Metadata-Version: 2.1
Name: pfsense-git-config
Version: 1.0.0
Summary: pfSense Git Config
Home-page: https://pypi.org/project/pfsense-git-config/
Author: Nigel Metheringham
Author-email: nigel.metheringham@gmail.com
Requires-Python: >=3.11,<4.0
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Requires-Dist: defusedxml (>=0.7.1,<0.8.0)
Requires-Dist: gitpython (>=3.1.31,<4.0.0)
Requires-Dist: loguru (>=0.7.0,<0.8.0)
Requires-Dist: pytz (>=2023.3,<2024.0)
Requires-Dist: pyyaml (>=6.0,<7.0)
Requires-Dist: rich (>=13.4.2,<14.0.0)
Requires-Dist: typer (>=0.9.0,<0.10.0)
Project-URL: Repository, https://github.com/nigelm/pfsense_git_config
Description-Content-Type: text/markdown

# pfSense Git Config

Import pfSense config changes into a git repo.

This gives you a record of individual config updates, and allows you to browse
the changes easily.

> **_NOTE:_** Your pfSense config data is sensitive - it will contain hashed
> passwords and information about the networks served by your firewall. I would
> only keep this on a private git server and with access restrictions on the
> repo as well.

## Current Version

Version: `1.0.0`

## Usage

Usage: `pfsense_git_config` [OPTIONS]

Read pfSense configation changes, add them to a Git repo of config changes

Reads the current pfsense configuration file (in `/conf/config.xml` by default),
and the configuration backups (in `/conf/backup/config-<timestamp>.xml` by
default) to contruct a set of timestamp config snapshots. All of these that are
more recent than the last timestamp in the git repo are written into the git
repo, with their timestamps, in cronological order as one commit per config
change. The revision description is used as the commit message.

If `--pull` is specified (set by default), the git repo is pulled at the start
of the process. If `--push` is specificed (set by default), the git repo is
pushed to origin at the end of the process even if no updates are made.

Remember that your pfsense configs should not be publically visible as they
contain sensitive information about your network including hashed passwords
stored within pfSense.

### Options

- `--version` - Report version
- `--config` - Configuration file `[env var: PGC_CONFIG]` Default
  .pfsense_git_config
- `--verbose` / `--no-verbose` - Output verbose information.
- `--pull` / `--no-pull` - Pull the git repo before updating (set by default)
- `--push` / `--no-push` - Push the git repo at the end (set by default)
- `--config-dir` - Directory with pfSense configurations
  `[env var: PGC_PFSENSE_CONFIG_DIR]` Default `/conf`
- `--git-dir` - Location of the git repo the pfSense config updates are to be
  stored in `[env var: PGC_GIT_DIR]` Default `~/pfsense_config`

## Installation and Setup

- Create a user account (with ssh access)
- Ensure that the Cron additional package is installed (required to run the
  checks regularly)
- Ensure that python and git are installed (this needs a root login session to
  use pkg install)
- Logged in to your user account:-
  - create a python venv - `python3.11 -m venv venv`
  - activate it - `source venv/bin/activate.csh`
  - install the package - `pip install --update pfsense_git_config`
  - create/clone a git repo in `~/pfsense_config` to put the configs into. The
    git repo should have a remote elsewhere - I use a local gitea instance.
    There should be a local ssh key or other authentication mechanism that
    allows push/pull to the remote.
  - run `pfsense_git_config`
  - add an invocation script - such as `run_pfsense_git_config.sh` form this
    repo
  - set up cron to run this regularly - say once or twice a day

---

