OpenBSD
Table of Contents
The trick is to have an additional external interface. This should be the CARP address and used for NAT. Every router should have it’s own external IP.
This is not a complete install guide. These are notes, mostly to myself. OpenBSD is known for good documentation, so start with the FAQ: https://www.openbsd.org/faq/
Broad stokes: Install OpenBSD 7.7 AMD64 using full disk encryption. We will use XFCE as KDE is not fully supported to due Wayland issues.
Grab install77.img (or install77.iso) from a mirror https://cdn.openbsd.org/pub/OpenBSD/7.7/amd64/. Copy this image to a USB flash drive. This will depend on your host system, try searching for “copy image to usb on Linux” (or whatever your host OS is).
The installer will ask:
Encrypt the root disk with a (p)assphrase or (k)eydisk? [no]
Choose one of those and follow the prompts, if you want full disk encryption.
As of ~7.5, the installer supports setting up full fisk encryption, so you no longer need these steps:
Once booted, drop to the (S)hell and follow the Full Disk Encryption
steps from the FAQ:
https://www.openbsd.org/faq/faq14.html#softraidFDE
For reference, this is the “automatic” partitioning layout for a 96 GB disk (using the legacy MBR scheme):
Setting OpenBSD MBR partition to whole sd0...done.
The auto-allocated layout for sd0 is:
# size offset fstype [fsize bsize cpg]
a: 1.0G 64 4.2BSD 2048 16384 1 # /
b: 2.2G 2097216 swap
c: 96.0G 0 unused
d: 4.0G 6782752 4.2BSD 2048 16384 1 # /tmp
e: 8.0G 15171328 4.2BSD 2048 16384 1 # /var
f: 9.9G 31882400 4.2BSD 2048 16384 1 # /usr
g: 1.0G 52725696 4.2BSD 2048 16384 1 # /usr/X11R6
h: 13.7G 54822848 4.2BSD 2048 16384 1 # /usr/local
i: 3.7G 83576928 4.2BSD 2048 16384 1 # /usr/src
j: 6.0G 91325472 4.2BSD 2048 16384 1 # /usr/obj
k: 46.5G 103908384 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
If you are installing KDE, you need a large
/usr/localpartition (at least 10 GB).
Follow the standard instructions to install.
Once you boot into the system login as root an update the system:
syspatch
fw_update
Go ahead and reboot if it recommends you to do so.
Log back in as root, and let’s get to work …
You will need a large /usr/local partition. 9 GB is NOT enough.
pkg_add kde kde-plasma
~/.xsession
#!/bin/sh
startplasma-x11
While KDE is usable in 7.7, it’s not completely stable. Some things won’t work (such as deep system integration - device, users, etc). I’ve also experienced some crashing using the plasma desktop. For example, searching for anything in the launcher menu seems to crash plasma.
For a more stable environment, use XFCE and install the KDE tools you need and run them from XFCE instead.
pkg_add xfce xfce-extras chromium firefox
USER='your user name'
usermod -G operator $USER
usermod -G wheel $USER
usermod -G _shutdown $USER
echo "permit persist :wheel" >> /etc/doas.conf
rcctl enable messagebus
rcctl start messagebus
rcctl enable apmd
rcctl start apmd
The above will use 3.5 GB in
/usr/local.
As your user account:
cat << EOF > ~/.xsession
#!/bin/sh
if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" ]; then
eval `dbus-launch --sh-syntax --exit-with-x11`
fi
# xrandr --dpi 96
# ^^ Uncomment and adjust if some apps are incorrectly scaled, for example Qt
# apps: https://marc.info/?l=openbsd-tech&m=163674121630769&w=2
startxfce4
EOF
Copy your fonts to ~/.fonts and run fc-cache.