An OpenBSD firewall web interface
This project is a bit of a slow burn, and a hacky one at that. I'm not sure if it will ever become anything significant, but I enjoy working on it.
prometheus
node_exporter
- Install and then uninstall the system prometheus to setup the user accounts because lazy
- Build prometheus from source using this branch
- Install it under
/opt
and create the file/etc/rc.d/prometheus_opt
#!/bin/ksh # # $OpenBSD: prometheus.rc,v 1.3 2021/02/27 09:28:50 ajacoutot Exp $ daemon="/opt/prometheus/prometheus" daemon_flags="--config.file /etc/prometheus/prometheus.yml" daemon_flags="${daemon_flags} --storage.tsdb.path '/var/prometheus'" daemon_logger="daemon.info" daemon_user="_prometheus" . /etc/rc.d/rc.subr pexp="${daemon}.*" rc_bg=YES rc_reload=NO rc_cmd $1
The following are required in /etc/doas.conf
permit nopass dante cmd /sbin/pfctl
permit nopass dante cmd pfctl
permit nopass dante cmd /sbin/ifconfig
permit nopass dante cmd ifconfig
permit nopass dante cmd /usr/sbin/rcctl
permit nopass dante cmd rcctl
permit nopass dante cmd /bin/ps
permit nopass dante cmd ps