My OpenBSD workstation configuration 2018

My OpenBSD workstation configuration 2018

  • Install XFCE
pkg_add -v consolekit2 xfce xfce-extras xscreensaver
  • Start XFCE at boot

vi /etc/rc.conf.local

multicast_host=YES
sshd_flags=NO
xenodm_flags=  
pkg_scripts=messagebus 
ntpd_flags=-s
hotplugd_flags=
apmd_flags="-A"
  • Then as user add an .xsession file with a line that will start consolekit so that you can shutdown &c from within xfce4.

$ vi .xsession

pkill xidle
xidle -delay 5 -sw -program "/usr/X11R6/bin/xlock -mode blank" -timeout 90 &
xset -b
exec ck-launch-session startxfce4
  • If using IPv6, do the following to enable the slaacd daemon
rcctl enable slaacd
rcctl start slaacd
  • Prevent xconsole from starting at every login, edit /etc/X11/xenodm/Xsetup_0 and do the following
xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail
sleep 0.1
  • Install programs
pkg_add -v firefox geany keepassxc openvpn libreoffice hexchat vlc uget vim youtube-dl ubuntu-fonts gimp filezilla galculator tilda evince wget redshift pelican ansible rsync pycharm htop gnupg sshpass ansible
  • Configure /etc/pf.conf
extif = re0

set block-policy drop
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
antispoof quick for (egress)
block in quick on egress from { no-route urpf-failed } to any
block in all

# Allow receiving ipv6 types
icmp6types = "{128, 133, 134, 135, 136, 137}"
pass in quick on $extif inet6 proto ipv6-icmp icmp6-type $icmp6types keep state

pass out quick inet keep state
pass out quick inet6 keep state
  • Enable IPv6 in /etc/hostname.re0. Note that yours may not be re0 as I have a realtek NIC
inet6 autoconf autoconfprivacy soii
  • Edit /etc/sysctl.conf
machdep.allowaperture=1
kern.nosuidcoredump=1
kern.shminfo.shmall=32768
hw.smt=1
  • Configure ntpd
vi /etc/ntpd.conf and edit server to router LAN interface IP
  • Configure suspend. Create /etc/apm/suspend and make it executable:
$ cat /etc/apm/suspend
#!/bin/sh
pkill -USR1 xidle
  • Edit maximum user process memory limits in /etc/login.conf
datasize-max=1024M
datasize-cur=1024M
  • Setup crontab
# Daily backup, at 7 PM
0 19 * * * sh /home/daulton/Files/Scripts/backup.sh >/dev/null 2>&1
  • Audio

Reminder to disable internal audio to make using USB DAC easier, since internal audio is the primary audio device instead of messing trying to change the default device

  • Configure /etc/doas.conf
permit persist :wheel
permit nopass keepenv root
  • Ports
$ cd /tmp
$ ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
$ signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz

You want to untar this file in the /usr directory, which will create /usr/ports and all the directories under it.

cd /usr
tar xzf /tmp/ports.tar.gz
  • Install ntfs-3g if wanted:
cd /usr/ports/sysutils/ntfs-3g
make install
make clean

Note: To mount the disk in fstab use disklabel sd to find the DUID

ntfs-3g example:

ntfs-3g /dev/sd1i /mnt/data/

and to mount at boot add the command to /etc/rc.local

/usr/local/bin/ntfsfix /dev/sd1i && /usr/local/bin/ntfs-3g /dev/sd1i /mnt/data/

updatedupdated2023-11-212023-11-21
Load Comments?