Skip to content

liv-io/ansible-roles-openbsd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

123 Commits

bash

bash

 
 

ca_certificate

ca_certificate

 
 

fstab

fstab

 
 

group

group

 
 

hostname

hostname

 
 

hostname_if

hostname_if

 
 

hosts

hosts

 
 

ipmi_exporter

ipmi_exporter

 
 

monit

monit

 
 

monit_exporter

monit_exporter

 
 

motd

motd

 
 

nginx

nginx

 
 

node_exporter

node_exporter

 
 

nsd

nsd

 
 

openntpd

openntpd

 
 

opensmtpd

opensmtpd

 
 

openssh

openssh

 
 

package

package

 
 

passwd

passwd

 
 

periodic

periodic

 
 

pf

pf

 
 

rc

rc

 
 

resolver

resolver

 
 

rest_server

rest_server

 
 

restic

restic

 
 

root

root

 
 

rsyslog

rsyslog

 
 

shell

shell

 
 

signify

signify

 
 

squid

squid

 
 

sudo

sudo

 
 

sysctl

sysctl

 
 

syslogd

syslogd

 
 

syspatch

syspatch

 
 

tinc

tinc

 
 

tmux

tmux

 
 

unbound

unbound

 
 

unbound_adblock

unbound_adblock

 
 

user

user

 
 

vim

vim

 
 

wireguard

wireguard

 
 

.editorconfig

.editorconfig

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

CREDITS.md

CREDITS.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

ansible-roles-openbsd

Contributors Forks Stargazers Issues BSD License

Index

About

ansible-roles-openbsd is a collection of well curated Ansible roles for the OpenBSD operating system. All Ansible roles are licensed under the Simplified BSD License.

Features

  • Configurations follow the secure-by-default principle
  • Roles are mostly self-contained and dependencies avoided
  • Roles and services support multiple states (install, remove, enable, disable, inactive)
  • Scripts and cronjobs support multiple states (enable, disable)
  • Services can be monitored with Monit and exported via monit_exporter to Prometheus
  • Scripts support Email and Prometheus monitoring
  • Logs can be forwarded with syslog to Loki
  • Roles can proxy HTTP/HTTPS traffic through Squid forward proxy
  • Host-based firewall restricts ingress and egress traffic by default
  • PF can be used as network-based/perimeter firewall
  • Restic and rest-server are available as backup solution
  • OpenNTPD is configurable as NTP client and server
  • Unbound is available as resolving DNS server
  • NSD is available as authoritative DNS server
  • Prometheus has built-in alerting rules and Grafana dashboards
  • Loki has built-in alerting rules and Grafana dashboards
  • Parameters are documented with examples
  • Changes adhere to semantic versioning guidelines
  • Roles contain changelog

Support

The following operating systems are supported:

  • OpenBSD 7.4
  • OpenBSD 7.5

Dependencies

The Ansible control machine depends on:

The Ansible managed node depends on:

License

Distributed under the Simplified BSD License.

See LICENSE file for more information.

Credits

See CREDITS file for more information.

Appendix

Loki/Grafana Dashboards

Suricata

Prometheus/Grafana Dashboards

System Status Script Status
Node Exporter IPMI Exporter
Network Traffic Ping Prober

About

Ansible roles for OpenBSD

Topics

ansible openbsd ansible-roles

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

7 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages