/
pfsense.sh
170 lines (163 loc) · 7.2 KB
/
pfsense.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/bin/sh
# @file pfSense Setup
# @brief Configures pfSense
# @description
# This script sets up pfSense with features like:
#
# 1. [Netdata Cloud](https://learn.netdata.cloud/docs/installing/pfsense)
#
# ## Considerations
#
# The following items are not included in this script but may be added in the future:
#
# * https://github.com/pfelk/pfelk
#
# ## Useful Links
#
# * [pfSense to OPNSense configuration converter](https://www.pf2opn.com/)
# * [pfSense Ansible collection](https://github.com/pfsensible/core)
# * [pfSense API](https://github.com/jaredhendrickson13/pfsense-api) (Note: Need CLI or easy way of accessing it)
# @description This function logs with style using Gum if it is installed, otherwise it uses `echo`. It is also capable of leveraging Glow to render markdown.
# When Glow is not installed, it uses `cat`. The following sub-commands are available:
#
# | Sub-Command | Description |
# |-------------|-----------------------------------------------------------------------------------------------------|
# | `error` | Logs a bright red error message |
# | `info` | Logs a regular informational message |
# | `md` | Tries to render the specified file using `glow` if it is installed and uses `cat` as a fallback |
# | `prompt` | Alternative that logs a message intended to describe an upcoming user input prompt |
# | `star` | Alternative that logs a message that starts with a star icon |
# | `start` | Same as `success` |
# | `success` | Logs a success message that starts with green checkmark |
# | `warn` | Logs a bright yellow warning message |
logg() {
TYPE="$1"
MSG="$2"
if [ "$TYPE" == 'error' ]; then
if command -v gum > /dev/null; then
gum style --border="thick" "$(gum style --foreground="#ff0000" "✖") $(gum style --bold --background="#ff0000" --foreground="#ffffff" " ERROR ") $(gum style --bold "$MSG")"
else
echo "ERROR: $MSG"
fi
elif [ "$TYPE" == 'info' ]; then
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#00ffff" "○") $(gum style --faint "$MSG")"
else
echo "INFO: $MSG"
fi
elif [ "$TYPE" == 'md' ]; then
if command -v glow > /dev/null; then
glow "$MSG"
else
cat "$MSG"
fi
elif [ "$TYPE" == 'prompt' ]; then
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#00008b" "▶") $(gum style --bold "$MSG")"
else
echo "PROMPT: $MSG"
fi
elif [ "$TYPE" == 'star' ]; then
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#d1d100" "◆") $(gum style --bold "$MSG")"
else
echo "STAR: $MSG"
fi
elif [ "$TYPE" == 'start' ]; then
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#00ff00" "▶") $(gum style --bold "$MSG")"
else
echo "START: $MSG"
fi
elif [ "$TYPE" == 'success' ]; then
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#00ff00" "✔") $(gum style --bold "$MSG")"
else
echo "SUCCESS: $MSG"
fi
elif [ "$TYPE" == 'warn' ]; then
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#d1d100" "◆") $(gum style --bold --background="#ffff00" --foreground="#000000" " WARNING ") $(gum style --bold "$MSG")"
else
echo "WARNING: $MSG"
fi
else
if command -v gum > /dev/null; then
gum style " $(gum style --foreground="#00ff00" "▶") $(gum style --bold "$TYPE")"
else
echo "$MSG"
fi
fi
}
# @description This function adds Netdata to a pfSense environment. More specifically, it:
#
# 1. Enables the FreeBSD package repo
# 2. Installs Netdata system package dependencies
# 3. Configures Netdata to work with Netdata Cloud (if the `NETDATA_TOKEN` environment variable is appropriately assigned)
# 4. Starts the Netdata service
#
# **Note:** In order for Netdata to start on reboot, the shell command feature of pfSense should be configured to
# run `service netdata onestart` after reboots.
enableNetdata() {
### Enable FreeBSD package repo
logg info 'Enabling FreeBSD package repo'
FILE_PATH="/usr/local/etc/pkg/repos/pfSense.conf"
TMP_FILE=$(mktemp)
REPLACEMENT="FreeBSD: { enabled: yes }"
echo "$REPLACEMENT" > "$TMP_FILE"
tail -n +2 "$FILE_PATH" >> "$TMP_FILE"
mv -f "$TMP_FILE" "$FILE_PATH"
rm -f "$TMP_FILE"
### Install Netdata / dependencies
logg info 'Installing Netdata system package dependencies'
pkg update
pkg install -y curl pkgconf bash e2fsprogs-libuuid libuv nano
pkg install -y json-c-0.15_1
pkg install -y py39-certifi-2023.5.7
pkg install -y py39-asn1crypto
pkg install -y py39-pycparser
pkg install -y py39-cffi
pkg install -y py39-six
pkg install -y py39-cryptography
pkg install -y py39-idna
pkg install -y py39-openssl
pkg install -y py39-pysocks
pkg install -y py39-urllib3
pkg install -y py39-yaml
pkg install -y netdata
### Modify Netdata configuration
if [ -n "$NETDATA_TOKEN" ]; then
logg info 'Configuring Netdata to work with Netdata Cloud'
# TODO: Add below to netdata.conf
# bind to = 127.0.0.1 to bind to = 0.0.0.0
cat <<EOF > /usr/local/etc/netdata/netdata.conf
[backend]
enabled = yes
data source = netdata
destination = https://app.netdata.cloud
api key = ${NETDATA_TOKEN}
EOF
fi
### Start Netdata
logg info 'Starting Netdata service'
service netdata onestart
}
enableNetdata
# @description This function installs UniFi onto a pfSense / OPNSense FreeBSD environment. It leverages scripts provided by
# the [unofficial pfSense UniFi project on GitHub](https://github.com/unofficial-unifi/unifi-pfsense). The script runs
# the script provided by the project and then enables the UniFi service.
#
# If you run into issues, please see the project's GitHub link (referenced above). It may take a couple minutes for the
# UniFi service to start up after `service unifi.sh start` is run because the start service exits fast while booting up
# the UniFi service in the background.
enableUniFi() {
fetch -o - https://raw.githubusercontent.com/unofficial-unifi/unifi-pfsense/master/install-unifi/install-unifi.sh | sh -s
service unifi.sh start
}
enableUniFi
# @description This function adds an unofficial package that adds SAML2 support to pfSense for SSO logins over
# the web portal. For more information, see the project's [GitHub page](https://github.com/jaredhendrickson13/pfsense-saml2-auth).
enablePFsenseSAML() {
pkg add https://github.com/jaredhendrickson13/pfsense-saml2-auth/releases/latest/download/pfSense-2.7-pkg-saml2-auth.pkg
}
enablePFsenseSAML