My new chicken coop is….
The five machines are all running OpenBSD and I’m using carp, relayd, httpd along with a DSL based on tcl
. Data is stored in sqlite
and there is a delicate balance between storing the file data in sqlite or on the filesystem. The larger the artifacts are the
more vulnerable they are.
(The 5 machines are configured identically and with as many default tools as possible to limit the attackers surface area). OpenBSD was selected because of the amount of code, the team, and it’s not a desktop. Also if I need more capacity I can add hardware. The OpenBSD release cadence is reasonable and unlike streaming updates system-wide changes will be limited to twice a year if ever.