chore: Reorganize file tree for easier onboarding. Rust project now at the root for simple git clone && cargo run

data/watchguard/ansible/ansible-api-test.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# You first need to do a few things on opnsense web interface:
+# - enable ssh
+# - create a nationtech user (member of admin) with an API key (system / access /users)
+# - get an API key / secret
+
+#ansible-galaxy collection install ansible.posix
+#ansible-galaxy collection install ansibleguy.opnsense
+
+export API_KEY="wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL"
+export API_SECRET="eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr"
+
+ansible-playbook apiCallTest.yml \
+  -e API_URL="https://192.168.1.1/api" \
+  -e API_KEY="${API_KEY}" \
+  -e API_SECRET="${API_SECRET}"
+

data/watchguard/ansible/apiCallTest.yml

@@ -0,0 +1,26 @@
+---
+- name: Make an HTTPS API call with basic auth
+  hosts: localhost
+  gather_facts: no
+
+  tasks:
+    - name: Make API call
+      uri:
+        #url: "https://192.168.1.1/api/dhcpv4/leases/searchLease/"
+        #url: "{{ API_URL }}/dhcpv4/leases/searchLease/"
+        #url: "{{ API_URL }}/core/system/status"
+        #url: "{{ API_URL }}/core/menu/search/?=1725020077211"
+        url: "{{ API_URL }}/dhcpv4/service/status/"
+        #https://192.168.1.1/api/core/menu/search/?_=1725020077211
+        method: GET
+        user: "{{ API_KEY }}"
+        password: "{{ API_SECRET }}"
+        force_basic_auth: yes
+        validate_certs: no
+        return_content: yes
+      register: api_response
+
+    - name: Print API response
+      debug:
+        var: api_response.content
+

data/watchguard/ansible/configure_dhcp.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# You first need to do a few things on opnsense web interface:
+# - enable ssh
+# - create a nationtech user (member of admin) with an API key (system / access /users)
+# - get an API key
+# zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8	
+
+API_KEY="zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8"
+
+#ansible-galaxy collection install ansible.posix
+ansible-galaxy collection install ansibleguy.opnsense
+
+ansible-playbook network-boot.yml -i 192.168.1.1, \
+  -e opnsense_url="https://192.168.1.1/api" \
+  -e api_key="${API_KEY}" \
+  --connection=ssh
+

data/watchguard/ansible/configure_netboot.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# You first need to do a few things on opnsense web interface:
+# - enable ssh
+# - create a nationtech user (member of admin) with an API key (system / access /users)
+# - get an API key / secret
+
+#ansible-galaxy collection install ansible.posix
+#ansible-galaxy collection install ansibleguy.opnsense
+
+export API_KEY="wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL"
+export API_SECRET="eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr"
+
+ansible-playbook network-boot.yml.startExample \
+  -e API_URL="https://192.168.1.1/api" \
+  -e API_KEY="${API_KEY}" \
+  -e API_SECRET="${API_SECRET}" \
+  -e WEBUI_USERNAME="nationtech" \
+  -e WEBUI_PASSWORD="opnsense"
+  
+

data/watchguard/ansible/configure_tftp.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# You first need to do a few things on opnsense web interface:
+# - enable ssh
+# - create a nationtech user (member of admin) with an API key (system / access /users)
+# - get an API key
+
+ansible-galaxy collection install ansible.posix
+
+ansible-playbook tftp.yml -i 192.168.1.1, -e ansible_user=root -e ansible_password=opnsense --connection=ssh
+

data/watchguard/ansible/curl-api-test.sh

@@ -0,0 +1,7 @@
+## POST example
+#curl -XPOST -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/core/firmware/update
+
+## GET Examples
+#curl -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/core/firmware/status
+
+curl -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/dhcpv4/leases/searchLease/

data/watchguard/ansible/dhcp-network-boot.yml

@@ -0,0 +1,35 @@
+---
+#- hosts: all
+#  connection: local  # execute modules on controller
+#  gather_facts: no
+#  module_defaults:
+#    - name: Example
+#      ansibleguy.opnsense.alias:
+#        firewall: "{{ ansible_host }}"
+#        api_credential_file: "./opnsense.key"
+#
+#    tasks:
+#    - name: Example
+#      ansibleguy.opnsense.alias:
+#        name: 'ANSIBLE_TEST1'
+#        content: ['1.1.1.1']
+
+- name: Get list of users from OPNsense
+  hosts: localhost
+  gather_facts: no
+
+  tasks:
+    - name: Retrieve users
+      uri:
+        url: "{{ opnsense_url }}/api/system/user"
+        method: GET
+        headers:
+          Authorization: "Bearer {{ api_key }}"
+          Content-Type: "application/json"
+        validate_certs: no
+      register: users_response
+
+    - name: Display list of users
+      debug:
+        msg: "{{ users_response.json }}"
+

data/watchguard/ansible/nationtech-apikey.txt

@@ -0,0 +1,2 @@
+key=wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL
+secret=eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr

data/watchguard/ansible/network-boot.yml

@@ -0,0 +1,101 @@
+---
+- name: Log in to OPNsense and obtain PHPSESSID and CSRF token
+  hosts: localhost
+  gather_facts: no
+  vars:
+    api_username: "your_username"
+    api_password: "your_password"
+
+  tasks:
+    - name: Perform GET request to initiate session and retrieve PHPSESSID
+      uri:
+        url: "https://192.168.1.1/"
+        method: GET
+        user: "{{ WEBUI_USERNAME }}"
+        password: "{{ WEBUI_PASSWORD }}"
+        headers:
+          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
+        validate_certs: no
+        return_content: yes
+      register: login_page
+
+    - name: Extract PHPSESSID from response cookies
+      set_fact:
+        phpsessid: "{{ login_page.cookies.PHPSESSID }}"
+
+    - name: Extract CSRF token name and value from the page content
+      set_fact:
+        csrf_tokens: "{{ login_page.content | regex_findall('<input[^>]*type=\"hidden\"[^>]*name=\"([^\"]+)\"[^>]*value=\"([^\"]+)\"') }}"
+
+    - name: Set CSRF token name and value
+      set_fact:
+        csrf_token_name: "{{ csrf_tokens[0][0] if csrf_tokens | length > 0 else 'Not found' }}"
+        csrf_token_value: "{{ csrf_tokens[0][1] if csrf_tokens | length > 0 else 'Not found' }}"
+
+    - name: Display the PHPSESSID and CSRF token details
+      debug:
+        msg: "PHPSESSID is {{ phpsessid }}, CSRF token name is {{ csrf_token_name }}, CSRF token value is {{ csrf_token_value }}"
+
+    - name: Construct body
+      set_fact:
+        request_body: |
+          {{ csrf_token_name}}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save'
+
+    - name: Post data to services_dhcp.php
+      uri:
+        url: "https://192.168.1.1/services_dhcp.php?if=lan"
+        method: POST
+        headers:
+          Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+          Accept-Language: "en,fr;q=0.9,en-GB;q=0.8,en-US;q=0.7"
+          Cache-Control: "no-cache"
+          Content-Type: "application/x-www-form-urlencoded"
+          Cookie: "PHPSESSID={{ phpsessid }}"
+          Origin: "https://192.168.1.1"
+          Pragma: "no-cache"
+          Priority: "u=0, i"
+          Referer: "https://192.168.1.1/services_dhcp.php?if=lan"
+          Sec-Ch-Ua: '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"'
+          Sec-Ch-Ua-Mobile: "?0"
+          Sec-Ch-Ua-Platform: '"Linux"'
+          Sec-Fetch-Dest: "document"
+          Sec-Fetch-Mode: "navigate"
+          Sec-Fetch-Site: "same-origin"
+          Sec-Fetch-User: "?1"
+          Upgrade-Insecure-Requests: "1"
+          User-Agent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
+        body: |
+          {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save
+        body_format: raw
+        validate_certs: no
+      register: response
+
+#    - name: Send POST request to update DHCP settings
+#      uri:
+#        url: "https://192.168.1.1/services_dhcp.php?if=lan"
+#        method: POST
+#        headers:
+#          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
+#          Content-Type: 'application/x-www-form-urlencoded'
+#          Cookie: "PHPSESSID={{ phpsessid }}"
+#          Origin: "https://192.168.1.1"
+#          Referer: "https://192.168.1.1/services_dhcp.php?if=lan"
+#          X-CSRFToken: "{{ csrf_token_value }}"
+#        body_format: form-urlencoded
+#        body: "{{ request_body }}"
+#        validate_certs: no
+#        return_content: yes
+#      register: response
+
+    - name: Display the response from the DHCP update request
+      debug:
+        #msg: "{{ response.content }}"
+        msg: "{{ response }}"
+
+
+
+
+
+#        request_body: |
+#          {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save
+

data/watchguard/ansible/network-boot.yml.bakMarchePas

@@ -0,0 +1,71 @@
+---
+- name: Log in to OPNsense and obtain PHPSESSID and CSRF token
+  hosts: localhost
+  gather_facts: no
+  vars:
+    api_username: "your_username"
+    api_password: "your_password"
+
+  tasks:
+    - name: Perform GET request to initiate session and retrieve PHPSESSID
+      uri:
+        url: "https://192.168.1.1/"
+        method: GET
+        user: "{{ WEBUI_USERNAME }}"
+        password: "{{ WEBUI_PASSWORD }}"
+        headers:
+          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
+        validate_certs: no
+        return_content: yes
+      register: login_page
+
+    - name: Extract PHPSESSID from response cookies
+      set_fact:
+        phpsessid: "{{ login_page.cookies.PHPSESSID }}"
+
+    - name: Extract CSRF token name and value from the page content
+      set_fact:
+        csrf_tokens: "{{ login_page.content | regex_findall('<input[^>]*type=\"hidden\"[^>]*name=\"([^\"]+)\"[^>]*value=\"([^\"]+)\"') }}"
+
+    - name: Set CSRF token name and value
+      set_fact:
+        csrf_token_name: "{{ csrf_tokens[0][0] if csrf_tokens | length > 0 else 'Not found' }}"
+        csrf_token_value: "{{ csrf_tokens[0][1] if csrf_tokens | length > 0 else 'Not found' }}"
+
+    - name: Display the PHPSESSID and CSRF token details
+      debug:
+        msg: "PHPSESSID is {{ phpsessid }}, CSRF token name is {{ csrf_token_name }}, CSRF token value is {{ csrf_token_value }}"
+
+    - name: Construct body
+      set_fact:
+        request_body: |
+          {{ csrf_token_name}}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save'
+
+    - name: Send POST request to update DHCP settings
+      uri:
+        url: "https://192.168.1.1/services_dhcp.php?if=lan"
+        method: POST
+        headers:
+          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
+          Content-Type: 'application/x-www-form-urlencoded'
+          Cookie: "PHPSESSID={{ phpsessid }}"
+          Origin: "https://192.168.1.1"
+          Referer: "https://192.168.1.1/services_dhcp.php?if=lan"
+          X-CSRFToken: "{{ csrf_token_value }}"
+        body_format: form-urlencoded
+        body: "{{ request_body }}"
+        validate_certs: no
+        return_content: yes
+      register: dhcp_update_response
+
+    - name: Display the response from the DHCP update request
+      debug:
+        msg: "{{ dhcp_update_response.content }}"
+
+
+
+
+
+#        request_body: |
+#          {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save
+

data/watchguard/ansible/network-boot.yml.startExample

@@ -0,0 +1,47 @@
+---
+- name: Make an HTTPS API call with basic auth
+  hosts: localhost
+  gather_facts: no
+
+  tasks:
+    - name: Enable network booting via API
+      uri:
+        #url: "{{ API_URL }}/dhcpv4/service/reconfigure?if=lan"
+        #url: "{{ API_URL }}/dhcpv4/service/start"
+        url: "{{ API_URL }}/dhcpv4/service/reconfigure"
+        method: POST
+        user: "{{ API_KEY }}"
+        password: "{{ API_SECRET }}"
+        force_basic_auth: yes
+        headers:
+          Content-Type: "application/json"
+        body: >
+          {
+              "enable": "no",
+              "submit": "Save",
+              "if": "lan"
+          }
+        body_format: json
+        validate_certs: no
+        return_content: yes
+      register: api_response
+
+    - name: Print API response
+      debug:
+        var: api_response.content
+
+#          {
+#            "interface": "lan",
+#            "next-server": "{{ tftp_server_ip }}",
+#            "filename": "{{ bootfile }}",
+#            "root-path": "{{ root_path }}"
+#          }
+#
+#        body: >
+#          {
+#            "lan": {
+#              "enable": "yes",
+#              "submit": "Save",
+#              "if": "lan"
+#            }
+#          }

data/watchguard/ansible/opnsense.key

@@ -0,0 +1 @@
+zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8

data/watchguard/ansible/tftp.yml

@@ -0,0 +1,39 @@
+---
+- name: Configure inetd service and uncomment tftp lines
+  hosts: all
+  gather_facts: no
+  tasks:
+    - name: Enable inetd in /etc/rc.conf
+      lineinfile:
+        path: /etc/rc.conf
+        line: 'inetd_enable="YES"'
+        create: yes
+        state: present
+      become: yes
+
+    - name: Uncomment tftp lines in /etc/inetd.conf
+      lineinfile:
+        path: /etc/inetd.conf
+        regexp: '^#\s*(tftp.*)'
+        line: '\1'
+        backrefs: yes
+        state: present
+      become: yes
+      with_items: # I don't like that but it works...
+        - 'tftp'
+        - 'tftp'
+
+    - name: Create /tftpboot directory
+      file:
+        path: /tftpboot
+        state: directory
+        owner: root
+        group: wheel
+        mode: '0755'
+      become: yes
+
+    - name: Restart inetd service
+      service:
+        name: inetd
+        state: restarted
+      become: yes