A simple tool to fetch backups from the OPNsense firewall
Project description
Usage
opnsense-backup is a simple tool to fetch configuration backups from the opnsense firewall.
Arguments
- -h, --help
show the help message and exit.
- -c FILE, --config FILE
the configuration file (default: ~/.config/opnsense-backup/config.yml)
- -o FILE, --output FILE
the output file. The file name can contain strftime directives. If the argument is specified, directory, name and keep fields of the configuration are ignored.
Configuration file
The opnsense-backup needs a configuration file (default ~/.config/opnsense-backup/config.yml). As the file contains secrets, take care to set reasonable permissions. The file is in the YAML format.
Configuration file
opnsense:
url: https://opnsense
key: ...
secret: ...
ssl_verify: true|false|/path/to/custom_cert.pem
backup_password: ...
output:
directory: .
name: "opnsense-%Y%m%d-%H%M.xml"
keep: 12All fields except key and secret are optional. The user the API key was generated for needs to have the Diagnostics: Configuration History permission and ideally nothing else.
url is a host name or an IP address.
If backup_password is specified, the backup file is encrypted in the way the OPNsense does that (as of 25.7.10). It can also be decrypted manually using
openssl aes-256-cbc -d -base64 -md sha512 -pbkdf2 -iter 100000 -in ...
name specifies the name of the output file. strftime directives are allowed.
keep removes all but the most recent *.xml files from the directory, that in this case has to be specified and has to be an absolute path.
directory has to already exist. As the backup is not encrypted and contains secrets the permissions should be set accordingly.
Observability
The backups done can be exported through prometheus text-file format and consumed by the node exporter’s textfile collector. If the metrics key exists, the file is atomically populated after each backup run.
metrics:
directory: "/var/local/lib/prom_metrics"
suffix: "my-opnsense"directory is mandatory and specifies the path of the directory passed as the --collector.textfile.directory for the node_exporter. It has to already exist. suffix is optional and will be appended to the file name to distinguish metrics files generated by different configurations. For the above configuration the full file name will be /var/local/lib/prom_metrics/opnsense-backup-my-opnsense.prom.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file opnsense_backup-0.1.0.tar.gz.
File metadata
- Download URL: opnsense_backup-0.1.0.tar.gz
- Upload date:
- Size: 6.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b60716da142d5d4e4f31e8a4c6fa8cf85893257570a349ffaec57d30cda69180
|
|
| MD5 |
e94b7eb2f5ad02adf30e27e77edc2d7c
|
|
| BLAKE2b-256 |
758ee2e324adbccfcd1ab87a7ea201a885a05ba3e3deb49e43c88104ea2dbd3a
|
File details
Details for the file opnsense_backup-0.1.0-py3-none-any.whl.
File metadata
- Download URL: opnsense_backup-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c7ccf3a9b87347b443b251ab2f871dde4e4780959c42616bccc64ffe48236e1c
|
|
| MD5 |
e5fed1168d1648f0761e64dbb27543d4
|
|
| BLAKE2b-256 |
f894623c459879ab4bbbc7b54baa8f459ad258b3246947ea0013b4e348fbff53
|
