new-install

openbsd_install.md (5311B)

---

 OpenBSD Install
 ===============
 
 Last updated for OpenBSD 7.2.
 
 Writing to a flash drive on macOS
 ---------------------------------
 ```
 % cd /tmp
 % export URL=https://cdn.openbsd.org/pub/OpenBSD
 % curl -Os $URL/7.2/amd64/SHA256
 % curl -Os $URL/7.2/amd64/install72.img
 % shasum -c SHA256 --ignore-missing
 install72.img: OK
 % sudo diskutil list
 /dev/disk4 (external, physical):
    #:                       TYPE NAME                    SIZE       IDENTIFIER
    0:     FDisk_partition_scheme                        *16.0 GB    disk4
 ...
                     (free space)                         15.6 GB    -
 
 % sudo diskutil unmountDisk /dev/diskX
 % sudo dd if=install69.img of=/dev/diskX bs=1m
 664+1 records in
 664+1 records out
 696745984 bytes transferred in 93.000559 secs (7491847 bytes/sec)
 ```
 
 Initial install
 ---------------
 
 1. At install prompt, select "(I)nstall".
 1. For keyboard, type us.swapctrlcaps or jp.swapctrlcaps.
 1. When prompted for the hostname, enter the short hostname with no domain.
 1. When prompted for an interface to configure, select em0.
 1. When prompted for how to configure IPv4, use dhcp.
 1. When prompted for how to configure IPv6, select none.
 1. When prompted for the next network interface to configure, select
    done.
 1. Enter your domain name at the prompt.
 1. Enter the root password, then confirm.
 1. When asked whether to start sshd by default select yes.
 1. When prompted for whether to start xwindows select no for a server,
    optionally yes otherwise.
 1. Leave the default console on video out rather than com0.
 1. Add a user.
 1. When prompted for whether to enabled root ssh login, select no.
 1. When prompted for what timezone you're in enter "America" or "Asia".
 1. When prompted for the sub-timezone, select the correct value.
 1. Select the disk you wish to install the OS onto. Type ? to ensure
    you're writing to the correct disk.
 1. Use gpt to partition the disk as desired.
 1. When prompted for the location of sets, pick http.
 1. Set proxy settings as needed, or leave blank if none.
 1. The default http server is probably reasonable.
 1. The default directory is probably correct.
 1. Select all sets (unless there are some you don't want).
 1. When prompted for more sets to install, select done.
 1. When prompted to exit/halt/reboot, select reboot.
 
 Create `/etc/doas.conf` with the following contents:
 
     permit nopass :wheel
     permit :wheel cmd reboot
     permit :wheel cmd shutdown
     permit nopass keepenv root as root
 
 Edit `/etc/ssh/sshd_config` and set:
 
     PasswordAuthentication no
     KbdInteractiveAuthentication no
 
 Restart sshd:
 
     kill -HUP `cat /var/run/sshd.pid`
 
 If we're using DHCP to configure the network interface, dhclient
 requires a config file, but an empty file is sufficient. Without this,
 it appears to pick up a 6 month-long lease by default. One symptom of
 this is that routers will typically stop resolving the hostname (which
 is provided to the router in the DHCP lease request) if the device
 doesn't renew the lease before it's up:
 
     touch /etc/dhclient.conf
 
 I generally leave a comment in the file along these lines:
 
     #	This file is required by the ISC DHCP client.
     #	See ``man 5 dhclient.conf'' for details.
     #
     #	In most cases an empty file is sufficient for most people as the
     #	defaults are usually fine.
     #
     # See /etc/examples/dhclient.conf
 
 If we're running in a VM under the Xen hypervisor, management support is built
 in to the OpenBSD kernel. It can be configured as documented in the `xen(4)`
 manpage. Edit `/etc/rc.local` and insert the following:
 
     ostype=$(sysctl -n kern.ostype)
     osrelease=$(sysctl -n kern.osrelease)
 
     # XenServer Tools version
     hostctl attr/PVAddons/MajorVersion 6
     hostctl attr/PVAddons/MinorVersion 2
     hostctl attr/PVAddons/MicroVersion 0
     hostctl attr/PVAddons/BuildVersion 76888
     hostctl attr/PVAddons/Installed 1
 
     # OS version
     hostctl data/os_name "$ostype $osrelease"
     hostctl data/os_uname $osrelease
     hostctl data/os_distro $ostype
 
     # Update XenStore
     hostctl data/updated 1
 
 You may also need to disable the 'viridian' capability, which is enabled by
 default in XenServer. We can disable that by running the following command on
 one of the Xen host machines:
 
     xe vm-param-set uuid=<VM_UUID> platform:viridian=false
 
 Configure basics
 ----------------
 
 Install zsh:
 
     doas pkg_add zsh
 
 Install git and tig:
 
     doas pkg_add git tig
 
 Install vim. The following command will prompt you for which variant to
 install (I prefer `vim-no_x11-python3`):
 
     doas pkg_add vim
 
 Install basic utilities:
 
     doas pkg_add unzip
     doas pkg_add gnupg
 
 Install browsers:
 
     doas pkg_add lynx
     doas pkg_add firefox-esr ffmpeg
     doas pkg_add amfora
 
 Install fonts:
 
     doas pkg_add noto-fonts noto-cjk noto-emoji
 
 Install development toolchain extras:
 
     doas pkg_add llvm
     doas pkg_add clang-tools-extra
 
 
 Enable power management
 -----------------------
 
 In `/etc/rc.conf`, set:
 
     apmd_flags="-A"
 
 
 Configure X11
 -------------
 
 Install i3, dmenu, urxvt and/or alacritty:
 
     doas pkg_add i3
     doas pkg_add i3lock xautolock
     doas pkg_add i3status
     doas pkg_add dmenu
     doas pkg_add rxvt-unicode alacritty
 
 Enable the xenodm login manager in `/etc/rc.conf`:
 
     xenodm_flags=YES