Modular shell scripts for automating system setup and tooling on OpenBSD, starting with a fully working Obsidian Git host. Built with security, maintainability, and automation in mind — with future plans to expand into general-purpose OpenBSD tools.
The fastest way to get started is to run the installer directly from GitHub Pages:
ftp -o - https://deadhedd.github.io/openbsd-toolkit/install.sh | shAlternatively, clone the repo manually:
git clone https://github.com/deadhedd/openbsd-toolkit
cd openbsd-toolkit
sh install-modules.shUse --help for options:
sh install-modules.sh --helpThen validate your setup:
sh test-all.sh- OpenBSD 7.4+
- Obsidian with the Git plugin (on your client)
- Optional: SSH keys, GitHub repo for vault prefill
This toolkit currently includes:
- A base-system setup module for configuring OpenBSD itself (users, doas, network, etc.)
- A Git bare repo module to host an Obsidian-compatible vault with auto-deploy
- A minimal GitHub module for immediate push capability after setup
All modules are modular and extensible. The long-term vision includes additional OpenBSD automation tools for broader system management.
Directory layout:
openbsd-toolkit/
├── config/ # Secrets and module selection
├── logs/ # Contains logging.sh and generated log files
├── modules/ # One folder per module
│ └── <module>/
│ ├── setup.sh # Configures that module
│ └── test.sh # Verifies it works
├── install-modules.sh # Installs selected modules
└── test-all.sh # Runs all tests
Modules are declared in config/enabled_modules.conf. Each module’s setup.sh and test.sh can be run independently or as part of a full stack install/test.
| Module | Description |
|---|---|
base-system |
Sets up OpenBSD base config (e.g. doas.conf, networking) |
obsidian-git-host |
Creates the Git bare repo, vault, and deployment hook |
github (optional) |
Enables immediate GitHub push support for new setups |
Each module:
- Can be run independently
- Can be toggled via
enabled_modules.conf - Supports logging flags and will generate a separate log file when run on its own
- When run via
install-modules.shortest-all.sh, logs are combined into a single output file
Test a single module:
sh modules/<module>/test.shRun full system tests:
sh test-all.shLogs are saved to the logs/ directory. By default, logs are only saved when a test fails.
Use --debug[=FILE] to enable verbose tracing and optionally direct output to a specific log file.
Use --log[=FILE] to force a log file to be written even when all tests pass (only supported by test scripts).
Scripts source logs/logging.sh and invoke one of these convenience functions:
. "$PROJECT_ROOT/logs/logging.sh"
start_logging "$0" "$@" # for test scripts
# or
start_logging_if_debug "setup-my-module" "$@" # for setup scriptsstart_logging automatically sets up logging, enables debug tracing when
--debug is provided, and registers finalize_logging on exit.
- SSH keys and passwords are defined in
config/secrets.env - The
--debugoption will include secrets and other sensitive data in the logs; take care when sharing debug output - All Git hooks run as limited users with appropriate
doas.confconstraints
BSD 2-Clause License. See LICENSE for full details.