rgoncalves.se ~~ ansible

Peronal infrastructure, network mess and homelab. Every critical node such as routers and hypervisor are/will be powered by BSD systems.

For now, the principal hypervisor is bhyve on FreeBSD, and the domain controller is a mix of pf, relayd and wireguard on OpenBSD latest.

development guidelines

  • OpenBSD first! Playbooks, roles and tasks are aimed to be deployed on OpenBSD instance first. Because we also need a fallback system, AlpineLinux is the next system to be targeted.

technology stack

  • domain controller : httpd, relayd, pf and wireguard. Checkout https://bsd.plumbing for the first two components. acme-client is also needed for providing https. Note: https is provided from the domain controller level. The traffic from the domain controller host and source host is http only, but secured via the wireguard tunnel.

naming scheme

  • ws: workstation
  • dc: domain controller
  • st: stack server
  • sw: switch
  • rt: router
  • st[x][role][number]: virtual machine


  • dc0 : OPENBSD domain-controller

    • wireguard (exit-node)
    • relayd
    • pf
    • znc
  • rt0 : DDWRT router

  • stack0 : FREEBSD hypervisor

    • bhyve
    • nfsd
  • st0dev0 : OPENBSD development

    • git
    • cgit
    • gitdaemon
    • jenkins
  • st0cld0 : OPENBSD cloud

    • nextcloud
    • miniflux
    • grafana
    • logstash
  • st0gme0 : ALPINE games

    • minecraft
    • factorio
    • stationeers


  • ST0SBX-2 : 9FRONT


A subdirectory in roles for workstations setup. It targets development machine where these playbooks are launched. It currently supports bootstrapping for:

  • archlinux
  • openbsd
  • voidlinux (referred as void by ansible)

It setups main user, development packages, power scripts, services, system wide configuration files.

good to know

In various roles, the term httpd is used. For this particular infrastructure, it is NOT the apache web server, but instead the OpenBSD web server implementation.

remember that computers suck.