We make automation tools for the rather awesome OPNsense firewall product.


Image Create :: OPNsense on AWS

Terraform module to create an AWS AMI snapshot-image that can subsequently be used to start an OPNsense instance within AWS.

Example usage

variable "aws_access_key_id" {}       # set via environment value `TF_VAR_aws_access_key_id`
variable "aws_secret_access_key" {}   # set via environment value `TF_VAR_aws_secret_access_key`

module "opnsense-image" {
  source  = "verbnetworks/opnsense-image/aws"

  opnsense_release = "18.7"
  root_passwd = "honeyPot..."

  aws_region = "ap-southeast-1"
  aws_access_key_id = "${var.aws_access_key_id}"
  aws_secret_access_key = "${var.aws_secret_access_key}"

  do_opnsense_install = 1
  do_cleanup_shutdown = 1
  do_image = 1
  do_self_destruct = 1
}

NB: the correct behaviour of this module will result in an AMI and the temporary EC2 instance used in the process of creating the image will power off.


Image Create :: OPNsense on Digital Ocean

Terraform module to create a Digital Ocean Droplet Image that can subsequently be used to start an OPNsense instance within Digital Ocean.

Example usage

variable "do_token" {}    # set via environment value `TF_VAR_do_token`

module "opnsense-image" {
  source  = "verbnetworks/opnsense-image/digitalocean"

  opnsense_release = "18.7"
  root_passwd = "honeyPot..."

  digitalocean_region = "sgp1"
  digitalocean_token = "${var.do_token}"

  do_opnsense_install = 1
  do_cleanup_shutdown = 1
  do_image = 1
  do_self_destruct = 1
}

The correct behaviour of this module will result in a Digital Ocean Droplet image and the temporary Droplet used in the process of creating the image will self destruct.


xmlcrudy

Provides a CRUD like interface for manipulating XML files which is useful in interacting with OPNsense XML configuration file values.

Example usage

. /path/to/xmlcrudy.sh
xmlcrudy /conf/config.xml update "//gateways/gateway_item[contains(name,'public4gw')]/gateway" "10.0.0.1"

Useful for manipulating values to suit cloud-compute requirements in the boot-process and can be used as a remote-ssh call for a crude poor-mans API (with caution!) in a pinch.