OpenBSD Pubnix Guide
Inspired by the way ~jr runs futurist.city.
Get an OpenBSD machine
https://openbsd.amsterdam/
- Change the name on the machine on /etc/myname
Manage Users
- Use
adduser
to create new user. Give the new user a temporary password. - When the new user connects, they should use
passwd
to change their password. - Add a user to a group such as
pubnix
by doingusermod -G pubnix brewed
To avoid error, create a script such as:
#!/bin/ksh adduser -unencrypted -batch $1 pubnix $1 $1 mkdir /var/nex/users/$1 ln -s /var/nex/users/$1 /home/$1/public_nex chown $1 /home/$1/public_nex echo "Hello world" > /home/$1/public_nex/index chown $1 /home/$1/public_nex/index
Use doas for admins to restart software
Avoid using the root user, instead use doas.
permit nopass m15o as root cmd /etc/rc.d/nexd
To then restart the service, do:
doas ./etc/rc.d/nexd restart
Manage daemons
- Move your service to
/usr/local/bin
- Create a daemon user:
useradd -c"nex Daemon" -d/var/empty -s/sbin/nologin _nex
- Add a control script to
/etc/rc.d
#!/bin/ksh daemon="/usr/local/bin/nex" daemon_user="_nex" daemon_logger="daemon.info" . /etc/rc.d/rc.subr rc_bg=YES rc_reload=NO rc_cmd $1
- Use
rcctl
tostart, stop or restart
your daemons - Any log is available in
/var/log/daemon
Configure your SSH
- Add `ServerAliveInterval 60` to your ~/.ssh/config file