 |
Title: GearBSD: a project to help automating your OpenBSD |
|
Author: Solène |
|
Date: 01 June 2021 |
|
Tags: gearbsd rex openbsd |
|
Description: |
|
|
|
# Introduction |
|
|
|
I love NixOS and Guix for their easy system configuration and easy |
|
jumping from one machine to another by using your configuration file. |
|
To some extent, I want to make it possible to do so on OpenBSD with a |
|
collection of parametrized Rex modules, allowing to configure your |
|
system piece by piece from templates that you feed with variables. |
|
|
|
Let me introduce you to GearBSD, my project to do so. |
|
|
 |
GearBSD gitlab page |
|
|
|
# How to use |
|
|
|
You need to clone https://tildegit.org/solene/gearbsd using git and you |
|
also need to install Rex with pkg_add p5-Rex. |
|
|
|
Use cd to enter into a directory like openbsd/pf (the only one module |
|
at this time), edit the Rexfile to change the variables as you want and |
|
run "doas rex configure" to apply. |
|
|
|
Video example (asciinema recording) |
|
|
|
# Example with PF |
|
|
|
The PF module has a few variables, in TCPports and UDPports you can |
|
list ports or ports ranges that will be allowed, if no ports are in the |
|
list then the "pass" rules for that protocol won't be there. |
|
|
|
If you want to enable nat on em0 for your wg0 interface, set "nat" to |
|
1, "nat_from_interface" to "wg0" and "nat_to_interface" to "em0" and |
|
the code will take care of everything, even enabling the sysctl for |
|
port forwarding. |
|
|
|
# More work required |
|
|
|
It's only a start but I want to work hard on it to make OpenBSD a more |
|
accessible system for everyone, and more pleasant to use. |
