1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
rgoncalves.se ~~ ansible
========================
Peronal infrastructure, network mess and homelab. Every critical node such as
routers and hypervisor are/will be powered by BSD systems.
For now, the principal hypervisor is `bhyve` on FreeBSD, and the domain
controller is a mix of `pf`, `relayd` and `wireguard` on OpenBSD latest.
development guidelines
----------------------
- OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD
instance first. Because we also need a fallback system, AlpineLinux is the
next system to be targeted.
technology stack
----------------
- domain controller : `httpd`, `relayd`, `pf` and `wireguard`. Checkout
https://bsd.plumbing for the first two components. `acme-client` is also
needed for providing https.
Note: https is provided from the domain controller level. The traffic from
the domain controller host and source host is http only, but secured via
the wireguard tunnel.
naming scheme
-------------
- ws: workstation
- dc: domain controller
- st: stack server
- sw: switch
- rt: router
- st[x][role][number]: virtual machine
inventory
---------
- dc0 : OPENBSD domain-controller
wireguard server,
znc
- rt0 : DDWRT router
- stack0 : FREEBSD hypervisor
bhyve,
nfs
- st0dev0 : OPENBSD development
git,
cgit,
gitdaemon,
jenkins
- st0cld0 : OPENBSD cloud
nextcloud,
miniflux,
grafana,
logstash
- st0gme0 : ALPINE games
minecraft,
stationeers,
- ST0SBX-0 : OPENBSD
- ST0SBX-1 : ALPINE
- ST0SBX-2 : 9FRONT
good to know
------------
In various roles, the term `httpd` is used. For this particular infrastructure,
it is NOT the apache web server, but instead the OpenBSD web server
implementation.
|