# OpenBSD # Openbsd-as-a-Desktop-OS # Upgrade OpenBSD ## Patch Base System ```bash syspatch ``` ## Upgrade system ```bash sysupgrade ``` ## Upgrade Packages ```bash pkg_add -u ``` # Package Management ## Search for a package ```bash pkg_info -Q ``` ## Get Info about package ```bash pkg_info ``` ## install package ```bash pkg_add ``` # System Enhancement If you have an SSD you can edit ```/etc/fstab``` and add attribute ```softdep``` # Download and Configure Ports tree ```bash ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig} signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz tar xzvf /tmp/ports.tar.gz -C /usr ``` # Install Pandoc via Cabal OpenBSD 6.7 # Install Cabal Cabal is a packagemanager for Haskell very much like pip is for Python. You can install it from ports: ```bash doas pkg_add -i ghc cabal-install ``` ## Prepare system to compile programs via cabal **Enable wxallowed in /home and /tmp:** You can do so via editing your /etc/fstab like this (this is my personal fstab. don't blindly copy paste, you have to insert the wxallowed in the right place in your own /etc/fstab. ```bash .b none swap sw .a / ffs rw,softdep,noatime 1 1 .k /home ffs rw,softdep,wxallowed,noatime,nodev,nosuid 1 2 .d /tmp ffs rw,softdep,wxallowed,noatime,nodev,nosuid 1 2 .f /usr ffs rw,softdep,wxallowed,noatime,nodev 1 2 .g /usr/X11R6 ffs rw,softdep,noatime,nodev 1 2 .h /usr/local ffs rw,softdep,wxallowed,noatime,nodev 1 2 .j /usr/obj ffs rw,softdep,noatime,wxallowed,nodev,nosuid 1 2 .i /usr/src ffs rw,softdep,noatime,nodev,nosuid 1 2 .e /var ffs rw,softdep,noatime,nodev,nosuid 1 2 ``` then reboot. ## (optional) enable multithreating If you want to enable hyperthreating tempoary, do: ```bash doas sysctl hw.smt=1 ``` if you want to make it permanent edit your /etc/sysctl.conf and paste the following at the end: ```bash hw.smt=1 ``` notice: without rebooting you have once to enable it manually, after the fist reboot, it will be active ```bash sysctl hw.smt=1 ``` you can check that hyperthreating is active, with programs like top or htop ## raise ulimit: put the following into your ```bash ~/.profile ``` ```bash ulimit -d 4096*1024 ``` If you haven't relogged, you have to manually paste this everytime you open a terminal in which you want to compile, since it's a command for your shell. ```bash ulimit -d 4096*1024 ``` ## Correct you PATH edit this into you ```.profile``` ```bash PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:$HOME/.cabal/bin/:. ``` ## install pandoc or pandoc-citeproc if you want to convert LATEX you probably want pandoc-citeproc, it automatically pulls pandoc as dependency: as a user (not root) execute: ```bash ulimit -d 4096*1024 cabal update cabal install pandoc-citeproc ``` This will need a lot of time and resources to compile, be pacient. Pandoc should now be able to be compiled. After compilation is finished, don't be surpised if nothing happens when you execute pandoc and / or getting an error, read clearly, you may have the binary successfully compiled and it just couldn't symlink. you probably can find pandoc in: ~/.cabal/bin/pandoc if nothig happens when you execute this binary, it probably does work as inteded anyways, try to give it an argument like: ```bash ~/.cabal/bin/pandoc -v ``` Congratulations! You have successfully compiled and installed pandoc in OpenBSD # OpenBSD virtualization OpenBSD 6.7 # Setup ```/etc/rc.conf.local``` ```bash apmd_flags="-A" dhcpd_flags=vether0 vmd_flags= ntpd_flags="-s" ``` ## /etc/hostname.vether0 ```bash inet 192.168.30.1 255.255.255.0 NONE ``` ## /etc/dhcpd.conf ```bash # Network: 192.168.11.0/255.255.255.0 # Domain name: vmm.local # Name servers: 192.168.11.1 # Default router: 192.168.11.1 # Addresses: 192.168.30.100 - 192.168.30.200 shared-network VMM-LOCAL { subnet 192.168.30.0 netmask 255.255.255.0 { range 192.168.30.100 192.168.30.200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.30.255; option routers 192.168.30.1; option domain-name-servers 192.168.11.1; # host vm1 { # hardware ethernet 00:20:91:00:00:01; # fixed-address vm1.vmm.local; # } } } ``` ## /etc/sysctl.conf ```bash net.inet.ip.forwarding=1 ``` ## /etc/pf.conf ```bash set skip on lo block return # block stateless traffic pass # establish keep-state # By default, do not permit remote connections to X11 block return in on ! lo0 proto tcp to port 6000:6010 ext_if="em0" int_if="{ vether0 tap0 }" set block-policy drop set loginterface egress match in all scrub (no-df random-id max-mss 1440) match out on egress inet from !(egress:network) to any nat-to (egress:0) pass out quick inet pass in on $int_if inet pass in on egress inet proto tcp from any to (egress) port 22 ``` ## /etc/vm.conf ```bash switch "local" { add vether0 add tap0 } vm "vm1.vm" { memory 512M kernel "/bsd.rd" disk "/vmm/vm1.img" interface { switch "local" lladdr 00:20:91:00:00:01 } } ``` # Commands ```bash vmmctl status ``` ```bash vmctl console 1 cu /dev/ttyp0 ``` ```bash vmctl create /vmm/vm1.img -s 500M vmctl start -c -b /bsd.rd -m 512M -i 1 -d /vmm/vm1.img ``` ```bash # X11 Forwarding ssh -Y vm programmname ```