2021-12-09 11:03:38 +01:00
|
|
|
|
# EvoBSD 7.0.0
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
EvoBSD is an ansible project used for customising OpenBSD hosts
|
|
|
|
|
used by Evolix.
|
|
|
|
|
|
|
|
|
|
## How to install an OpenBSD machine
|
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
**Note :** The system must be installed with a root account only.
|
|
|
|
|
Put your public key in the remote root's autorized_keys
|
|
|
|
|
(/root/.ssh/authorized_keys)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-06-04 13:23:06 -04:00
|
|
|
|
1. Install ansible's prerequisites
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
|
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:23:06 -04:00
|
|
|
|
2. Run it
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-10-23 11:40:22 +02:00
|
|
|
|
First use (become_method: su) :
|
2020-09-10 11:54:21 +02:00
|
|
|
|
|
|
|
|
|
```
|
2020-10-23 11:40:22 +02:00
|
|
|
|
ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -u root -l HOSTNAME
|
2020-09-10 11:54:21 +02:00
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Subsequent use (become_method: sudo) :
|
|
|
|
|
|
2018-12-28 11:23:49 +01:00
|
|
|
|
```
|
2020-10-23 11:40:22 +02:00
|
|
|
|
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME
|
2018-12-28 11:23:49 +01:00
|
|
|
|
```
|
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
### Testing
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
Changes can be tested by using [Packer](https://www.packer.io/) and
|
|
|
|
|
[vmm(4)](https://man.openbsd.org/vmm.4) :
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* This process depends on the [Go](https://golang.org/) programming language.
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-10-23 11:40:22 +02:00
|
|
|
|
**Packages**
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
Needing a Golang eco system and some basics
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
````
|
|
|
|
|
pkg_add go-- packer-- git--
|
|
|
|
|
````
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
* We use the [packer-builder-openbsd-vmm](https://github.com/double-p/packer-builder-openbsd-vmm) project to bridge Packer and vmm(4)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
````
|
|
|
|
|
git clone https://github.com/double-p/packer-builder-openbsd-vmm.git
|
|
|
|
|
````
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-10-23 11:40:22 +02:00
|
|
|
|
**builds**
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
Set ````GOPATH```` (default: ~/go), if the 1.4GB dependencies wont fit.
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
````
|
|
|
|
|
make
|
|
|
|
|
make install
|
|
|
|
|
````
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
* You need your unprivileged user to be able to run vmctl(8) through doas(1)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
2020-09-10 11:54:21 +02:00
|
|
|
|
echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf
|
2018-12-28 11:23:49 +01:00
|
|
|
|
```
|
|
|
|
|
|
2020-09-10 11:54:21 +02:00
|
|
|
|
See packer-builder-openbsd-vmm/examples/README.examples for further instructions
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* Enable NAT on your host machine
|
2019-01-02 14:35:20 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
pass out on em0 inet from tap0:network to any nat-to (em0)
|
|
|
|
|
```
|
|
|
|
|
*assuming em0 is your egress interface*
|
|
|
|
|
|
2018-12-28 11:23:49 +01:00
|
|
|
|
## Contributions
|
2019-01-03 12:53:58 -05:00
|
|
|
|
See the [contribution guidelines](CONTRIBUTING.md)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
## License
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2019-01-02 14:35:20 +01:00
|
|
|
|
[MIT License](LICENSE)
|