💾 Archived View for paritybit.ca › arboretum › sysadmin › general-tips-and-tricks.gmi captured on 2023-01-29 at 03:01:37. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

General Tips and Tricks

← Back

Use OpenBSD

Get used to minimalism and security: componentised, privilege-separated binaries in file-system jails. Most of all, forget your instincts to search Google and StackExchange for every parameter and function call: man pages are your new best friend.

-- LearnBCHS.org

OpenBSD ships with sensible and secure defaults. OpenBSD has excellent documentation: I can use the system to learn about the system instead of looking things up on half-baked, SEO-optimized, outdated articles. OpenBSD has straightforward and easy to manage system components (daemons, init system, updating, etc). OpenBSD doesn't randomly break or unexpectedly change things out from under you when there's an update (they let you know about changes well in advance of you needing to upgrade). OpenBSD ships with a set of useful, well-written programs that make setting up a server a breeze (httpd, acme-client, relayd, etc.).

From the Ratfactor blog:

People always tell you not to reinvent the wheel.

With MS and Apple, you have to use their wheels.

Linux runs whatever wheels it can find.

Over in OpenBSD land, they fix the broken wheels…​until they have time to make better wheels. And it works! The OpenBSD wheels are better!

As a wheel reinventor myself, I’m a huge fan of the OpenBSD model. OpenBSD is why we can have nice things!

Dave's OpenBSD Blog 5. Tour conclusion

To summarize: OpenBSD isn't a pain.

Writing SystemD Service Files

https://www.shellhacks.com/systemd-service-file-example/

https://www.freedesktop.org/software/systemd/man/systemd.service.html

Benchmarking Scripts

https://github.com/haydenjames/bench-scripts

Ten Things to do After Installing FreeBSD

https://bastillebsd.org/blog/2022/07/14/ten-things-to-do-after-installing-freebsd/

Network Management with the OpenBSD Packet Filter Toolset (BSDCan 2022)

Network Management with the OpenBSD Packet Filter Toolset (BSDCan 2022)

Stop Using Fail2Ban

https://j3s.sh/thought/fail2ban-sux.html

Alternatives to CertBot

CertBot is prone to random breakage. It's happened to me multiple times. Here are some alternatives:

dehydrated

acme.sh

Or acme-client if on OpenBSD. It's built into the system.