EvoBSD is a set of Ansible playbooks and roles providing a customisation of the OpenBSD operating system used by Evolix.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Jérémy Dubois d956d5c6ba Import evocheck 6.7.3 1 week ago
roles Import evocheck 6.7.3 1 week ago
tasks Corrects yaml line break. 1 month ago
vars Fix yaml lint lines too long 2 months ago
.drone.yml fix forgotten quote in .drone.yml 2 months ago
.gitignore Add file to .gitignore 3 months ago
CONTRIBUTING.md Apply fix in last commit to other markdown files 2 months ago
LICENSE Add license file 1 year ago
README.md Misunderstood syntax for unordered lists in markdown 2 months ago
evolixisation.yml Add arguments and details for first evolixisation 1 month ago
hosts Add initial project 1 year ago
prerequisite.yml Fix yaml lint lines too long 2 months ago

README.md

EvoBSD 1.0

EvoBSD is an ansible project used for customising OpenBSD hosts used by Evolix.

How to install an OpenBSD machine

Note : The system must be installed with a root account only. Put your public key in the remote root’s autorized_keys (/root/.ssh/authorized_keys)

  1. Install ansible’s prerequisites
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
  1. Run it
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME

Testing

Changes can be tested by using Packer and vmm(4) :

  • This process depends on the Go programming language.
# pkg_add go packer
$ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm
  • Here is an example build file
$ vim openbsd.json
{
  "description": "OpenBSD installation on vmm(4)",

  "variables": {
    "hostname":    "evobsd",
    "domain":      "example.com",

    "password": "evolix"
  },

  "builders": [
    {
      "type":      "vmm",
      "vm_name":   "evobsd",
      "disk_size": "2G",
      "format":    "qcow2",
      "mem_size":  "1024M",

      "iso_urls":          ["downloads/install64.fs", "https://ftp.nluug.nl/pub/OpenBSD/6.4/amd64/install64.fs"],
      "iso_checksum":      "7aa4344cb39efbf67300f97ac7eec005b607e8c19d4e31a0a593a8ee2b7136e4",
      "iso_checksum_type": "sha256",

      "boot_wait": "10s",
      "boot_command": [
        "S<enter>",

        "cat <<EOF >disklabel.template<enter>",
        "/ 1G-* 100%<enter>",
        "EOF<enter>",

        "cat <<EOF >install.conf<enter>",
        "System hostname = {{user `hostname`}}<enter>",
        "DNS domain name = {{user `domain`}}<enter>",
        "Password for root account = {{user `password`}}<enter>",
        "Do you expect to run the X Window System = no<enter>",
        "Setup a user = no<enter>",
        "Which disk is the root disk = sd1<enter>",
        "Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = c<enter>",
        "URL to autopartitioning template for disklabel = file://disklabel.template<enter>",
        "Location of sets = disk<enter>",
        "Is the disk partition already mounted = no<enter>",
        "Set name(s) = -bsd.rd<enter>",
        "Set name(s) = done<enter>",
        "Directory does not contain SHA256.sig. Continue without verification = yes<enter>",
        "What timezone are you in = Europe/Paris<enter>",
        "EOF<enter>",

        "install -af install.conf<enter>",
        "<wait2m>",

        "/sbin/halt -p<enter><wait15>"
      ]
    }
  ]
}
  • You need your unprivileged user to be able to run vmctl(8) through doas(1)
# echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf
  • Build the virtual machine
$ packer build openbsd.json
  • Start it
doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2
  • Enable NAT on your host machine
pass out on em0 inet from tap0:network to any nat-to (em0)

assuming em0 is your egress interface

Contributions

See the contribution guidelines

License

MIT License