OpenBSD Workstation for the People
1848 words, 9 minutes
This is an attempt at building an OpenBSD desktop than could be used by newcomers or by people that don’t care about tinkering with computers and just want a working daily driver for general tasks.
Somebody will obviously need to know a bit of UNIX but we’ll try to limit it to the minimum.
I’ve recorded a video covering the overall process described it. So if you prefer 📺 watching that 📖 reading, you can watch the 🔗 video from my Peertube account .
Learn how to walk before trying to run
Unless someone provides you with an already installed and configured machine, you’d better learn a bit about OpenBSD before trying to install and use it.
A lot of care has been taken by the OpenBSD folks to produce great documentation and you should really read it before following any step-by-step blog post or video. Yes, even those published here!
The OpenBSD website should be your starting point, always. If you feel like there is too much to read, at least read the Frequently Asked Questions .
Installation
I’ll proceed to an example installation on a ThinkPad X280 laptop. It’s a semi-old computer from 2018 but it still has decent hardware and great OpenBSD support.
This laptop has an internal ethernet port that requires an adapter - and I don’t have one. Also, the wireless interface will require a firmware that is not available during installation ; unless you build your own custom installation device. I’ll be using a USB-C to Ethernet adapter.
The OpenBSD FAQ explains how to download the installation
image
and create an
installation media using a USB flash drive or
CD-ROM
. If you are
running Linux, macOS, Illumos or any other *BSD, this is what you
should do. If you’re using Windows, this may be a bit more complicated.
In this case, give a try to
Ventoy
. This will create a
bootable USB drive on which you can simply copy the installer image
(install75.img
) and boot from it.
When you have created your USB install media, insert it and boot the
OpenBSD installer. A simple
install
is described in
the FAQ. For each OpenBSD release, a text file describes various aspects
of the release and contains an overview of the install process. As an
example, check the INSTALL.amd64 for OpenBSD
7.5
and
read the Installing the OpenBSD System
section.
Here are the list of questions the 7.5 installer asked me and what I replied. Most answers are defaults and can be used. Some are specific to my installation and you may enter your own values.
- (I)install, (U)pgrade, (A)utoinstall or (S)hell? i<Enter>
- Choose your keyboard layout [default] fr<Enter>
- System hostname? X280-de-Joel<Enter>
- Network interface to configure? [ure0] <Enter>
- IPv4 address for ure0? [autoconf] <Enter>
- IPv6 address for ure0? [none] <Enter>
- Network interface to configure? [done] <Enter>
- Password for root account? change_me<Enter>
Password for root account? (again) change_me<Enter> - Start sshd(8) by default? [yes] no<Enter>
- Do you want the X Window System to be started by xenodm(1)? [no] yes<Enter>
- Change the default console to com0? [no] <Enter>
- Setup a user? (enter a lower-case loginname or ’no’) [no] joel<Enter>
- Full name for user joel? Joel Carnat<Enter>
- Password for user joel? change_me<Enter>
Password for user joel? (again) change_me<Enter> - What timezone are you in? (’?’ for list) [Europe/Paris] <Enter>
- Which disk is the root disk? (’?’ for details) [sd0] ?<Enter>
Available disks are: sd0.
Which disk is the root disk? (’?’ for details) [sd0] <Enter> - Encrypt the root disk with a (p)assphrase or (k)eydisk? [no] p<Enter>
- Configuring the crypto chunk sd0…
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [gpt] <Enter> - New passphrase: change_me<Enter>
Re-type passphrase: change_me<Enter> - Configuring the root disk sd1…
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [gpt] <Enter> - Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] e<Enter>
sd1> m l<Enter>
offset: […] <Enter>
size: […] *<Enter>
FS type: [4.2BSD] <Enter>
mount point: [/home] <Enter>
sd1> w<Enter>
sd1> q<Enter> - Let’s install the sets!
Location of sets? [http] <Enter>
HTTP proxy URL? [none] <Enter>
HTTP Server? [cdn.openbsd.org] <Enter>
Server directory? <Enter>
Set name(s)? [done] <Enter>
Location of sets? [done] <Enter> - Exit to (S)hell, (H)alt or (R)eboot? [reboot] <Enter>
When the screen goes blank, remove the USB stick and let OpenBSD boot.
First boot
OpenBSD asks for the FDE passphrase before booting.
>> OpenBSD/amd64 BOOTX64 3.65
Passphrase: change_me<Enter>
OpenBSD boots, runs fw_update
and starts xenodm
, the X Display
Manager.
Default graphical interface
The display manager asks for a user login and password to open an X session. Enter the credentials of the user you created during the installation. The FVWM window manager and an X Terminal are launched.
If the xterm
font is too small, use Ctrl+Right-Click to select another
font size.
Administrative tasks with doas(1)
Your daily user may be limited regarding administrative tasks. This is a security policy and ensure you don’t wreck you system unless you ask for it.
In the xterm
window, switch to the root user and configure the doas
command.
I generally start with a simple configuration such as:
X280-de-Joel$ su -
Password: change_me
X280-de-Joel# echo 'permit keepenv persist :wheel' > /etc/doas.conf
X280-de-Joel# chmod 0600 /etc/doas.conf
X280-de-Joel# exit
Security updates
Depending on the release time, you may have to apply security updates for the OS. This is done in the console with the admistrative user.
X280-de-Joel$ doas syspatch
You may need to restart daemons and/or reboot to apply the changes.
Wireless configuration
As the Wireless card was not supported by OpenBSD installer, I have to
configure it now. To do so, read the Wireless Networking section of the
FAQ
. I went for the
trunk
configuration so that I can easily switch between wired and
wireless configuration.
$ doas su -
# cat > /etc/hostname.ure0
up
^D
# cat > /etc/hostname.iwm0
nwid "tumfatig" wpakey "change_me"
up
^D
# cat > /etc/hostname.trunk0
trunkproto failover trunkport ure0
trunkport iwm0
inet autoconf
^D
# sh /etc/netstart
# exit
Desktop configuration
FVWM may be a little bit too oldschool for you. Hopefully, OpenBSD offers various desktop environment options. You may use Gnome, KDE, Mate, LXQT. For this example, I’ll go with Xfce .
Xfce Desktop Environment
In the terminal, check the name of the Xfce packages and install the relevant ones.
$ pkg_info -Q xfce
$ doas pkg_add xfce-extras
The whole process of downloading and installing the software may take some time. Take the opportunity the stand-up, walk a bit, have a glass of water. When the installation process is over, you’ ll get a list of files to read for more information about configuring the software you’ve just installed. Read the files and apply what’s relevant for you.
$ more /usr/local/share/doc/pkg-readmes/dbus
$ more /usr/local/share/doc/pkg-readmes/upower
$ more /usr/local/share/doc/pkg-readmes/xdg-utils
$ more /usr/local/share/doc/pkg-readmes/xfce
$ doas rcctl enable apmd messagebus
$ doas rcctl start apmd messagebus
apmd(ok)
messagebus(ok)
$ doas usermod -G _shutdown joel
$ doas pkg_add xfce4-power-manager
$ pkg_info -Q gvfs
$ doas pkg_add gvfs-nfs gvfs-smb
$ man locale
$ locale -a | grep -i "fr.*utf"
$ export LC_ALL=fr_FR.UTF-8
$ doas pkg_add xdg-user-dirs
$ /usr/local/bin/xdg-user-dirs-update --force
$ vi ~/.xsession
export LC_ALL=fr_FR.UTF-8
if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" ]; then
eval `dbus-launch --sh-syntax --exit-with-x11`
fi
exec /usr/local/bin/startxfce4
#EOF
Close the Terminal and quit the FVWM session.
Back to xenodm
, log in again using your credentials and you should be
granted to an Xfce session.
Web browser
Most common Web browsers are available for OpenBSD. You can install ungoogled-chromium, Firefox or Firefox ESR. There are also a bunch of light alternative like qutebrowser, Epiphany, Tor Browser, Konqueror and many more.
My broadly available Web browser of choice is Firefox.
$ pkg_info -Q firefox
$ doas pkg_add firefox
$ more /usr/local/share/doc/pkg-readmes/firefox
Firefox benefits from security settings that prevents it to access every directories on the OS. I want Firefox to access my localized “Downloads” directory. So I add it to the relevant configuration file.
$ doas vi /etc/firefox/unveil.main
(...)
~/Downloads rwc
~/Téléchargements rwc
There are also environment variables that can be setup to enable accelerated rendering.
$ vi ~/.xsession
(...)
export MOZ_ACCELERATED=1 MOZ_WEBRENDER=1
You can now start Firefox from the application menu. Follow the welcome
wizard and configure it as you need. For example, add the uBlock Origin
extension.
Mail reader
Evolution and KMail are available in the ports. I personnaly use both Thundebird and neomutt. Let’s concentrate on TB here. From a Terminal, seek and install the package.
$ pkg_info -Q thunderbird
$ doas pkg_add thunderbird
$ more /usr/local/share/doc/pkg-readmes/thunderbird
You can now start and configure Thunderbird. Then manage your emails.
Add the TBSync and DAV-4-TbSync plugins if you want to deal with CardDAV addressbook and CalDAV calendars.
OpenBSD.app - search packages
The default pkg_info
tool is useful when looking for available
packages. But there is also a Web search tool named OpenBSD.app. It can
be used from your Web browser and may be easier for you.
You can access it from here .
Additional software
Here’s a list of classical software you can get on OpenBSD for generic purposes:
- LibreOffice, a productivity suite.
- Atril, PDFarranger and Xournal++, for managing PDF files.
- VLC, the VideoLAN Client.
- Rhythmbox, to manage your music library.
- digiKam or Shotwell, to manage your photo library.
- The Gimp and Inkscape, for image creation and manipulation.
- KDEnlive, the video editor.
Those can be installed using pkg_add
.
$ doas pkg_add libreoffice-i18n-fr
$ doas pkg_add atril pdfarranger xournalpp
$ doas pkg_add vlc
$ doas pkg_add rhythmbox
$ doas pkg_add digikam
$ doas pkg_add gimp--%stable inkscape
$ doas pkg_add kdenlive
It is always nice to backup your data. I backup my laptop with the same tool I backup my servers: rsnapshot. But this is a console tool and may not be very easy to use straightaway. Deja Dup and KBackup look like nice GUI alternatives.
$ doas pkg_add deja-dup
I have AZERTY laptops but mostly use an external QWERTY USB keyboard. So I like to be able to switch keyboard layout and keep a look on the current activated one. Once the Xfce plugin is installed, add it to an Xfce panel.
$ doas pkg_add xfce4-xkb
To deal with eyes fatigue, I run Redshift. This utility changes the color temperature of the screen according to the time of day.
$ doas pkg_add redshift
My password manager of choice is KeePassXC. I also add the Firefox extension for smoother browsing experience. You may also like Seahorse.
$ pkg_info -Q keepass
$ doas pkg_add keepassxc-browser
$ more /usr/local/share/doc/pkg-readmes/keepassxc
$ doas vi /etc/firefox/unveil.main
If you need a calculator, you already have xcalc
; but it may look a
bit too oldschool. You can still install the GNOME or the MATE
calculator.
$ doas pkg_add mate-calc
$ doas pkg_add gnome-calculator
If you need a tool to select characters, you can install the GNOME Character Map.
$ doas pkg_add gucharmap
Desktop customization
Some say Xfce looks old. You can install themes to have it look a little different. OpenBSD ports comes with a couple of icon sets and themes.
$ doas pkg_add arc-theme-solid papirus-icon-theme xcursor-dmz
Then, using the Settings application, modify Xfce’s appearance.
Et voilà. You can now use your laptop and still start to learn more about OpenBSD.