OpenBSD DNS Server with unbound and nsd

Table of Contents

Introduction

The default installation of OpenBSD comes with both unbound(8) and nsd(8); unbound is a validating, recursive, and caching DNS resolver that provides DNSSEC validation, while nsd is an authoritative name server that holds DNS records. The combination of the two running locally, means that name server lookups (i.e., requests to resolve domain names into IP addresses and vice versa) can be handled locally without being sent upstream to your ISP or another public name server such as Google. This almost completely prevents snooping or tampering …

more ...

Starting ssh-agent on OpenBSD

You'll find that unlike macOS, ssh-agent doesn't automatically run at startup on OpenBSD, so you need to initialise it, which is quick and easy but somewhat abstruse.

First, don't do the seemingly obvious and simply run ssh-agent like so:

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-MUxDCsIBiG5G/agent.38206; export SSH_AUTH_SOCK;
SSH_AGENT_PID=65950; export SSH_AGENT_PID;
echo Agent pid 65950;

Despite what you might intuit from the output, ssh-agent has only printed the shell script needed to initialise the daemon—it hasn't actually set the variables. Instead, we should evaluate the output, which will set both the SSH_AUTH_SOCK and SSH_AGENT_PID variables that allow ssh-add to communicate with …

more ...

Quick and Convenient Command Line E-mail

If you spend a considerable amount of time in your terminal, you might find the ability to fire off short emails from within it—without context-switching to your mail client or browser or whichever means you use—a convenient shortcut. Not to mention the utility it affords any number of use cases you might later choose to implement; a simple shell script, for example, can deliver notifications via email. It's a convenient feature of Unices that requires very little setup.

First, edit /etc/mail/secrets, as a privileged user, to store your credentials in the following format:

relayid relayuser:secretpassword

Where relayuser …

more ...

Unit testing with pytest—not easily ignored

Days 10–12 of the 100 Days of Code TalkPython course is dedicated to unit testing with pytest, and is a foison of information. Prior to this, I had very little experience with pytest but found it less intuitive than the language itself, and somewhat obscure—at least at first. I think, however, this was because of trying to concinnate the actual tests—much like I would any program—rather than simply hardcoding the input and expected output of a function's given test with the parametrize decorator. Instead, I would essentially try to rewrite the function logic differently to reproduce the desired …

more ...

100 Days of Code

Python's yield from keyword

I'm two weeks into a protracted break from school—a 6-week long holiday before term 2 commences—so I picked up a free online MIT IAP 4-week course in C and C++, and finally started a couple Python courses I bought about a year ago from TalkPython; both taught by Mike Kennedy. They're admittedly a little elementary for anyone not new to Python, but I'm still discovering some Pythonic fundamentals I missed as well as reinforcing good habits so it's been a sound investment of free time while on term break. I completed the first course in a …

more ...

Samba Filesharing Server on OpenBSD for macOS Client

Introduction

I do most of my work on one of two MacBooks—a 2014 Air or 2018 Pro—and occasionally on an older model Lenovo ThinkPad running OpenBSD 6.5. Staying synced between the two Macs is trivial as they're both in the cloud but apart from using my own Nextcloud server on an OpenBSD VPS for storing some personal data, I wanted a seamless option for filesharing between the ThinkPad and MacBooks when at home on the local network. This was a relatively pain-free task …

more ...

Time Machine Backups on OpenBSD with Netatalk

Introduction

Apple's automatic backup app Time Machine is a fantastic utility that does hourly, daily, and weekly backups of local snapshots. This enables you to restore the system to a previous state in the event of a catastrophic failure—a somewhat rare occurence on the ever-so-stable macOS. The caveat being that storage is limited to AFP (Apple Filing Protocol) compatible devices like the Apple AirPort Time Capsule. Fortunately, Netatalk provides an open source AFP file server that works flawlessly on OpenBSD, and setup is trivial.

Install Netatalk

Like most …

more ...

Computer Science: Session 1, 2019


As the end of the session draws near, I came to a few realisations about my move to ECU.

Although this is session 1, for me, it's closer to the denouement of a first year computer science undergrad. I started this degree in session 2, 2018 at another university, finished four units, and then transferred to ECU in March of this year. Having completed two of the first four units in ECU's course syllabus at my previous school, I'm totalling the credit points accrued from a year of studies with the completion of just two units this session. And next session, too …

more ...

Boost Nextcloud Performance with Redis Cache on OpenBSD

Introduction

A PHP memory caching utility such as Redis can significantly decrease load times, speeding up PHP requests by storing compiled files for quicker retrieval.

Install Redis

Both the Redis database and PHP interfacing extension need to be installed:

# pkg_add redis pecl-redis

Add to rc.d to run at startup and then start Redis:

# rcctl enable redis
# rcctl start redis

Redis and Nextcloud Configuration

First, make the directory with appropriate ownership and permissions in the chroot where Redis will create the unix socket file:

# mkdir /var/www/redis
# chown …
more ...

Let's Encrypt HTTPS with acme-client on OpenBSD

Introduction

Since OpenBSD 5.9, the base system comes with acme-client: an open source implementation in C that requests a free HTTPS certificate from the Let’s Encrypt Certificate Authority. It is super simple to setup and even easier to use. And once your certificate is issued, the acme-renew script will ensure your website stays TLS encrypted for the remainder of its lifetime.

The following guide assumes OpenBSD 6.2, please refer to the relevant man pages for future releases.

Setup acme-client

Open the file /etc/acme-client …

more ...