This is a script that makes an API connection to OPNsense and checks if there is any pending updates and if there are, it sends a message with details.
Based on the script by Bart J. Smit, 'ObecalpEffect' and Franco Fichtner, forked from https://github.com/bartsmit/opnsense-update-email.
It's recommended to create a user with access restricted to the API endpoints required to retrieve update information needed by the script. The steps to do this are as follows:
-
Add a new group under
System
>Access
>Groups
. All that is required here isGroup name
. -
After creating the group, click on
Edit
for the newly created group. UnderAssigned Privileges
clickEdit
. -
Scroll down to or search for
System: Firmware
. Tick to add the priviledges to the group (click thei
to view the endpoints). -
Add a new user under
System
>Access
>Users
.-
Provide a
Username
. -
Under
Password
tickGenerate a scrambled password to prevent local database logins for this user.
. -
Then under
Group Memberships
click the previously created group and clickAdd groups
(->
).
-
-
After creating the new user, click on
Edit
. UnderAPI keys
clickCreate API key
(+
). Your browser will prompt you to download or open a text file. This file will have theapi_key
andapi_secret
values used in the config (see the Config below).
The configuration file config.yml
has three main sections (see config.yml.example
). The already filled in values in the example config are the defaults.
opnsense:
host:
self_signed: true
api_key:
api_secret:
host
is either the ip address or hostname of the OPNsense web interface.
self_signed
refers to whether the TLS certificate is self signed or not, it maybe be either true
or false
. Since OPNsense creates it's own self signed cert by default, the default for this value is true
.
api_key
and api_secret
refers to the values provided in step 5 of the Setup section above.
emitter: telegram
The emitter
refers to one of the message services listed in the subsections below (only Telegram for now).
telegram:
token:
chatid:
token
is the token for the Telegram bot, which is provided by creating a bot by following the steps provided in the Telegram bot API documentation.
chatid
is the unique identifier for the target chat. It can be obtained by messaging the bot and executing the following command (replace $BOT_TOKEN
). The ID may be found at "chat": {"id": 12345678},
:
curl https://api.telegram.org/bot$BOT_TOKEN/getUpdates | python -m json.tool