EvoBSD is a set of Ansible playbooks and roles providing a customisation of the OpenBSD operating system used by Evolix.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tristan Pilat 1efd405989 EvoBSD for OpenBSD 6.9 2 years ago
roles Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file 2 years ago
tasks Fix commit_etc_git.yml task author 2 years ago
vars Add empty vars_files for them not to generate errors 2 years ago
.drone.yml fix forgotten quote in .drone.yml 3 years ago
CHANGELOG Bump to version 6.9.0 2 years ago
CONTRIBUTING.md Apply fix in last commit to other markdown files 3 years ago
LICENSE Update copyright to 2020 2 years ago
README.md Bump to version 6.9.0 2 years ago
evolixisation.yml Add a pf tag that we skip for subsequent use 2 years ago
hosts Change default Python version to 3.x 2 years ago
prerequisite.yml Change default Python version to 3.x 2 years ago


EvoBSD 6.9.0

EvoBSD is an ansible project used for customising OpenBSD hosts used by Evolix.

How to install an OpenBSD machine

Note : The system must be installed with a root account only. Put your public key in the remote root's autorized_keys (/root/.ssh/authorized_keys)

  1. Install ansible's prerequisites
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
  1. Run it

First use (become_method: su) :

ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -u root -l HOSTNAME

Subsequent use (become_method: sudo) :

ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME


Changes can be tested by using Packer and vmm(4) :

  • This process depends on the Go programming language.


Needing a Golang eco system and some basics

pkg_add go-- packer-- git--
git clone https://github.com/double-p/packer-builder-openbsd-vmm.git


Set GOPATH (default: ~/go), if the 1.4GB dependencies wont fit.

make install
  • You need your unprivileged user to be able to run vmctl(8) through doas(1)
echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf

See packer-builder-openbsd-vmm/examples/README.examples for further instructions

  • Enable NAT on your host machine
pass out on em0 inet from tap0:network to any nat-to (em0)

assuming em0 is your egress interface


See the contribution guidelines


MIT License