AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on NetBSD 10 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate NetBSD 10 servers with Ansible: pkgin, rc.conf, npf firewall, ZFS, and NetBSD-specific automation patterns.

NetBSD 10 (March 2024) is the portable, minimal BSD that runs on more architectures than any other operating system in the world. It ships pkgsrc/pkgin for binary packages, npf firewall, optional ZFS, and remains lean on resources. Ansible's role on NetBSD is to make these otherwise hand-tuned systems reproducible.

NetBSD 10 release facts

| Item | Value | |---|---| | Release | 2024-03-28 | | Architectures | 50+ (i386, amd64, arm, sparc64, ppc, ...) | | Package tool | pkgin (pkgsrc binaries) | | Init | rc.d | | Firewall | npf |

See also: Ansible on FreeBSD 14 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS. Bootstrap Python via pkgin:

pkgin -y install python311 py311-pip
[netbsd10]
nbsd10-01.example.com

[netbsd10:vars]
ansible_user=root
ansible_python_interpreter=/usr/pkg/bin/python3.11

Baseline playbook

- name: NetBSD 10 baseline
  hosts: netbsd10
  tasks:
    - name: Update pkgin DB
      community.general.pkgin:
        update_cache: true

- name: Upgrade all
      community.general.pkgin:
        upgrade: true


- name: Install baseline packages
      community.general.pkgin:
        name:
          - vim
          - curl
          - tmux
          - sudo
          - bash
          - rsync
          - htop
        state: present

See also: Ansible AWS: Complete Guide to Cloud Automation (2026)

rc.conf

- name: Configure /etc/rc.conf
  hosts: netbsd10
  tasks:
    - name: Enable sshd
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^sshd='
        line: 'sshd=YES'

- name: Set hostname
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^hostname='
        line: 'hostname={{ inventory_hostname }}'


- name: NTP
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^ntpd='
        line: 'ntpd=YES'

npf firewall

- name: Configure npf
  hosts: netbsd10
  handlers:
    - name: reload npf
      ansible.builtin.command: npfctl reload
  tasks:
    - name: Drop npf.conf
      ansible.builtin.copy:
        dest: /etc/npf.conf
        mode: "0600"
        content: |
          $ext_if = "wm0"
          group default {
              pass final on lo0 all
              pass stateful in final family inet proto tcp to $ext_if port { 22, 443 }
              pass stateful out final all
              block all
          }
      notify: reload npf

- name: Enable npf
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^npf='
        line: 'npf=YES'

See also: Ansible Become: Privilege Escalation with sudo, su & runas (Complete Guide)

Patching

- name: Apply NetBSD security branch updates
  hosts: netbsd10
  tasks:
    - name: pkgin upgrade
      community.general.pkgin: { upgrade: true }

- name: Sync sources & build (lab only)
      ansible.builtin.command: cvs -d :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot up -d -P
      args: { chdir: /usr/src }
      when: 'rebuild_world | default(false)'

Best practices

• Use pkgin binary packages whenever possible — building pkgsrc from source is slow on small hardware. • Keep architecture-specific groups in inventory ([netbsd10_arm], [netbsd10_amd64]) and conditionalize tasks. • Test playbooks in anita or QEMU before applying on production hardware.

Conclusion

NetBSD 10 + Ansible covers the niche of portable BSD automation. With community.general.pkgin, lineinfile for rc.conf, and copy-driven npf rules, you can ship reproducible NetBSD systems across dozens of architectures.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home