Lock Down Your Laptop With OpenBSD: Part 2
So you've got a nice fresh OpenBSD install on your laptop, and you're excited to use it. However the desktop environment it comes with is absolutely horrifying to use. Following up from the installation of OpenBSD found on This Blog Post, it is time to tweak out OpenBSD to have a nice and custom desktop tailored to your needs.
I will be configuring i3 window manager, although the setup process for a more well-known desktop environment (like GNOME or XFCE) is very similar in terms of setup.
Since I opted for i3, there's a lot more manual configuration- but the reward is much greater in terms of the ability to customize it. Anyways, this machine doesn't configure itself- so lets dive right in!
Installing Required Software
I wanted for a somewhat custom look, so this is what I set out to install:
- chromium (yes, it's modded by the developers)
- openbsd-backgrounds (because it contains the xwallpaper app)
To install these, I logged in as root and ran the following command in the terminal (once connected to internet):
pkg_add i3-gaps i3status rofi rxvt-unicode chromium irssi w3m vim openbsd-backgrounds
With this completed and out of the way, configuration of the OS is now much easier and we're ready to actually begin configuration.
There's a console at the login prompt that isn't my taste, so I wanted to disable it. To do so, run:
sed -i 's/xconsole/#xconsole/' /etc/X11/xenodm/Xsetup_0 echo 'xset b off' >> /etc/X11/xenodm/Xsetup_0
The first command comments out the execution of XConsole at the login screen, while the second one disables system beeps at the prompt.
Next thing is enabling the ability to save us some battery life, since we are installing on a laptop:
rcctl enable apmd rcctl set apmd flags -A rcctl start apmd
Apmd is the Advanced Power Management Daemon, and automatically handles the power draw for your system for you.
Since I created a user other than root during installation (let's call the username
joe), it's critical to give the account access to
echo 'permit persist keepenv joe' > /etc/doas.conf
doas command on OpenBSD is actually slated to be the successor to
sudo on most platforms, due to it's simplicity and ease of use. Many Linux systems already provide
doas as an alternative to
sudo due to how well it runs, and this one line just grants the same access you would normally have when using it. However, you can also restrict the access to specific commands depending on the user.
We want to also make the user a member of the
staff group, as this group has access to more system resources than plain old users:
usermod -G staff joe
While we're at it, we might as well bump up some of the resource limits even further so our system will run like a dream.
Modify the staff: entry in /etc/login.conf to look like this:
staff:\ :datasize-cur=1024M:\ :datasize-max=8192M:\ :maxproc-cur=512:\ :maxproc-max=1024:\ :openfiles-cur=4096:\ :openfiles-max=8192:\ :stacksize-cur=32M:\ :ignorenologin:\ :requirehome@:\ :tc=default:
Then, append this to /etc/sysctl.conf:
# shared memory limits (chrome needs a ton) kern.shminfo.shmall=3145728 kern.shminfo.shmmax=2147483647 kern.shminfo.shmmni=1024 # semaphores kern.shminfo.shmseg=1024 kern.seminfo.semmns=4096 kern.seminfo.semmni=1024 kern.maxproc=32768 kern.maxfiles=65535 kern.bufcachepercent=90 kern.maxvnodes=262144 kern.somaxconn=2048
NOTE: If a setting exists already and is already higher than what you plan to replace it with, don't touch it. You'll just slow the system down.
What this does is allow for larger amounts of memory to be used by the user and allows the OS to have larger amounts of shared memory.
Awesome, Now let's get suspend working! First we need to run
and then append the following to /etc/apm/suspend:
#!/bin/sh pkill -USR1 xidle
We can now run
chmod +x /etc/apm/suspend and it will work properly.
Reboot to apply these changes.
FINALLY Setting Up The Desktop
First things first, we will want to configure GTK because the default keybindings are that of emacs- and
it stinks gets the job done, but I don't prefer it. To switch to more normal keybindings, run the command
mkdir -p ~/.config/gtk-3.0
and then append the following to ~/.config/gtk-3.0/settings.ini:
[Settings] gtk-theme-name=Adwaita gtk-icon-theme-name=Adwaita gtk-font-name=Arimo 9 gtk-toolbar-style=GTK_TOOLBAR_ICONS gtk-toolbar-icon-size=GTK_ICON_SIZE_SMALL_TOOLBAR gtk-button-images=1 gtk-menu-images=1 gtk-enable-event-sounds=1 gtk-enable-input-feedback-sounds=1 gtk-xft-antialias=1 gtk-xft-hinting=1 gtk-xft-hintstyle=hintslight gtk-xft-rgba=rgb gtk-cursor-theme-size=0 gtk-cursor-theme-name=Default gtk-key-theme-name=Default
Now we need to copy the default i3status to /etc:
cp /usr/local/share/examples/i3status/i3status.conf /etc
Failure to do this will cause i3status to crash on launch.
Lastly, let's configure i3 to actually launch. Open /etc/X11/xenodm/Xsession in a text editor and go to the end of the text file. There will be a portion saying
exec fvwm. Remove that line entirely and replace it with
exec i3. Now search for anything in this file saying
xconsole and remove it (this prevents automatic launching of a console in your desktop.)
If running Intel Integrated Graphics, it may be wise to do one final modification to prevent screen tearing. To do this, run the following command:
This makes the xorg.conf.d directory. Now append the following contents to
Section "Device" Identifier "drm" Driver "intel" Option "TearFree" "true" EndSection
This configures OpenBSD to play more nicely with your Intel Integrated Graphics.
reboot to reboot your system. You should be able to log in as your normal user and have access to i3 window manager. It will provide a “first startup” wizard to go through. If unfamiliar with i3, it is a tiling window manager that uses keyboard shortcuts to manipulate windows.
Once the configuration has been generated, we will need to configure i3 a bit further to allow for
urxvt to work. To tweak these, we first need to edit our
~/.Xdefaults file and add the following contents (note- this is the longest part of the entire task of getting a desktop working):
! === Rofi colors rofi.color-window : argb:c82d303b, #7c8389, #1d1f21 rofi.color-normal : argb:3c1d1f21, #c4cbd4, argb:96404552, #4084d6, #f9f9f9 rofi.color-urgent : argb:2c1d1f21, #cc6666, argb:e54b5160, #a54242, #f9f9f9 rofi.color-active : argb:2c1d1f21, #65acff, argb:e44b5160, #4491ed, #f9f9f9 rofi.font : Noto Sans 14 rofi.hide-scrollbar : true ! === URXVT URxvt*geometry : 80x30 "URxvt.font : 9x15 !Special Xft*dpi : 96 Xft*antialias : true Xft*hinting : true Xft*hintstyle : hintslight Xft*rgba : rgb URxvt.cursorUnderline : true URxvt*font : xft:Monospace:size=14:antialias=true URxvt*letterSpace : -2 URxvt.background : #1d1f21 URxvt.foreground : #c5c8c6 URxvt.cursorColor : #c5c8c6 urxvt*transparent : tue urxvt*shading : 30 URxvt*saveLines : 0 URxvt*scrollBar : false !black urxvt.color0 : #282a2e urxvt.color8 : #373b41 !red urxvt.color1 : #a54242 urxvt.color9 : #cc6666 !green urxvt.color2 : #8c9440 urxvt.color10 : #b5bd68 !yellow urxvt.color3 : #de835f urxvt.color11 : #f0c674 !blue urxvt.color4 : #5f819d urxvt.color12 : #81a2be !magenta urxvt.color5 : #85678f urxvt.color13 : #b294bb !cyan urxvt.color6 : #5e8d87 urxvt.color14 : #8abeb7 !white urxvt.color7 : #707880 urxvt.color15 : #c5c8c6
This chunk of configuration sets
rofi (our app launcher) into dark mode, and changes the default terminal colors to be a little easier on the eyes with a dark theme instead of a eye-scorching manilla color... Only one change to go!
~/.config/i3/config in your editor and go around 45 down. You will notice a section that says “Start a terminal”. We want to change it's corresponding command to this:
bindsym $mod+Return exec /usr/local/bin/urxvt
This sets the i3 hotkey combo to execute
urxvt instead of
Awesome! Since i3-gaps is installed, gaps between windows can be set up and configured if preferred. Otherwise, configuration is done, and you're able to install other software that you might want, such as Libreoffice, VLC, PCManFM, and other useful utilities (or games?)
Lastly, to set your desktop background, download a picture and save it to your preferred directory. In my case, it's located at
/home/w00t/Pictures/wallpaper.png. Using my download location, I appended the following line to
exec --no-startup-id "xwallpaper --stretch /home/w00t/Pictures/wallpaper.png"
Now my desktop wallpaper automatically sets itself on login.
There's other tweaks you can make- but this is meant to be enough to get to a system that's comfortable to work in and have an enjoyable time with OpenBSD. Until Next Time!
Source For Some Config Files: C0ffee.net
Liked This Content? Check Out Our Discord Community and Become an email subscriber!