OpenBSD Workstation for the People

  2024-07-16      2120 words, 10 minutes

• openbsd
• workstation
• xfce

This is an attempt at building an OpenBSD desktop than could be used by newcomers or by people that don’t care about tinkering with computers and just want a working daily driver for general tasks.

Somebody will obviously need to know a bit of UNIX but we’ll try to limit it to the minimum.

I’ve recorded a video covering the overall process described it on OpenBSD 7.5. So if you prefer 📺 watching that 📖 reading, you can watch the 🔗 video from my Peertube account .

Learn how to walk before trying to run

Unless someone provides you with an already installed and configured machine, you’d better learn a bit about OpenBSD before trying to install and use it.

A lot of care has been taken by the OpenBSD folks to produce great documentation and you should really read it before following any step-by-step blog post or video. Yes, even those published here!

The OpenBSD website should be your starting point, always. If you feel like there is too much to read, at least read the Frequently Asked Questions .

Installation

I’ll proceed to an example installation on a ThinkPad X280 laptop. It’s a semi-old computer from 2018 but it still has decent hardware and great OpenBSD support.

This laptop has an internal ethernet port that requires an adapter - and I don’t have one. Also, the wireless interface will require a firmware that is not available during installation ; unless you build your own custom installation device. I’ll be using a USB-C to Ethernet adapter.

The OpenBSD FAQ explains how to download the installation image and create an installation media using a USB flash drive or CD-ROM . If you are running Linux, macOS, Illumos or any other *BSD, this is what you should do. If you’re using Windows, this may be a bit more complicated. In this case, give a try to Ventoy . This will create a bootable USB drive on which you can simply copy the installer image (install75.img) and boot from it.

When you have created your USB install media, insert it and boot the OpenBSD installer. A simple install is described in the FAQ. For each OpenBSD release, a text file describes various aspects of the release and contains an overview of the install process. As an example, check the INSTALL.amd64 for OpenBSD 7.5 and read the Installing the OpenBSD System section.

Here are the list of questions the 7.5 installer asked me and what I replied. Most answers are defaults and can be used. Some are specific to my installation and you may enter your own values.

• (I)install, (U)pgrade, (A)utoinstall or (S)hell? i<Enter>
• Choose your keyboard layout [default] fr<Enter>
• System hostname? X280-de-Joel<Enter>
• Network interface to configure? [ure0] <Enter>
• IPv4 address for ure0? [autoconf] <Enter>
• IPv6 address for ure0? [none] <Enter>
• Network interface to configure? [done] <Enter>
• Password for root account? change_me<Enter>
  Password for root account? (again) change_me<Enter>
• Start sshd(8) by default? [yes] no<Enter>
• Do you want the X Window System to be started by xenodm(1)? [no] yes<Enter>
• Change the default console to com0? [no] <Enter>
• Setup a user? (enter a lower-case loginname or ’no’) [no] joel<Enter>
• Full name for user joel? Joel Carnat<Enter>
• Password for user joel? change_me<Enter>
  Password for user joel? (again) change_me<Enter>
• What timezone are you in? (’?’ for list) [Europe/Paris] <Enter>
• Which disk is the root disk? (’?’ for details) [sd0] ?<Enter>
  Available disks are: sd0.
  Which disk is the root disk? (’?’ for details) [sd0] <Enter>
• Encrypt the root disk with a (p)assphrase or (k)eydisk? [no] p<Enter>
• Configuring the crypto chunk sd0…
  Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [gpt] <Enter>
• New passphrase: change_me<Enter>
  Re-type passphrase: change_me<Enter>
• Configuring the root disk sd1…
  Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [gpt] <Enter>
• Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] e<Enter>
  sd1> m l<Enter>
  offset: […] <Enter>
  size: […] *<Enter>
  FS type: [4.2BSD] <Enter>
  mount point: [/home] <Enter>
  sd1> w<Enter>
  sd1> q<Enter>
• Let’s install the sets!
  Location of sets? [http] <Enter>
  HTTP proxy URL? [none] <Enter>
  HTTP Server? [cdn.openbsd.org] <Enter>
  Server directory? <Enter>
  Set name(s)? [done] <Enter>
  Location of sets? [done] <Enter>
• Exit to (S)hell, (H)alt or (R)eboot? [reboot] <Enter>

When the screen goes blank, remove the USB stick and let OpenBSD boot.

First boot

OpenBSD asks for the FDE passphrase before booting.

>> OpenBSD/amd64 BOOTX64 3.65
Passphrase: change_me<Enter>

OpenBSD boots, runs fw_update and starts xenodm, the X Display Manager.

Default graphical interface

The display manager asks for a user login and password to open an X session. Enter the credentials of the user you created during the installation. The FVWM window manager and an X Terminal are launched.

If the xterm font is too small, use Ctrl+Right-Click to select another font size.

Administrative tasks with doas(1)

Your daily user may be limited regarding administrative tasks. This is a security policy and ensure you don’t wreck you system unless you ask for it.

In the xterm window, switch to the root user and configure the doas command.
I generally start with a simple configuration such as:

X280-de-Joel$ su -
Password: change_me

X280-de-Joel# echo 'permit keepenv persist :wheel' > /etc/doas.conf
X280-de-Joel# chmod 0600 /etc/doas.conf
X280-de-Joel# exit

Security updates

Depending on the release time, you may have to apply security updates for the OS. This is done in the console with the admistrative user.

X280-de-Joel$ doas syspatch

You may need to restart daemons and/or reboot to apply the changes.

Wireless configuration

As the Wireless card was not supported by OpenBSD installer, I have to configure it now. To do so, read the Wireless Networking section of the FAQ . I went for the trunk configuration so that I can easily switch between wired and wireless configuration.

$ doas su -

# cat > /etc/hostname.ure0
up
^D

# cat > /etc/hostname.iwm0
nwid "tumfatig" wpakey "change_me"
up
^D

# cat > /etc/hostname.trunk0
trunkproto failover trunkport ure0
trunkport iwm0
inet autoconf
^D

# sh /etc/netstart
# exit

Desktop configuration

FVWM may be a little bit too oldschool for you. Hopefully, OpenBSD offers various desktop environment options. You may use Gnome, KDE, Mate, LXQT. For this example, I’ll go with Xfce .

Graphics acceleration

2024-10-10 Update: the release of OpenBSD 7.6 brought good news for the desktop:

Imported libva 2.22.0, an implementation for VA-API (video acceleration API). VA-API provides access to graphics hardware acceleration capabilities for video processing.

For desktop using AMD RADEON GPUs, it is already configured via Mesa.

For desktop using Intel GPUs, there are two available packages that depend on the card you own. To know which exact GPU you have, look at your dmesg:

$ dmesg | grep '^inteldrm'

inteldrm0 at pci0 dev 2 function 0 "Intel Graphics" rev 0x0c
inteldrm0: msi, ALDERLAKE_P, gen 12

inteldrm0 at pci0 dev 2 function 0 "Intel UHD Graphics 600" rev 0x03
inteldrm0: msi, GEMINILAKE, gen 9

inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
inteldrm0: msi, IVYBRIDGE, gen 7

inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 520" rev 0x07
inteldrm0: msi, SKYLAKE, gen 9

Then check which is the correct package for your configuration by looking at its description:

$ pkg_info intel-media-driver

Information for inst:intel-media-driver-24.2.5p0
(...)
Supported Platforms

- BDW (Broadwell)
- SKL (Skylake)
- BXTx (BXT: Broxton, APL: Apollo Lake, GLK: Gemini Lake)
- KBLx (KBL: Kaby Lake, CFL: Coffee Lake, WHL: Whiskey Lake, CML: Comet
  Lake, AML: Amber Lake)
- ICL (Ice Lake)
- JSL (Jasper Lake) / EHL (Elkhart Lake)
- TGLx (TGL: Tiger Lake, RKL: Rocket Lake, ADL-S/P/N: Alder Lake, RPL-S/P:
        Raptor Lake)
- DG1/SG1
- Alchemist(DG2)/ATSM
- MTLx (MTL: Meteor Lake, ARL-S/H: Arrow Lake)

$ pkg_info intel-vaapi-driver

Information for inst:intel-vaapi-driver-2.4.1p1

Comment:
VAAPI legacy driver for Intel GMA 4500 to UHD 630

Install the correct one using pkg_add.

Xfce Desktop Environment

In the terminal, check the name of the Xfce packages and install the relevant ones.

$ pkg_info -Q xfce

$ doas pkg_add xfce-extras

The whole process of downloading and installing the software may take some time. Take the opportunity the stand-up, walk a bit, have a glass of water. When the installation process is over, you’ ll get a list of files to read for more information about configuring the software you’ve just installed. Read the files and apply what’s relevant for you.

$ more /usr/local/share/doc/pkg-readmes/dbus
$ more /usr/local/share/doc/pkg-readmes/upower
$ more /usr/local/share/doc/pkg-readmes/xdg-utils
$ more /usr/local/share/doc/pkg-readmes/xfce

$ doas rcctl enable apmd messagebus
$ doas rcctl start apmd messagebus
apmd(ok)
messagebus(ok)

$ doas usermod -G _shutdown joel

$ doas pkg_add xfce4-power-manager

$ pkg_info -Q gvfs
$ doas pkg_add gvfs-nfs gvfs-smb

$ man locale
$ locale -a | grep -i "fr.*utf"
$ export LC_ALL=fr_FR.UTF-8

$ doas pkg_add xdg-user-dirs
$ /usr/local/bin/xdg-user-dirs-update --force

$ vi ~/.xsession
export LC_ALL=fr_FR.UTF-8
if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" ]; then
    eval `dbus-launch --sh-syntax --exit-with-x11`
fi
exec /usr/local/bin/startxfce4
#EOF

Close the Terminal and quit the FVWM session.

Back to xenodm, log in again using your credentials and you should be granted to an Xfce session.

Web browser

Most common Web browsers are available for OpenBSD. You can install ungoogled-chromium, Firefox or Firefox ESR. There are also a bunch of light alternative like qutebrowser, Epiphany, Tor Browser, Konqueror and many more.

My broadly available Web browser of choice is Firefox.

$ pkg_info -Q firefox
$ doas pkg_add firefox
$ more /usr/local/share/doc/pkg-readmes/firefox

Firefox benefits from security settings that prevents it to access every directories on the OS. I want Firefox to access my localized “Downloads” directory. So I add it to the relevant configuration file.

$ doas vi /etc/firefox/unveil.main
(...)
~/Downloads rwc
~/Téléchargements rwc

There are also environment variables that can be setup to enable accelerated rendering.

$ vi ~/.xsession
(...)
export MOZ_ACCELERATED=1 MOZ_WEBRENDER=1

You can now start Firefox from the application menu. Follow the welcome wizard and configure it as you need. For example, add the uBlock Origin extension.

Mail reader

Evolution and KMail are available in the ports. I personnaly use both Thundebird and neomutt. Let’s concentrate on TB here. From a Terminal, seek and install the package.

$ pkg_info -Q thunderbird
$ doas pkg_add thunderbird
$ more /usr/local/share/doc/pkg-readmes/thunderbird

You can now start and configure Thunderbird. Then manage your emails.

Add the TBSync and DAV-4-TbSync plugins if you want to deal with CardDAV addressbook and CalDAV calendars.

OpenBSD.app - search packages

The default pkg_info tool is useful when looking for available packages. But there is also a Web search tool named OpenBSD.app. It can be used from your Web browser and may be easier for you.

You can access it from here .

Additional software

Here’s a list of classical software you can get on OpenBSD for generic purposes:

• LibreOffice, a productivity suite.
• Atril, PDFarranger and Xournal++, for managing PDF files.
• VLC, the VideoLAN Client.
• Rhythmbox, to manage your music library.
• digiKam or Shotwell, to manage your photo library.
• The Gimp and Inkscape, for image creation and manipulation.
• KDEnlive, the video editor.

Those can be installed using pkg_add.

$ doas pkg_add libreoffice-i18n-fr
$ doas pkg_add atril pdfarranger xournalpp
$ doas pkg_add vlc
$ doas pkg_add rhythmbox
$ doas pkg_add digikam
$ doas pkg_add gimp--%stable inkscape
$ doas pkg_add kdenlive

It is always nice to backup your data. I backup my laptop with the same tool I backup my servers: rsnapshot. But this is a console tool and may not be very easy to use straightaway. Deja Dup and KBackup look like nice GUI alternatives.

$ doas pkg_add deja-dup

I have AZERTY laptops but mostly use an external QWERTY USB keyboard. So I like to be able to switch keyboard layout and keep a look on the current activated one. Once the Xfce plugin is installed, add it to an Xfce panel.

$ doas pkg_add xfce4-xkb

To deal with eyes fatigue, I run Redshift. This utility changes the color temperature of the screen according to the time of day.

$ doas pkg_add redshift

My password manager of choice is KeePassXC. I also add the Firefox extension for smoother browsing experience. You may also like Seahorse.

$ pkg_info -Q keepass
$ doas pkg_add keepassxc-browser

$ more /usr/local/share/doc/pkg-readmes/keepassxc
$ doas vi /etc/firefox/unveil.main

If you need a calculator, you already have xcalc ; but it may look a bit too oldschool. You can still install the GNOME or the MATE calculator.

$ doas pkg_add mate-calc
$ doas pkg_add gnome-calculator

If you need a tool to select characters, you can install the GNOME Character Map.

$ doas pkg_add gucharmap

Desktop customization

Some say Xfce looks old. You can install themes to have it look a little different. OpenBSD ports comes with a couple of icon sets and themes.

$ doas pkg_add arc-theme-solid papirus-icon-theme xcursor-dmz

Then, using the Settings application, modify Xfce’s appearance.

Et voilà. You can now use your laptop and still start to learn more about OpenBSD.