Terraform

Terraform OpenBSD & Vultr doas pkg_add git gmake go terraform cat << EOF # Go, $(date) export PATH=$PATH:$(go env GOPATH)/bin export GOPATH=$(go env GOPATH) EOF mkdir -p $GOPATH/src/github.com/vultr; cd $GOPATH/src/github.com/vultr git clone [email protected]:vultr/terraform-provider-vultr.git cd $GOPATH/src/github.com/vultr/terraform-provider-vultr gmake build main.tf cat << EOF > main.tf terraform { required_providers { vultr = { source = "vultr/vultr" version = "2.12.1" } } } resource "vultr_instance" "web" { count = 2 plan = "vc2-1c-1gb" region = "fra" hostname = "web-${count.

Docker - Swarm

Setup Let’s assume we have 3 Nodes in a Docker Swarm Setup. Tick Trick Track Track is the Leader/Manager. All Machines runs Debian 12.0 (RC, as it is not yet released) Show Nodes docker node ls [email protected]:~# docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION b2zvkc374v08q2rpocljhkg5n tick Ready Active 23.0.2 khom3cx05bxqxktjq1k5j16gk * track Ready Active Leader 23.0.2 lq53s6mhuzvqrehks0j68sr3e trick Ready Active 23.0.2 Create Simple Service Run a simple Docker service that uses an alpine-based filesystem, and isolates a ping to 8.

OpenBSD - Rclone

WebDAV Server need a little WebDAV Server ? Selfhosting your Password DB ? pkg pkg_add rclone run rclone serve webdav /your/root/folder --addr YOUR_PUBLIC_IP:PORT \ --key /etc/ssl/certs/your.private.key \ --cert /etc/ssl/certs/your.public.cer \ --user someuser \ --pass somepass Browser browse to https://your_public_ip:port user: someuser pass: somepass done ! htpasswd got some Users and wanna put them in the htaccess file ? be carefull as these users all share the same folder ! mkdir /rclone/webdav cd /rclone touch htpasswd htpasswd htpasswd tick htpasswd htpasswd trick htpasswd htpasswd track chmod 600 htpasswd Dashboard do you like dashboars ?

NextCloud - OpenBSD 7.3

NextCloud on OpenBSD 7.3 some install notes … Powerup Fresh VM Upgrade to 7.3 Beta (7.3 is not yet released) pkg_info nextcloud pkg_info -Q nextcloud -D snap nextcloud-23.0.12p0 nextcloud-24.0.10 nextcloud-25.0.4 nextcloudclient-3.7.4 adding 25.0.4 pkg_add -D snap nextcloud quirks-6.121 signed on 2023-03-21T18:57:42Z Ambiguous: choose package for nextcloud a 0: <None> 1: nextcloud-23.0.12p0 2: nextcloud-24.0.10 3: nextcloud-25.0.4 Your choice: 3 installed: php-8.1 lot of stuff got some readme ... nextcloud-25.0.4:gd-2.3.3: ok nextcloud-25.0.4:php-gd-8.1.16: ok nextcloud-25.

Ciphey

Ciphey Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense. Source: https://github.com/Ciphey/Ciphey Run in Docker encoding=$(echo -n "hello world" |base64); docker run -it --rm remnux/ciphey ${encoding} Result Possible plaintext: 'hello world' (y/N): y ╭─────────────────────────────────╮ │ Formats used: │ │ base64 │ │ utf8Plaintext: "hello world" │ ╰─────────────────────────────────╯ Supported Ciphers Ciphey currently supports 51 encryptions, encodings, compression methods, and hashes. https://github.com/Ciphey/Ciphey/wiki/Supported-Ciphers sha256: a33eac04129d4cf6bedce35c8b38c6f395a68fcf0a3e4ad7285caa6f249de7eb

OpenBSD - OpenSMTPD

Running a Mailserver on OpenBSD … Source https://karchnu.fr/posts/2020-09-17-certificate-smtp-imap-antispam.html Requirements OpenBSD VM Public IP & FQDN no Portfilter from Hoster root permission Packages pkg_add opensmtpd-extras opensmtpd-filter-rspamd dovecot dovecot-pigeonhole redis rspamd-- opensmtpd-filter-senderscore FQDN export host="hostname" export domain="domain.tld" export fqdn="${host}.${domain}" httpd.conf f="/etc/httpd.conf"; test -f ${f} && cp ${f} "${f}-$(date +'%s')" cat << EOF > ${f} # added $(date) server "${fqdn}" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } } EOF chown root:wheel ${f}; chmod 644 ${f} pf.

OpenBSD - Rainloop

Source https://www.rainloop.net/ how to add a nice WebInterface to an existing Mailserver Vars export fqdn="your.server.de" add pkg PHP Version ? I took 8.1 pkg_add \ curl-- \ php--%8.1 \ php-curl--%8.1 \ php-pdo_sqlite--%8.1 \ php-zip--%8.1 \ pecl81-mcrypt \ unzip-- \ zip-- Cert Assume you already have a TLS Cert, you can skip this one php cd /etc/php-8.1.sample/ cp * /etc/php-8.1/ size sed -i 's/^upload_max_filesize.*/upload_max_filesize = 25M/' /etc/php-8.1.ini sed -i 's/^post_max_size.*/post_max_size = 29M/' /etc/php-8.

Docker - Keycloak

KeyCloak Keycloak is an open source identity and access management solution. Requirements: Linux Host with Docker & Docker Compose Public IP Adress & FQDN Entry Port 80/443 open from any docker-compose.yml version: "3.7" services: sso: image: quay.io/keycloak/keycloak:21.0 container_name: "keycloak" volumes: - /etc/localtime:/etc/localtime:ro - ./keycloak.conf:/opt/keycloak/conf/keycloak.conf command: - start-dev environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=XxXxXxXxXxXxXx - PROXY_ADDRESS_FORWARDING=true - VIRTUAL_HOST=keycloak.your.domain.de - VIRTUAL_PORT=8080 - LETSENCRYPT_HOST=keycloak.your.domain.de networks: - internal database: image: postgres:13 container_name: "postgres" environment: - POSTGRES_USER=keycloak - POSTGRES_DATABASE=keycloak - POSTGRES_PASSWORD=XxXxXxXxXxXxXx volumes: - postgres_data:/var/lib/postgresql/data networks: - internal proxy: image: nginxproxy/nginx-proxy container_name: "nginx" ports: - "443:443" - "80:80" volumes: - conf:/etc/nginx/conf.

OpenBSD - Minio

Inspired https://obsd.solutions/en/blog/2023/01/11/minio-on-openbsd-72-install/ Requirements Fresh VM, running OpenBSD 7.2, fully patched Public IP, all Ports allowed FQDN pointing to your IP run all the commands as root (or with ‘doas’ prepending …) add Package as usual with OpenBSD pkg_add minio Extend File Limits we need some more current open files … cat << EOF >> /etc/login.conf # Minio, added $(date) EOF cat << 'EOF' >> /etc/login.conf minio:\ :openfiles-cur=4096:\ :openfiles-max=8192:\ :tc=daemon: EOF # Rebuild capdb cap_mkdb /etc/login.

Docker - Authelia

About Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies. https://www.authelia.com/ Requirements Host with Public IP & Docker Running Port 80 & 443 Public Reachable FQDN pointing to your IP Adress. Best is a Wildcard Record like *.

OpenBSD - Packages

How to Build a Package on OpenBSD Thx for the Initial Support [email protected] …! Useful Links https://www.openbsd.org/faq/ports/guide.html https://bsd.port.mk/ Setup Build Machine on Current Install OpenBSD Upgrade to Current get SYS & Ports Switch to Port to Update cd /usr/ports/net/scapy Change to 2.5.0 make makesum make update-plist make make test make install make package Add your own PKG Repo export PKG_PATH="https://your.server.de/pub/OpenBSD/7.2/packages-self/amd64/" # Check Repo [email protected]# pkg_info -Q scapy scapy-2.5.0p0 # add Repo [email protected]# pkg_add -V scapy https://your.

Docker - Traefik Advanced

Intro After a Basic Setup with fix Configuration, here an example where we put some Variables in a “.env” File. Requirements: Linux Host with Docker see here, Public IP Adress and rechable Port 80 & 443 two FQDN pointing to your IP: traefik.yourdomain.de whoami.yourdomain.de Env Vars let’s run the following Commands which generates a “.env” File. It will also create a User “dashboard” and ask you twice for the Password

Caddy

Run Simple Secure Webserver in 20 sec assuming you have Docker Instance and wanna run a Secure Webserver in a few Seconds ? Here is an Example how todo it … Fireup Docker start a fresh and empty Container with Alpine Linux. Get a Shell. Docker will be removed when you leave the shell (–rm) docker run -it --rm -p 80:80 -p 443:443 --name alpine-ssl alpine /bin/sh Set FQDN this should point to your ip address …

IP over SSH

wanna tunnel IP over SSH ? give a try ? Tested for you with … OpenBSD :) Host1 do the following as root echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf sysctl net.inet.ip.forwarding=1 echo "inet 10.0.0.1 255.255.255.0 10.0.0.2" >> /etc/hostname.tun0 sh /etc/netstart tun0 sed -i '/PermitTunnel .*/PermitTunnel yes/' /etc/ssh/sshd_config rcctl restart sshd ssh-copy-id [email protected] Host2 do the following as root echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf sysctl net.inet.ip.forwarding=1 echo "inet 10.0.0.2 255.255.255.0 10.0.0.1" >> /etc/hostname.tun0 sh /etc/netstart tun0 sed -i '/PermitTunnel .

OpenBSD - Rock4C+

How to get OpenBSD on OKdo Rock 4C+ got a new Toy and i’d like to put puffy on it Hardware OKDO Hardware Wiki Getting Started Inspired by exoticsilicon Serial Console Mount SD Card on APU/existing HW dmesg |grep sd1 sd1 at scsibus2 targ 1 lun 0: <Generic-, Multi-Card, 1.00> removable serial.0bda0309201209010309 sd1: 58911MB, 512 bytes/sector, 120649728 sectors Speedtest dd if=/dev/random of=/dev/rsd1c bs=1m count=512 dd: /dev/rsd1c: Device not configured not working properly :(