What To Do After A Fresh OpenBSD Install (First Steps)

This is my own step-by-step process after a fresh OpenBSD install on my laptop.

I use my X1 Carbon Gen 6 for OpenBSD and it’s my daily driver for work (web dev and content marketing).

Everyone’s use case is different, but you might find this helpful.

I won’t cover the install process itself, but I will add one necessary, pre-install step:

1. Obtain firmware

Let’s say you’ve just downloaded and installed an OpenBSD image to a USB in preparation for an install.

Go into a terminal on the computer you’re using and run:

wget --recursive --no-parent http://firmware.openbsd.org/firmware/7.2/

Replace version number if need be and use http, not https or you’ll likely get an error.

This will recursively download all OpenBSD firmware on that page to your current folder.

Move this firmware content over to your installation USB or another spare USB.

2. Install OpenBSD

I’m not going through this process here (it’s dead easy anyway).

Boot into your new OS.

3. Install the firmware from step #1

Once you’ve booted up into OpenBSD for the first time and logged in as root, insert your USB that contains the firmware.

Type dmesg if you need to get your USB device name (mine’s sd2).

Your USB should have 3 partitions or slices on it (a, c and i) if it’s the installation USB. If it’s not, type disklabel -pm sd2 to see what they are.

In my case, the firmware is sitting on sd2a, so all that’s necessary to mount it is:

mount /dev/sd2a /mnt

The USB is mounted, so now you just use fw_update to install all the firmware you downloaded earlier:

fw_update -p /mnt/firmware/7.2/

In a few seconds, all your firmware is ready to go.

4. Wifi

First thing I do is get connected.

If ethernet isn’t handy, all I do is run:

ifconfig iwm0 nwid SSIDNAME wpakey PASSWORD

My device name is iwm0 (made usable by the firmware).

Now I have Internet access, I can start installing everything and configuring my system.

5. syspatch

Your first step after installing OpenBSD and getting a connection should always be a quick syspatch.

This makes sure your kernel is up-to-date (I’m not using current at the moment, btw).

You can follow this up with pkg_add -u to check if any of the software sets need updating and get the newer versions.

6. Install vim

pkg_add vim

7. Create user

Use the adduser command to create your non-root user.

8. Performance tweaks from the get-go

Before you start adding anything else, I recommend a few essential performance enhancements.

1. Create a /etc/sysctl.conf and add the following:

kern.shminfo.shmall=6291456
kern.shminfo.shmmax=999999999
kern.shminfo.shmmni=2048

kern.shminfo.shmseg=2048
kern.seminfo.semmns=4096
kern.seminfo.semmni=1024

kern.maxproc=3250
kern.maxfiles=8192
hw.smt=1
machdep.allowaperture=1

kern.audio.record=1
kern.video.record=1

net.inet.udp.recvspace=262144
net.inet.udp.sendspace=262144
net.inet.icmp.errppslimit=1000

2. Edit fstab and do the following:

Assuming you’re using vim, type the following:

:%s/rw,/rw,softdep,noatime,/g

Find and replace in vim just saves typing.

Save the file.

3. Add non-root user to the staff group and tweak staff resources

Browsers suffer performance hits in OpenBSD so you need to make sure your user can access adequate resources.

Add your user to staff (I just edit /etc/group and add my username after root on the staff line).

If you prefer, use usermod.

You can also add the user to operator and wheel for the next step.

Then go ahead and edit /etc/login.conf and change the staff block to the following:

staff:\
        :datasize-cur=infinity:\
        :datasize-max=infinity:\
        :maxproc-cur=512:\
        :maxproc-max=1024:\
        :openfiles-cur=102400:\
        :openfiles-max=102400:\
        :stacksize-cur=32M:\
        :ignorenologin:\
        :requirehome@:\
        :tc=default:

9. Improve battery life

Enable apmd for better battery life and set it to either auto or low mode:

rcctl enable apmd
rcctl set apmd flags -A (or -L)
rcctl start apmd

9. Set up doas

Create /etc/doas.conf and add the following:

permit nopass keepenv :wheel

You can now log in as your user and doas anything you want (it’s like sudo but better ).

10. Reboot

At this point, you can reboot (reboot command as root).

11. Essential programs

There are a few essentials that I install right away:

doas pkg_add git wget curl zsh gnupg password-store

12. GPG and SSH keys

On my other computer (FreeBSD machine), I export my GPG secret keys:

gpg --list-secret-keys
gpg --export-secret-keys KEYID > ~/secret.key

Use scp to copy it over to my new OpenBSD machine: scp secret.key 192.168.0.2:.

Import the secret key: gpg --import secret.key

13. Copy over password store

scp -r 192.168.0.1:.password-store .

Passwords should now be accessible using the pass command.

14. Install dwm, st and dmenu, and enable xenodm

Download the source for all three of these:

wget https://dl.suckless.org/dwm/dwm-6.4.tar.gz
wget https://dl.suckless.org/st/st-0.9.tar.gz
wget https://dl.suckless.org/tools/dmenu-5.2.tar.gz

Extract the tar files, configure and make all three ( dwm not covered in this guide).

NOTE: I usually just keep default configs at first with some minor changes (changing MOD key, terminal and exit commands). Heavy modification comes later.

Move all three compiled binaries to /usr/local/bin/.

Create a $HOME/.xsession file and add the following: dwm

Enable and start xenodm:

doas rcctl enable xenodm
doas rcctl start xenodm

Logging in with xenodm will take you straight to dwm.

15. Cursor speed, volume and brightness

You’ll notice right away that your trackpad speed is slower than ideal, your volume is too low and the brightness is dim.

To fix the trackpad:

doas wsconsctl mouse.tp.scaling=1
doas mouse.reverse_scrolling=1

The 2nd line there reverses the two finger scroll direction (personal taste).

You can also add these lines to /etc/wsconsctl.conf to persist changes.

For audio level, use sndioctl output.level=1 to max volume.

For screen brightness, use xbacklight -set 100 or adjust number accordingly.

16. Open up a suckless terminal and start adding X programs

From here, you can go ahead and install what you need to be productive.

A few more (but not all) of my X programs: doas pkg_add gimp inkscape firefox thunderbird lxappearance pcmanfm.

I install feh for background images (feh --bg-scale image.jpg). Add this line to your .xsession file to persist.

More to come

I’ll add to this shortly and go into detail on my workflow setup (my terminal, vim and other various first steps).