Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ricostuart

Pages1
#1
General Discussion / Beszel-agent install script - Hope it helps
Today at 12:14:06 PM
I've had beszel-agent running for a while now on my opnsense router and I have seen that a fair number of people want to have it running as well. I have it so that it auto runs each reboot, etc. The only thing I havent gotten around to is having it auto update. But in the mean time to make my own life easier, I have a script that auto installs it or updates it as needed. It will even check against the supplied checksum that is available on github (in an uncommon format as well). Hope it helps!


I have this as a script file in the root directory that you go in using terminal (I use terminus btw which is really very good!)

1. Login to opnsense ssh#
2. nano install_update_beszel.sh
3. paste the code
4. save/exit
5. chmod +x install_update_beszel.sh
6. ./install_update_beszel.sh
7. You will be prompted for your key if you havent already installed beszel-agent.
 
Code Select
#!/bin/sh

set -e   # exit on error

# =============================
# Paths / Constants
# =============================
BIN_PATH="/usr/local/sbin/beszel-agent"
RC_SYSHOOK="/usr/local/etc/rc.syshook.d/start/90-beszel-agent"
ACTIONS_CONF="/usr/local/opnsense/service/conf/actions.d/actions_beszel-agent.conf"
RC_SCRIPT="/usr/local/etc/rc.beszel-agent"
VERSION_FILE="/usr/local/etc/beszel-agent-version"
TMPDIR="/tmp"

say() {
  echo "[*] $1"
}

error_exit() {
  echo "[ERROR] $1" >&2
  exit 1
}

# =============================
# Detect install status
# =============================
installed=false
if [ -f "$BIN_PATH" ]; then
  installed=true
  say "beszel-agent binary found at $BIN_PATH"
  if pgrep -f "beszel-agent" >/dev/null 2>&1; then
    say "beszel-agent is running"
  else
    say "beszel-agent installed but not running"
  fi
else
  say "beszel-agent is not installed"
fi

if [ "$installed" = false ]; then
  printf "Would you like to install beszel-agent? (y/n): "
  read ans
  case "$ans" in
    y|Y) ;;
    *) say "Aborting."; exit 0 ;;
  esac
fi

# =============================
# Ensure wget is available
# =============================
if ! command -v wget >/dev/null 2>&1; then
  say "wget not present, installing..."
  pkg install -y wget || error_exit "Failed to install wget"
fi

# =============================
# Fetch latest release metadata
# =============================
say "Fetching latest release metadata..."
api_json=$(wget -qO - https://api.github.com/repos/henrygd/beszel/releases/latest) || error_exit "Could not fetch release metadata"

LATEST_URL=$(echo "$api_json" | grep browser_download_url | grep freebsd | grep tar.gz | head -n1 | cut -d '"' -f 4)
if [ -z "$LATEST_URL" ]; then
  error_exit "Could not determine FreeBSD download URL"
fi

LATEST_VERSION=$(echo "$LATEST_URL" | sed -E 's#.*/download/([^/]+)/.*#\1#')
say "Latest version: $LATEST_VERSION"

# Compare to current version if known
if [ -f "$VERSION_FILE" ]; then
  cur=$(cat "$VERSION_FILE")
  if [ "$cur" = "$LATEST_VERSION" ]; then
    say "Already at latest version $cur — nothing to do."
    exit 0
  else
    say "Updating from $cur to $LATEST_VERSION"
  fi
fi

# =============================
# Download archive + checksums
# =============================
ARCHIVE_NAME=$(basename "$LATEST_URL")
say "Downloading $ARCHIVE_NAME ..."
wget -O "$TMPDIR/$ARCHIVE_NAME" "$LATEST_URL" || error_exit "Download failed"

CHECKSUMS_URL=$(echo "$api_json" | grep browser_download_url | grep "${LATEST_VERSION}_checksums.txt" | cut -d '"' -f 4)
if [ -z "$CHECKSUMS_URL" ]; then
  error_exit "Could not find checksum file in release assets"
fi

say "Downloading checksums..."
wget -O "$TMPDIR/checksums.txt" "$CHECKSUMS_URL" || error_exit "Failed to download checksum file"

# =============================
# Verify checksum
# =============================
EXPECTED=$(grep "  $ARCHIVE_NAME" "$TMPDIR/checksums.txt" | awk '{print $1}')
if [ -z "$EXPECTED" ]; then
  error_exit "Checksum for $ARCHIVE_NAME not found in checksums.txt"
fi

ACTUAL=$(sha256 -q "$TMPDIR/$ARCHIVE_NAME" 2>/dev/null || sha256sum "$TMPDIR/$ARCHIVE_NAME" | awk '{print $1}')

say "Expected: $EXPECTED"
say "Actual:   $ACTUAL"

if [ "$EXPECTED" != "$ACTUAL" ]; then
  error_exit "Checksum mismatch for $ARCHIVE_NAME"
else
  say "Checksum OK"
fi

# =============================
# Extract binary
# =============================
say "Extracting archive..."
tar -xzf "$TMPDIR/$ARCHIVE_NAME" -C "$TMPDIR" || error_exit "Extraction failed"
EXTRACTED_BIN=$(find "$TMPDIR" -type f -name "beszel-agent" | head -n1)
[ -z "$EXTRACTED_BIN" ] && error_exit "Could not locate beszel-agent binary"
chmod +x "$EXTRACTED_BIN"

# =============================
# Install binary
# =============================
if [ "$installed" = true ]; then
  say "Stopping existing agent..."
  configctl beszel-agent stop 2>/dev/null || say "Could not stop (maybe not running)"
  rm -f "$BIN_PATH"
fi

say "Installing binary..."
mv "$EXTRACTED_BIN" "$BIN_PATH"
chmod +x "$BIN_PATH"

# Cleanup temp files
rm -f "$TMPDIR/$ARCHIVE_NAME" "$TMPDIR/checksums.txt"

# =============================
# Create integration files
# =============================
if [ ! -f "$RC_SYSHOOK" ]; then
  say "Creating $RC_SYSHOOK"
  mkdir -p "$(dirname "$RC_SYSHOOK")"
  cat > "$RC_SYSHOOK" <<EOF
#!/bin/sh
echo -n "Starting Beszel Agent"
configctl beszel-agent restart
EOF
  chmod +x "$RC_SYSHOOK"
fi

if [ ! -f "$ACTIONS_CONF" ]; then
  say "Creating $ACTIONS_CONF"
  mkdir -p "$(dirname "$ACTIONS_CONF")"
  cat > "$ACTIONS_CONF" <<EOF
[start]
command:sh /usr/local/etc/rc.beszel-agent &
parameters:
type:script
message:Starting beszel-agent
description:Starting beszel-agent service

[restart]
command:sh /usr/local/etc/rc.beszel-agent &
parameters:
type:script
message:Restarting beszel-agent

[stop]
command:ps -ef | pgrep -f "beszel-agent" | xargs kill -9
parameters:
type:script
message:Stopping beszel-agent
EOF
fi

if [ ! -f "$RC_SCRIPT" ]; then
  say "Creating $RC_SCRIPT"
  printf "Enter your Beszel agent key: "
  read USER_KEY
  cat > "$RC_SCRIPT" <<EOF
#!/bin/sh
KEY="$USER_KEY" /usr/local/sbin/beszel-agent
EOF
  chmod +x "$RC_SCRIPT"
fi

# =============================
# Restart + save version
# =============================
say "Restarting configd..."
service configd restart

say "Starting beszel-agent..."
configctl beszel-agent start || error_exit "Failed to start beszel-agent"

echo "$LATEST_VERSION" > "$VERSION_FILE"
say "beszel-agent $LATEST_VERSION installed successfully."
#2
24.7, 24.10 Series / Re: Problem with latest update
January 20, 2025, 02:57:52 PM
Here is a github link that helped me find the issue: https://github.com/opnsense/core/issues/8128
#3
24.7, 24.10 Series / Re: Problem with latest update
January 20, 2025, 02:57:32 PM
So after some searching, it seems a change in kea / unbound has caused it to error out if there are any spaces and / or any underscores. So I went through it all and changed all reservations to have neither of those. This then allowed unbound to startup. Chagned adguard back to the original settings and it seems to be working again.
#4
24.7, 24.10 Series / Problem with latest update
January 20, 2025, 02:43:34 PM
I've just updated opnsense to 24.7.12. Now the internet stopped working.
My setup is-
Opnsense running as vm in proxmox
Adguardhome running as plugin in opnsense

opnsense used adguard as primary dns --> unbound as upstream dns --> kea as dhcp in opnsense.

It seems that unbound will not load:

Code Select
Script action failed with Command '/usr/local/opnsense/scripts/unbound/wrapper.py -s ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 413, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/unbound/wrapper.py -s ' returned non-zero exit status 1.
I changed my adguard settings to bypass unbound to 1.1.1.1 and have it running again.
What has changed with unbound? Is there a way to find out what exactly is going wrong?
#5
General Discussion / [Q] how do I QoS for a specific MAC?
October 29, 2024, 11:28:54 AM
I've got a 1gig fttp wan going to my opnsense fw. My wife works from home and has to have her work laptop connected via her work vpn. What I would like to know is, how do I ensure that her laptop has a good connection? Was thinking of a qos rule to give dedicated 25mbps using her mac address but I'm not sure how to do that. I looked at the documentation but I'm still not clear.

The setup is the modem is connected to my proxmox server which is hosting the opnsense fw. Opensense is running with kea ipv4, agh and unbounded. Eventually I want opnsense to also push data through a vpn.

Thanks for any helpful tips or guides!
#6
General Discussion / [q]setting up vpn
October 19, 2024, 12:06:27 AM
I've got my opnsense box setup running adguard (plugin), unbound and kea dhcp. It all works quite well. I have it so adguard dns is set to 127.0.0.1:53535 (unbound) for upstream, bootstrap and private reverse dns. unbound uses cloudflare (1.1.1.1 and 1.0.0.1) for the dns over tls.

Now my VPN provider supplies DNS Server, DNS-over-HTTP or DNS-over-TLS addresses. However for the DNS Server, there isnt any ports supplied (presumably will be 853 like everyone else) nor a server address, just the IP. For the DoH and DoT it supplies just the address, no ip or port. Can these be used in unbound?

Cheers!
Pages1