -y py39-yaml
|
|
pkg install -y netdata
|
|
|
|
### Modify Netdata configuration
|
|
if [ -n "$NETDATA_TOKEN" ]; then
|
|
logg info 'Configuring Netdata to work with Netdata Cloud'
|
|
# TODO: Add below to netdata.conf
|
|
# bind to = 127.0.0.1 to bind to = 0.0.0.0
|
|
cat <<EOF > /usr/local/etc/netdata/netdata.conf
|
|
[backend]
|
|
enabled = yes
|
|
data source = netdata
|
|
destination = https://app.netdata.cloud
|
|
api key = ${NETDATA_TOKEN}
|
|
EOF
|
|
fi
|
|
|
|
### Start Netdata
|
|
logg info 'Starting Netdata service'
|
|
service netdata onestart
|
|
}
|
|
enableNetdata
|
|
|
|
# @description This function installs UniFi onto a pfSense / OPNSense FreeBSD environment. It leverages scripts provided by
|
|
# the [unofficial pfSense UniFi project on GitHub](https://github.com/unofficial-unifi/unifi-pfsense). The script runs
|
|
# the script provided by the project and then enables the UniFi service.
|
|
#
|
|
# If you run into issues, please see the project's GitHub link (referenced above). It may take a couple minutes for the
|
|
# UniFi service to start up after `service unifi.sh start` is run because the start service exits fast while booting up
|
|
# the UniFi service in the background.
|
|
enableUniFi() {
|
|
fetch -o - https://raw.githubusercontent.com/unofficial-unifi/unifi-pfsense/master/install-unifi/install-unifi.sh | sh -s
|
|
service unifi.sh start
|
|
}
|
|
enableUniFi
|
|
|
|
# @description This function adds an unofficial package that adds SAML2 support to pfSense for SSO logins over
|
|
# the web portal. For more information, see the project's [GitHub page](https://github.com/jaredhendrickson13/pfsense-saml2-auth).
|
|
enablePFsenseSAML() {
|
|
pkg add https://github.com/jaredhendrickson13/pfsense-saml2-auth/releases/latest/download/pfSense-2.7-pkg-saml2-auth.pkg
|
|
}
|
|
enablePFsenseSAML
|