FastAPI tool to generate pfSense config XML from a baseline template, with IPAM-backed allocation.
/dashboard/pfsense-config//dashboard/pfsense-config/adminX-Forwarded-User / X-Auth-User / groups)rpc_session) if enabledInputs:
customer_namehostnameLAN Subnet dropdown (/28 to /16)LAN Network/IP dropdown defaults to host-octet mapping (10.0.X.0/<mask>) from WireGuard/Loopback selectionLAN IP also supports IPAM free-range optionsLAN IP override text field (optional)Loopback auto next free /32 from configured loopback CIDRLoopback override text field (optional)snmp_locationActions:
snmp_location (off/warn/strict in Admin Settings)/opt/rpc/pfsense-configs/from-pfsense-config-toolConfigurable in-app:
loopback_cidr (default 192.168.255.0/24)loopback_subnet_id (IPAM subnet ID for loopbacks)lan_pool_subnet_id (IPAM subnet ID used to derive next free LAN ranges)ipam_section_id (section used for subnet creation)lan_gateway_host_offset (typically 1)reserve_ipam default on/offusps_validate_mode (off, warn, strict)loopback_subnet_idwireguard_subnet_idlan_pool_subnet_idSettings are stored in SQLite (/data/settings.sqlite3).
TEMPLATE_XML_PATH=/opt/pfsense-template/Nate_Base_Config.xmlSETTINGS_DB_PATH=/data/settings.sqlite3OUTPUT_XML_DIR=/opt/pfsense-config-output/from-pfsense-config-toolADMIN_USERS=nateTRUSTED_AUTH_HEADERS=1ALLOW_RPC_SESSION_FALLBACK=1RPC_DASHBOARD_AUTH_URL=http://rpc_dashboard_api:8000/dashboard/api/auth/meIPAM DB:
IPAM_DB_HOST=phpipam-dbIPAM_DB_PORT=3306IPAM_DB_USER=ipamIPAM_DB_PASSWORD=ipampassIPAM_DB_NAME=phpipamUSPS (optional):
USPS_CLIENT_ID=<your usps client id>USPS_CLIENT_SECRET=<your usps client secret>USPS_OAUTH_URL=https://apis.usps.com/oauth2/v3/tokenUSPS_ADDRESS_URL=https://apis.usps.com/addresses/v3/addressUSPS_TIMEOUT_SECONDS=8Location suggestions:
LOCATION_SUGGEST_PROVIDER=nominatimLOCATION_SUGGEST_LIMIT=8NOMINATIM_SEARCH_URL=https://nominatim.openstreetmap.org/searchcd /home/nate/rpc-dashboard/pfsense-config-tool
docker compose up -d --build
/opt/rpc/pfsense-template/Nate_Base_Config.xmledge and phpipam_default Docker networksThis app is designed to run behind an existing auth gateway/reverse proxy.
Required behavior:
X-Forwarded-UserX-Auth-UserRemote-UserX-Forwarded-GroupsX-Auth-GroupsApp authorization logic:
admin or admins.ADMIN_USERS (comma-separated env var).Recommended proxy hardening: