OpenBSD Pubnix Guide

Inspired by the way ~jr runs futurist.city.

Get an OpenBSD machine

• Change the name on the machine on /etc/myname

Manage Users

• Use adduser to create new user. Give the new user a temporary password.
• When the new user connects, they should use passwd to change their password.
• Add a user to a group such as pubnix by doing usermod -G pubnix brewed

To avoid error, create a script such as:

#!/bin/ksh

adduser -unencrypted -batch $1 pubnix $1 $1
mkdir /var/nex/users/$1
ln -s /var/nex/users/$1 /home/$1/public_nex
chown $1 /home/$1/public_nex
echo "Hello world" > /home/$1/public_nex/index
chown $1 /home/$1/public_nex/index

Use doas for admins to restart software

Avoid using the root user, instead use doas.

permit nopass m15o as root cmd /etc/rc.d/nexd

To then restart the service, do:

doas ./etc/rc.d/nexd restart

Manage daemons

• Move your service to /usr/local/bin
• Create a daemon user: useradd -c"nex Daemon" -d/var/empty -s/sbin/nologin _nex
• Add a control script to /etc/rc.d

#!/bin/ksh

daemon="/usr/local/bin/nex"
daemon_user="_nex"
daemon_logger="daemon.info"

. /etc/rc.d/rc.subr

rc_bg=YES
rc_reload=NO

rc_cmd $1

• Use rcctl to start, stop or restart your daemons
• Any log is available in /var/log/daemon

Configure your SSH

• Add `ServerAliveInterval 60` to your ~/.ssh/config file