Modular shell scripts for automating system setup and tooling on OpenBSD, starting with a fully working Obsidian Git host. Built with security, maintainability, and automation in mind — with future plans to expand into general-purpose OpenBSD tools. This branch prepares for the v1.0.2 release, restoring .ssh setup for both OBS_USER and GIT_USER, improving logging with exit-code capture, and expanding the test suite to 59 checks. Refer to the CHANGELOG for details.
The fastest way to get started is to run the installer directly from GitHub Pages:
ftp -o - https://deadhedd.github.io/openbsd-toolkit/install.sh | shAlternatively, clone the repo manually:
git clone https://github.com/deadhedd/openbsd-toolkit
cd openbsd-toolkit
sh install-modules.shUse --help for options:
sh install-modules.sh --helpThen validate your setup:
sh test-all.sh- OpenBSD 7.4+
- Obsidian with the Git plugin (on your client)
- Optional: SSH keys, GitHub repo for vault prefill
This toolkit currently includes:
- A base-system setup module for configuring OpenBSD itself (users, doas, network, etc.)
- A Git bare repo module to host an Obsidian-compatible vault with auto-deploy
- A minimal GitHub module for immediate push capability after setup
The v1.0.2 update reinstates automatic .ssh configuration for both OBS_USER and GIT_USER, simplifying secure access.
All modules are modular and extensible. The long-term vision includes additional OpenBSD automation tools for broader system management.
Directory layout:
openbsd-toolkit/
├── config/ # Secrets and module selection
├── logs/ # Contains logging.sh and generated log files
├── modules/ # One folder per module
│ └── <module>/
│ ├── setup.sh # Configures that module
│ └── test.sh # Verifies it works
├── install-modules.sh # Installs selected modules
└── test-all.sh # Runs all tests
Modules are declared in config/enabled_modules.conf. Each module’s setup.sh and test.sh can be run independently or as part of a full stack install/test.
| Module | Description |
|---|---|
base-system |
Sets up OpenBSD base config (e.g. doas.conf, networking) |
obsidian-git-host |
Creates the Git bare repo, vault, and deployment hook |
github (optional) |
Enables immediate GitHub push support for new setups |
Each module:
- Can be run independently
- Can be toggled via
enabled_modules.conf - Supports logging flags and will generate a separate log file when run on its own
- When run via
install-modules.shortest-all.sh, logs are combined into a single output file
Test a single module:
sh modules/<module>/test.shRun full system tests:
sh test-all.shThe full suite currently covers 59 checks.
Logs are saved to the logs/ directory. By default, logs are only saved when a test fails.
Use --debug[=FILE] to enable verbose tracing and optionally direct output to a specific log file.
Use --log[=FILE] to force a log file to be written even when all tests pass (only supported by test scripts).
Scripts source logs/logging.sh and invoke one of these convenience functions:
. "$PROJECT_ROOT/logs/logging.sh"
start_logging "$0" "$@" # for test scripts
# or
start_logging_if_debug "setup-my-module" "$@" # for setup scriptsstart_logging automatically sets up logging, captures exit codes via improved trap handling, enables debug tracing when
--debug is provided, and registers finalize_logging on exit.
- SSH keys and passwords are defined in
config/secrets.env - The
--debugoption will include secrets and other sensitive data in the logs; take care when sharing debug output - All Git hooks run as limited users with appropriate
doas.confconstraints
BSD 2-Clause License. See LICENSE for full details.