Dog (echo dig |sed ’s/i/o/') you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ? Website: and their Doku: dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON. Install Package doas pkg_add dog Examples DNS over TLS $ dog --tls DNS Request over HTTPS $ dog -H @https://dns.

PHP 8.0 on OpenBSD 6.9

OpenBSD 6.9 and PHP 8 is out … Why not give a try ? list packages what PHP Packages are available with Version 6.9 ? root@host # pkg_info -Q php |grep '\-8' php-8.0.3 php-apache-8.0.3 php-bz2-8.0.3 php-cgi-8.0.3 php-curl-8.0.3 php-dba-8.0.3 php-dbg-8.0.3 php-enchant-8.0.3 php-gd-8.0.3 php-gmp-8.0.3 php-imap-8.0.3 php-intl-8.0.3 php-ldap-8.0.3 php-mysqli-8.0.3 php-odbc-8.0.3 php-pcntl-8.0.3 php-pdo_dblib-8.0.3 php-pdo_mysql-8.0.3 php-pdo_odbc-8.0.3 php-pdo_pgsql-8.0.3 php-pdo_sqlite-8.0.3 php-pgsql-8.0.3 php-pspell-8.0.3 php-shmop-8.0.3 php-snmp-8.0.3 php-soap-8.0.3 php-sqlite3-8.0.3 php-tidy-8.0.3 php-xsl-8.0.3 php-zip-8.0.3 add nginx, php8 add webserver, php8 and enable the services

OpenBSD 6.9

OpenBSD 6.9 released This is the 50th Release of OpenBSD ! As they release twice a Year, must be around 25y ago since the fork of NetBSD started. Wikipedia has got a Comparison of the Different BSD Operating Systems … Upgrade to 6.9 i upgrade my systems twice every years. there is no need to reinstall as the upgrade works fine over year. please read the official upgrade guide carefully and then you may wanna use this script below.

Bootstrap OpenBSD with Jail Partition

Bootstrapping VM This is similar to the previous Post, but with a small difference. Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available … VM with 20G Disk *** Bootstrap OpenBSD 6.

Deploy VM's with Terraform in 10min

Managing VM’s on Hetzner Cloud with Terraform you may want to manage some vm in the cloud. webgui is nice, but a real nerd needs cli ;) some notes how to get terraform running with OpenBSD. add Packages (3min) $ time doas pkg_add git gmake go terraform 3m18.62s real 0m19.53s user 0m07.73s system set GO PATH echo "GOPATH=$HOME/go" >> ~/.profile echo "export GOPATH" >> ~/.profile . ./.profile echo $GOPATH build terraform provider for hcloud (2min) As the hcloud is not available for OpenBSD, we have to build it on our own.

Bootstrap OpenBSD

Bootstrapping VM It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size. This stuff was tested on, so you should be able to reproduce it in a few minutes. Costs: CX11, 1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.

Openbsd Root Password Recovery

if you ever have to recover your root password … boot> boot -s Enter pathname of shell or RETURN for sh: [ENTER] fsck -p / fsck -p /usr mount -uw / mount /usr passwd and finally: reboot sha256: b95b600be5f4f8c76448bc80699fdf39660be04dd3c92169bbfa16cf61d4f1a8

Wireguard Puffy to OPNsense

WG Tunnel between OpenBSD and OPNsense How to Setup an WG Tunnel between OpenBSD and OPNSense ? That’s quite simple … OpenBSD Install Packages pkg_add wireguard-tools-- Build Interface r=$(openssl rand -base64 32) remote_ip="" remote_net="" cat << 'EOF' > /etc/hostname.wg0 # WG Tunnel to OPNsense wgkey ${r} wgport 51820 wgpeer xxxxx - PUBLIC-KEY-OF-REMOTE-HOST - xxxxx= wgendpoint ${remote_ip} 51820 wgaip ${remote_net} inet !route add ${remote_net} up EOF sh /etc/netstart wg0 ifconfig wg0 update pf.


Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain ! Install Software $ sudo apt-get install keychain edit startup Scripts $HOME/.bashrc / $HOME/.bash_profile / /etc/profile cat << 'EOF' >> $HOME/.bashrc # Keychain Startup eval `keychain --eval id_ed25519` EOF check service $ keychain $ ssh-add -L add to .profile cat << 'EOF' >> .

OpenBSD & PHP Stuff 7.4

Install NGINX & PHP pkg_add nginx php--%7.4 rcctl enable nginx php74_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.4.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.4.ini Stop 7.3 & Start 7.4 rcctl stop php73_fpm rcctl restart nginx php74_fpm Uninstall PHP 7.3 pkg_del php--%7.3 pkg_del -a sha256: 17490303fe106a6c3a34071338097e6c1aff50c0d4764f1615c0993ce9211bb2

OpenBSD Current

OpenBSD Current Active OpenBSD development is known as the -current branch. These sources are frequently compiled into releases known as snapshots FAQ Assuming, you can’t wait for the next release, or you wanna test features, find bugs and so participate on the community, this little script will help you: Upgrade to Current and remove game*,comp*,xf* and xs* Packages before reboot cat << 'EOF' > #!/bin/sh echo "let's check for news .

OpenBSD with IPSEC -> GIF -> OSFP

Intro Stage two Machines, puffy206 and puffy207 Both Maschines needs static IP Adresses puffy206 Loopback & Gif doas su - cat << 'EOF' > /etc/hostname.lo1 inet up EOF cat << 'EOF' > /etc/hostname.gif0 description "Point2Point Interface for OSPF" mtu 1420 netmask tunnel EOF Enable IPSEC & IP Forwarding cat << 'EOF' >> /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.gre.allow=1 EOF rcctl enable ipsec isakmpd rcctl set isakmpd flags -K Create Tunnel Endpoint cat << 'EOF' > /etc/ipsec.

IPSEC with OpenBSD

Intro Stage a few Machines, puffy206 - 209 puffy206 has got a static ip, while puffy207 - 209 got dynamic ip addresses Master, puffy206 Loopback doas su - cat << 'EOF' > /etc/hostname.lo1 inet up EOF Enable IPSEC & IP Forwarding cat << 'EOF' >> /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.gre.allow=1 EOF rcctl enable ipsec isakmpd rcctl set isakmpd flags -K Create Tunnel Endpoint cat << 'EOF' > /etc/ipsec.conf ike dynamic esp tunnel from 10.

Tweak Nginx Webserver with limited Client Certificate

Install NGINX & PHP pkg_add nginx php--%7.3 rcctl enable nginx php73_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.3.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.3.ini nginx.conf mkdir /var/log/nginx cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.php index.html index.htm; keepalive_timeout 65; server_tokens off; proxy_cache_valid any 0s; log_format main '$remote_addr - $ssl_client_serial - [$time_local] - "$request" - $status - $body_bytes_sent'; map $ssl_client_serial $ssl_access { default 0; WFuDgzQBZXV740D3 1; # Hans Muster EDugUslEX1Et90WX 0; # Beat Breu 2DF3C663741296F5 1; # Ruedi Ruessel } # # HTTP -> Redirect to HTTPS # server { listen 80; server_name localhost; access_log logs/host.


Little Keep Alive … mit freundlicher genehmigung von Kumpel Marc :) #!/usr/bin/env bash FILE="$HOME/scripts/excuses" # Linux or BSD ? nf points to the right binary which numfmt > /dev/null 2>&1 && nf=$(which numfmt) || nf=$(which gnumfmt); # Linux or BSD ? gs points to the right binary which shuf > /dev/null 2>&1 && gs=$(which shuf) || gs=$(which gshuf); if [ ! -e "$FILE" ]; then echo "" echo "$FILE does not exist" echo "##############################################" command -v curl >/dev/null 2>&1 || { echo >&2 "Holy cow!