The Dell Latitude E6500 became available for OpenBSD again, running as chrome. I wanted to complete the work of making this a replacement server for the normal hydrus server, opal, should it die an unpleasant death.
I'd already had an OpenBSD httpd
configuration to serve the
website. However, I also needed:
This was easy. OpenBSD has a DHCP daemon in base, so just a configuration file was needed.
# option definitions common to all supported networks... option domain-name "hydrus.org.uk"; option domain-search "hydrus.org.uk"; option domain-name-servers 192.168.0.11, 192.168.0.11; option routers 192.168.0.1; # time is in seconds; lease-time is 24 hours default-lease-time 86400; max-lease-time 86400; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; host green { fixed-address green.hydrus.org.uk; hardware ethernet c4:cc:a6:9f:36:7b; } host blue { fixed-address blue.hydrus.org.uk; hardware ethernet 8b:72:be:ec:c9:bf; } shared-network "hydrus.org.uk" { subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.199; } }
Enable by adding the line dhcpd_flags=
to
/etc/rc.conf.local
.
OpenBSD includes unbound
, a forwarding DNS resolver, with
a limited local zone capability. It doesn't offer Dynamic DHCP (to
register DHCP clients in the DNS), but as chrome should only be
needed for a limited period, this wasn't an issue. Once again, a
configuration file was needed and the daemon enabled. I'm not
re-producing the configuration file here, as the sample
configuration file is very simple to extend.
I also used this ad blacklist to create a sink for ad servers. A small script is all that is required:
#!/bin/sh # get master blacklist from opal scp opal:/usr/local/etc/namedb/ad-blacklist . # convert to unbound local zone format cat ad-blacklist | grep zone | awk \ '{print "local-zone: " $2 " redirect\nlocal-data: " substr($2,1,length($2)-1) " A 0.0.0.0\""}' \ >ad-blacklist.conf doas mv ad-blacklist.conf /var/unbound/etc rm -f ad-blacklist doas rcctl restart unbound
The ad-blacklist
file is included in the
unbound
configuration using an include directive
(surprise):
include: "/var/unbound/etc/ad-blacklist.conf"
OpenBSD includes a mail transfer agent (MTA), OpenSMTPD. I had a configuration file already, but it needed some changes to allow authenticated access by mail clients and the delivery of authenticated client messages.
listen on em0 port 587 tls-require auth \ ca chrome.hydrus.org.uk \ pki chrome.hydrus.org.uk # outgoing mail match auth from any for any action "relay" match from local for any action "relay"
On opal, I host org-mode files, updated by emacs locally, but also
made available via WebDAV for the Orgzly Android client. Apache
includes WebDAV module, so it was relatively easy to
setup. OpenBSD's httpd
does not provide WebDAV, so I
needed an add-on.
Finding a WebDAV server took a while. I couldn't find anything
simple enough. In the end, I found a Python2 server, EasyDAV, which
I figured I could port to Python3. Its dependencies had all been
ported to Python3, but not the templating engine it uses, kid. I
started the attempt to port kid to Python3, but gave up. Way too
much effort. It was much easier to use a templating engine that was
already Python3 capable. It turned out one was already available on
chrome, mako
, installed as a dependency of something
else.
EasyDAV-0.5-3 now works (if only for Orgzly) in Python3, using the mako templating engine. I've put this up on Github.
To enable httpd
to connect to the webdav server, add
the following stanza in /etc/httpd.conf
:
location "/webdav/*" { authenticate with "/var/passwd" fastcgi { socket "/run/webdav.sock" } }
Note the use of authentication, via a htpasswd
file.
Install from packages
doas pkg_add dovecot
Then, configure as necessary (same as opal, in this case), enable and start:
doas rcctl enable dovecot doas rcctl start dovecot
The enable step seems required, as just adding
dovecot_flags=
to /etc/rc.conf.local
does not result in dovecot starting at boot.