Skip to content

Latest commit

 

History

History
86 lines (71 loc) · 3.74 KB

README.md

File metadata and controls

86 lines (71 loc) · 3.74 KB

vyos-git-commit

a commit post-hook for vyos to automatically sync config commits to your (remote) git repository

originally from https://blog.billclark.io/vyos-configuration-backup-automation-with-git

NOTE: You need to use a custom build of VyOS that includes git. I have one with some other additions at https://github.com/b-/vyos-build-action but you really should make your own. How can you trust that I haven't tampered with it?

Installation steps

1. Create a PRIVATE git repository

Create a (hosted, private) git repo that is accessible from the router. This repository WILL contain private information such as WireGuard private keys from the router, so you really need to make it private. I'm using a private repo on GitHub.com, but Bill uses a self-hosted repo because that's more trustworthy.

Since it matches my setup and will be easy for me, let's assume your git repository is hosted at https://github.com/username/vyos-config.

2. Optional: create a branch specific for this router

this will allow you to use one repository for multiple routers. I don't know if this really is ideal or not, but it works. Probably significantly less secure.

3. Log into the router, and create a new private key in /config/user-data:

vyos@vyos$ ssh-keygen -t ed25519 -f /config/user-data/ssh_git_deploy
vyos@vyos$ cat /config/user-data/ssh_git_deploy.pub 

4. Upload that private key to your git host as a Deploy Key with write access

image

5. Clone your git repository using the new private key into /config/user-data/vyos-config

vyos@vyos$ git clone \
  -c "core.sshCommand=ssh -F/dev/null -i/config/user-data/ssh_git_deploy" \
  -c "user.email=vyos@vyos" \
  -c "user.name=vyos router" \
  [email protected]:briorg/vyos-config \
  -b vyos.home.ibeep.com --single-branch \
  /config/user-data/vyos-config

6. Clone this repository

vyos@vyos$ git clone https://github.com/b-/vyos-git-commit /config/user-data/vyos-git-commit
Cloning into 'vyos-git-commit'...
remote: Enumerating objects: 42, done.
remote: Counting objects: 100% (42/42), done.
remote: Compressing objects: 100% (23/23), done.
remote: Total 42 (delta 10), reused 37 (delta 8), pack-reused 0
Receiving objects: 100% (42/42), 7.14 KiB | 3.57 MiB/s, done.
Resolving deltas: 100% (10/10), done.

7. symlink the script into place

vyos@vyos$ mkdir /config/scripts/commit/post-hooks.d -p
vyos@vyos$ ln -s /config/user-data/vyos-git-commit/99-git-commit /config/scripts/commit/post-hooks.d/

That's it!

You can test it by changing the config, and making a commit:

vyos@vyos$ configure
[edit]
vyos@vyos# set firewall group network-group foo
[edit]
vyos@vyos# commit
> [ 2023-04-12T00:43:02 UTC ] Beginning git commit & push...
> [ 2023-04-12T00:43:02 UTC ] Ensuring our local repo is up-to-date...
Already up to date.
> [ 2023-04-12T00:43:02 UTC ] Saving configuration files...
> [ 2023-04-12T00:43:02 UTC ] Staging changes...
> [ 2023-04-12T00:43:02 UTC ] Committing changes...
[vyos a8a4eb6] Auto-triggered by vyos@vyos config commit: 2023-04-12T00:43:02 UTC
 2 files changed, 3 deletions(-)
> [ 2023-04-12T00:43:02 UTC ] Pushing changes to remote repository...
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 2 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 427 bytes | 427.00 KiB/s, done.
Total 4 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
To github.com:briorg/vyos-config
   e17d766..a8a4eb6  vyos -> vyos
> [ 2023-04-12T00:43:02 UTC ] Git commit & push completed.