💾 Archived View for mizik.eu › blog › my-first-year-with-openbsd › index.gmi captured on 2023-07-22 at 16:18:34. Gemini links have been rewritten to link to archived content
View Raw
More Information
⬅️ Previous capture (2023-03-20)
➡️ Next capture (2024-02-05)
-=-=-=-=-=-=-
My first year with OpenBSD - Marián Mižik
home
gemlog
projects
atom feed
2022-08-08 | 5 minutes reading | tags: OpenBSD, Laptop, VPS, Self-host
My first year with OpenBSD
Last year in March, I made
another review
of OpenBSD and finally decided to migrate from Linux. At least in the case of my servers. But somehow I stuck with it on my personal laptop too, thanks to a lucky coincidence. Here is my migration story and my 5 cents about using OpenBSD as a daily driver on all my personal machines.
Why
Because OpenBSD is much more secure, consistent, minimalistic, well documented and stable than Linux. At least in case of development cycle and usage of core OS, of course. So if you gravitate towards Unix principles, small binaries,
KISS
and you don't need cutting edge performance (most of you don't) than you should try it too.
Lucky coincidence
I decided to migrate what could be migrated and leave my laptop and working computer on Linux because of no support for several software stacks I needed daily in my work. Then, thanks to Covid and some events in work, I was able to stick with OpenBSD on laptop too, because I started to do 90% of work related things on my work desktop. So I decided to reboot to Linux if necessary for those missing 10% and stay on OpenBSD. So thanks to this I was about to move my 2 personal VPS servers, home internet infrastructure and my laptop to OpenBSD for good.
How it went?
- The hardest part was my main server. I migrated my personal email from postfix+dovecot+rspamd to smtpd+dovecot+rspamd, iptables based firewall to pf, nginx to httpd+relayd, certbot setup to acme-client and I rewrote my backup script to use openrsync. The rest of self-hosted stuff was one to one migration (xmpp server, note-taking server, rss server, caldav+carddav server, personal budget server and others). All migrations to core OpenBSD utilities needed to be done from scratch using no howtos, only official man pages and internet support. But it went surprisingly well considering the fact, that it was the first time I worked with these software utilities. The main reason for this was, that config file syntax for all internal OpenBSD software is very similar and that man pages are written well.
- After setting up the main node, the secondary machine was just a piece of cake. The only thing I struggled with was to configure smtpd as a backup mx relay. Funny enough, it was a one-liner, but I could get the syntax right for 2 hours because of 2 silly mistakes.
- Redoing my home internet infrastructure was another big task. I used my old Thinkpad X201 as a home/media server, but I also got X230 that was collecting dust since 2020 because I moved to X1 Carbon I got at work. So I decided to upgrade from X201 to X230. Mainly because I wanted to use the machine as a firewall, router and DNS server too and X230 (IvyBridge) is the first generation to provide USB 3.0, which helped as I was about to use a USB to RJ45 dongle to provide a second ethernet port. So the hardware and base install was easy. I only had to check, that my spare ethernet dongle was supported by OpenBSD. Then I followed
OpenBSD router guide
. That gave me 80-90% of what I needed. The rest was manual and internet search and try-fail mechanism.
- The laptop was the easiest one from all 4, because I already had it up and running as a daily driver since that March review I mentioned at the beginning of this article. I only went through everything one more time to check if I have everything setup as well as possible.
Life with OBSD
Pros
- No maintenance at all. Every now and then I run: `doas syspatch && doas pkg_add -u && doas sysmerge` and twice a year I run `sysupgrade` to upgrade to new master version. Everything is rock-solid. I never needed a service restart or machine reboot. Nothing is hanging. It just runs.
- PF firewall is very performant. I got through 2 massive automated scanning/port-knocking situations without even registering the performance downgrade.
- Clean and unified configuration file placement and syntax.
- Automatically secured by pledge and unveil together with chroot in some cases.
Cons
- Slow. You won't probably notice on servers that much if they are not busy enough, but you will definitely notice on desktop/laptop. Also, my router throughput on gbit lan is only around 400mbps, which for me is ok, but in case someone need full speed on his gigabit or even 10 gbps connection, then OpenBSD probably won't deliver. Check this
Phoronix article
OS for benchmark comparison.
- VPS providers offering OpenBSD are limited. There are maybe 5 available, and sometimes there are issues. At least for the 2 I am using:
Vultr
and
OpenBSD Amsterdam
. In case of OpenBSD Amsterdam, you will get multiple scheduled downtimes a year. In case of Vultr, after every major OS upgrade, my VPS freezed after a couple of hours/days. In 2 cases I needed hard VPS restart through admin console. In the third case, I needed technical support to update VPS template to the newest version, because of changes specific to the new major OpenBSD version I upgraded to.
- Missing freedom to choose something on GitHub and install it. Specially if it is C/C++ based, because of the toolchain differences and binary incompatibility. I don't feel this problem that much, because of how minimalistic my setups mostly are, but I can imagine it may be a problem for many people.
- Battery life is half of what you get on Linux. 60% at best. Not sure what everything is the issue. Probably something from every corner. HW drivers not very power efficient. Peripherals not turning off. Power management daemon (apm) not as optimal as it could be in automatic mode. Kernel is not tickless... I got worse battery life on both my laptops with APM set statically to minimum CPU frequency, than generic default mode on Linux.
2023 Marian Mizik | License: CC BY-NC-SA 4.0 | marian at mizik dot sk | marian_mizik@bsd.network (mastodon)