Hello !
I’m looking for a way to automate the installation and configuration of IPFire in a Proxmox environment.
Is there any way to configure the IP/SSH access for the virtual machine before starting it ? This would allow me to connect via SSH and configure the firewall using the CLI commands (automated via Ansible). If I understand correctly the SSH server is disabled while the installation process isn’t completed (at which point you can enable it from the GUI).
Is the IPFire compatible with cloud-init (this would allow me to pre-configure the firewall) ?
While browsing the forum I saw some mentions of being able to include cloud-init scripts into the image but I couldn’t find any resources on how to tackle the process.
Any resources on the subject would be of great help .
Yes, but if you get it wrong it can stop ssh working at all.
To enable ssh from the console you would need to touch a file at /var/ipfire/remote/enablessh
It needs to have user:group set to nobody:nobody and permissions 644.
You would also need to add the line ENABLE_SSH=on
to the file /var/ipfire/remote/settings
Then you would need to add other lines depending on what settings in the WUI you would actually choose.
You would also need tneed to modify the /etc/ssh/sshd_config file.
If you only change the sshd_config file then the values in your WUI page would not match and if you ever pressed the Save button on it then sshd_config would be overwritten.
I am not aware of this tool as I don’t do anything with the cloud with my IPFire. However having a quick look at it then I suspect the answer will be no. Cloud-init knows what specific Operating Systems need and where they store specific information. Cloud-init does not have IPFire on its list of Operating Systems.
IPFire is not built on top of another OS. It is its own OS and so I suspect you would need to get Cloud-init to modify their code to make it work with IPFire.
Looking at the source tarball from cloud-init-24.3.1 it mentions quite a few python modules as requirements that are not installed on IPFire.
Hello,
As of my understand (and please excuse me if I’m wrong), IPFire does not have the required packages to support the installation of cloud-init (and it’s not present in the package manager (pakfire)[www.ipfire.org - Add-ons]).
I am really interested in any resources on how to install cloud-init into the VM template without compromising the security of the IPFire installation if you have any.
The usage of cloud-init would allow any person to easily pre-configure the firewall for cloud environments, so if it’s not yet possible I would be glad to help in providing such a feature.
If you want to build it as a local addon for your IPFire cloud installation then the following info from the wiki describes the process, although you might want to do it on a local physiical machine first before trying it remotely to a cloud installation.
As well as building cloud-init, you will need to also build all the dependencies (python packages etc) that are not installed in IPFire.
The lfs directory lists all the packages that are built so you can check what dependency packages are missing and need to be built before the cloud-init package.
I looked up cloud-init on Arch Linux and here are the various dependencies showing which ones are available in IPFire and which not.
Runtime dependencies
bash - yes
dhclient - no but dhcpcd is installed
python - yes
python-configobj - no
python-jinja - yes
python-jsonpatch - no
python-jsonschema - no
python-netifaces - no
python-oauthlib - no
python-pyserial - no
python-pyyaml - no
python-requests - yes
python-typing_extensions - yes
sudo - yes
systemd - no but cloud-init also supports sysv-init which IPFire-2.x uses
Build dependencies
netplan - no
python-build - yes
python-installer - no
python-setuptools - yes
python-wheel - no
Check dependencies
procps-ng - yes
python-httpretty - no
python-passlib - no
python-pytest - no
python-pytest-mock - no
python-responses - no
.