production-openbsd/scripts/read-logs.sh

#!/bin/sh
# read-logs.sh — pull /var/log/* from edge box for offline diagnostics
# Run from onyx.
#
# Usage: ./scripts/read-logs.sh user@<edge-ip>

set -eu
TARGET="${1:-}"
[ -n "$TARGET" ] || { echo "Usage: $0 user@<edge-ip>" >&2; exit 1; }

OUT="$(pwd)/out/edge-logs-$(date -u +%Y%m%dT%H%M%SZ)"
mkdir -p "$OUT"

scp -r "$TARGET:/var/log/{pflog,messages,authlog,daemon,relayd.log,acme-client.log,cert-renew.log}" "$OUT/" 2>/dev/null || true
ssh "$TARGET" 'doas pfctl -sr; doas pfctl -ss' > "$OUT/pf-state.txt" 2>&1 || true
ssh "$TARGET" 'doas rcctl ls on' > "$OUT/services.txt" 2>&1 || true

echo "[OK] $OUT"
ls -la "$OUT"
feat: production-openbsd v0.1 scaffold Sister to s8n/production-deb. Edge-box config + provision script for running the OpenBSD-edge role per s8n/production-setup-audit Topology 02. v0.1 = stock OpenBSD install ISO (interactive, 5 min) + scripted provision from onyx. Autoinstall ISO build deferred to v0.2. Layout: README.md workflow + service mapping (Debian → OpenBSD) flash.sh burn stock install76.iso to USB etc/ pf / relayd / acme-client / unbound / hostname.wg0.example / sshd_config / doas.conf scripts/ provision.sh from onyx: SSH+git clone+run install.sh install.sh on edge: copy /etc/, validate, restart, cron cert-renew-check.sh weekly LE renewal read-logs.sh pull /var/log/ for offline diagnostics docs/ setup-checklist.md 7-phase first-time install walkthrough Hardware target: Dell Precision T5600 per s8n/production-setup-audit/hardware/dell-t5600.md WG mesh: 10.10.10.0/29 between edge (.1) and nullstone (.2). UDP 51820. Keys generated per-host (NEVER committed to repo). Public traffic flow after migration: Internet → router → edge T5600 (relayd TLS term) → wg0 → nullstone Traefik (10.10.10.2:8443, private only) CVE delta vs single-host Debian: regreSSHion + xz backdoor mitigated; public IP runs OpenBSD base only — no systemd, no glibc, no Docker. 2026-05-08 14:10:29 +01:00			`#!/bin/sh`
			`# read-logs.sh — pull /var/log/* from edge box for offline diagnostics`
			`# Run from onyx.`
			`#`
			`# Usage: ./scripts/read-logs.sh user@<edge-ip>`

			`set -eu`
			`TARGET="${1:-}"`
			`[ -n "$TARGET" ] \|\| { echo "Usage: $0 user@<edge-ip>" >&2; exit 1; }`

			`OUT="$(pwd)/out/edge-logs-$(date -u +%Y%m%dT%H%M%SZ)"`
			`mkdir -p "$OUT"`

			`scp -r "$TARGET:/var/log/{pflog,messages,authlog,daemon,relayd.log,acme-client.log,cert-renew.log}" "$OUT/" 2>/dev/null \|\| true`
			`ssh "$TARGET" 'doas pfctl -sr; doas pfctl -ss' > "$OUT/pf-state.txt" 2>&1 \|\| true`
			`ssh "$TARGET" 'doas rcctl ls on' > "$OUT/services.txt" 2>&1 \|\| true`

			`echo "[OK] $OUT"`
			`ls -la "$OUT"`