a commit post-hook for vyos to automatically sync config commits to your (remote) git repository
originally from https://blog.billclark.io/vyos-configuration-backup-automation-with-git
NOTE: You need to use a custom build of VyOS that includes git. I have one with some other additions at https://github.com/b-/vyos-build-action but you really should make your own. How can you trust that I haven't tampered with it?
Create a (hosted, private) git repo that is accessible from the router. This repository WILL contain private information such as WireGuard private keys from the router, so you really need to make it private. I'm using a private repo on GitHub.com, but Bill uses a self-hosted repo because that's more trustworthy.
Since it matches my setup and will be easy for me, let's assume your git repository is hosted at https://github.com/username/vyos-config.
this will allow you to use one repository for multiple routers. I don't know if this really is ideal or not, but it works. Probably significantly less secure.
vyos@vyos$ ssh-keygen -t ed25519 -f /config/user-data/ssh_git_deploy
vyos@vyos$ cat /config/user-data/ssh_git_deploy.pub
vyos@vyos$ git clone \
-c "core.sshCommand=ssh -F/dev/null -i/config/user-data/ssh_git_deploy" \
-c "user.email=vyos@vyos" \
-c "user.name=vyos router" \
git@github.com:briorg/vyos-config \
-b vyos.home.ibeep.com --single-branch \
/config/user-data/vyos-config
vyos@vyos$ git clone https://github.com/b-/vyos-git-commit /config/user-data/vyos-git-commit
Cloning into 'vyos-git-commit'...
remote: Enumerating objects: 42, done.
remote: Counting objects: 100% (42/42), done.
remote: Compressing objects: 100% (23/23), done.
remote: Total 42 (delta 10), reused 37 (delta 8), pack-reused 0
Receiving objects: 100% (42/42), 7.14 KiB | 3.57 MiB/s, done.
Resolving deltas: 100% (10/10), done.
vyos@vyos$ mkdir /config/scripts/commit/post-hooks.d -p
vyos@vyos$ ln -s /config/user-data/vyos-git-commit/99-git-commit /config/scripts/commit/post-hooks.d/
That's it!
You can test it by changing the config, and making a commit:
vyos@vyos$ configure
[edit]
vyos@vyos# set firewall group network-group foo
[edit]
vyos@vyos# commit
> [ 2023-04-12T00:43:02 UTC ] Beginning git commit & push...
> [ 2023-04-12T00:43:02 UTC ] Ensuring our local repo is up-to-date...
Already up to date.
> [ 2023-04-12T00:43:02 UTC ] Saving configuration files...
> [ 2023-04-12T00:43:02 UTC ] Staging changes...
> [ 2023-04-12T00:43:02 UTC ] Committing changes...
[vyos a8a4eb6] Auto-triggered by vyos@vyos config commit: 2023-04-12T00:43:02 UTC
2 files changed, 3 deletions(-)
> [ 2023-04-12T00:43:02 UTC ] Pushing changes to remote repository...
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 2 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 427 bytes | 427.00 KiB/s, done.
Total 4 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
To github.com:briorg/vyos-config
e17d766..a8a4eb6 vyos -> vyos
> [ 2023-04-12T00:43:02 UTC ] Git commit & push completed.