1. 32
  1. 2

    That’s pretty neat setup. I miss the good old university days when I was obsessed with OpenBSD and had loads of free time to explore and tinker with it. Still have small soekris box with 4.5 flashed.

    1. 1

      Great read! Very interesting.

      I found a minor typo in a link (Machines section - automated link) its https://chown.me/blog/upgrading-openbsd-with-ansible.html - No captial A in ansible ;)

      What Firewall are you using on your APU2? *sense, ipfire?

      1. 5

        I initially wrote “ansible” everywhere then I thought a capital was better so I use sed like a hammer :D Thanks!

        On the apu2, I run OpenBSD as well. A few years ago I ran OpenBSD for everything but hosting mastodon was too complicated (I don’t know well the Ruby ecosystem). I have some Ubuntu because containers make easy to host stuff. Most of the stuff still run on OpenBSD because I know the system well and being an OpenBSD developer I follow quite closely the project.

        I would still recommend for anyone to run OpenBSD on a router since it’s quite easy as PacketFilter is fucking awesome.

        1. 1

          Well, I guessed that. OpenBSD is great for that. I have a a APU2 at home waiting for me to finish it.

          Did you just install a plain OpenBSD and configured everything? OPNsense and pfsense are both based on OpenBSD. Right know I have OPNsense installed.

          1. 4


            • OPNsense and pfSense are both based on FreeBSD.
            • OPNsense is a fork of pfSense, which in turn is a fork of the good old m0n0wall (which was also based on FreeBSD).
            • Deciso/OPNsense is working on a version that is based on HardenedBSD, which in turn is also based on FreeBSD. It should come out very soon[1].

            So FreeBSD all the way with these routing/firewall operating systems ;).

            I use OPNsense since it came out on my APU2 (and later APU3 for another rack) and I can really recommend it! It’s very user friendly, easy to install and rather complete. I also really like you can use LibreSSL instead of OpenSSL. I also use OpenBSD on another router (like the author) and that also works rock solid/stable for years now. The BSD’s are great for firewalls/routing in my opinion.

            [1] https://opnsense.org/about/road-map/

            1. 1

              Alright! My bad :D

              I also really like OPNsense. I just have to figure out some stuff with my ISP and then I am ready to go

      2. 1

        Enjoyed reading this! Do you find that it’s worth it to run/maintain your own personal infrastructure? The various apps and sites I’ve built and maintain are on cloud providers, which has been really great from a plug ‘n play point of view. I’m interested in setting up something like what you’ve described, at least for the sake of learning about the tools and getting the chance to implement some of my own tooling, but feel like it might be more trouble than it’s worth.

        1. 3

          I’m glad to hear you enjoyed it :)

          If it’s worth it, I don’t know I guess it depends on your priority. I think it boils down to my personality. I hate to rely on people and to feel I owe someone so I don’t really use some random orgs services. I did it in the past and I’m glad that when something is broken, I can go and fix it myself (of course to an extent). I don’t like (nor trust) companies (as you can see with the joke about google killing their services). I tend to be paranoid security wise, I think about surely way too many threats (while being reasonable, i.e. the NSA is not one of them). Therefore, hosting my own stuff is not really a choice ;)

          And to be honest, part of it is also it really helps getting a job (as I work as a sysadmin/devops/SRE/whatever the current trend names it).

          I do enjoy doing it but it’s not 100% pleasure. I guess it’s like cooking: I don’t always enjoy it, but I feel like I have to, and most of the time, I enjoy the result!

          Scratch your own itch and try to have fun while doing so!

          1. 1

            Makes sense! I think this would be a really cool project for after I graduate and have more free time (which is soon thank goodness)!