OpenBSD GCP Bootstrap
Since I have been recently experimenting with OpenBSD 6.6 on Google Cloud Compute, I put together a small bootstrap script to help with new deployments to GCP. It is still in it’s infant stages, but so far it will deploy a couple different scripts on top of the typical basic findelabs OpenBSD bootstrap.
OpenBSD Ansible Deploy on GitHub
This is an announcement for a new repo I made on GitHub. Since I am constantly testing new deployments on vultr, I realized that it would make my life easier if I put all of my current projects into one public repo, to ease scripted deployments on Vultr.
This new repo will hopefully be the location of future projects, which may make their way into other public repos of mine. Be warned, it will probably be changing often, and may be broken at times.
Dedicated OpenBSD-WireGuard Server; Part Two
Welcome to part two of using WireGuard on OpenBSD! The first post was about the initial release of the project; This followup is about one new role added to the playbook. Now in the initial release, I wasn’t attempting to compile wg or wireguard within the playbook itself. I had just planned to update the binaries every day/week with a cronjob run on one of my servers. However, thank you reddit user techsnapp for pointing out that there is actually a script that wireguard provides to assist in compiling the software on OpenBSD. This post will go over the new role written to reliably download and compile wg, wg-quick, and wireguard-go.
Deploying a dedicated OpenBSD-Wireguard server
I recently published my OpenBSD-Wireguard project on GitHub. There is now a published wireguard role, found in my OpenBSD Dev repo, found here. Compared to some of my other playbooks, this one is fairly simple. All it does is configure a fresh OpenBSD server to act as a wireguard server, to which multiple connections over one tun3 device are allowed.
I have tested multiple times deploying the playbook in minutes to a Vultr VM. By the way, I would eagerly recommend vultr to anyone looking for a fast yet cheap VPS solution. I have had zero problems while using their services the past few months.
Deploying httpd with acme-client with Ansible
Having the ability to rebuild a server/router from scratch in minutes with confidence, versus slaving over all your configs, trying to get everything working is life changing. I can’t remember how many times I’ve rebuilt a computer, only to run into an issue that I KNOW I’ve fixed before… over a year ago. With ansible, all the work goes into the first deployment, giving you the ability to redeploy a server at a moments notice.
OpenBSD does require some extra options to work properly, as ansible seems to work best with Linux. Hopefully my struggles can help some of you.