OpenBSD на рабочей станции: различия между версиями
Ssh (обсуждение | вклад) |
Ssh (обсуждение | вклад) м |
||
Строка 152: | Строка 152: | ||
mount -o nodev,nosuid,softdep 779d87bac3905122.a /home</pre> | mount -o nodev,nosuid,softdep 779d87bac3905122.a /home</pre> | ||
− | If you would like to enable crypto on the entire boot volume see this post by Ted Unangst. | + | If you would like to enable crypto on the entire boot volume see [http://www.tedunangst.com/flak/post/OpenBSD-softraid-crypto-boot this post] by Ted Unangst. |
Версия 07:32, 5 августа 2014
Вольный перевод статьи Eric Radman An OpenBSD Workstation.
Power Button Shutdown
This nifty option in /etc/sysctl.conf can only be set before entering securelevel 1, and allows you to shut off your computer gracefully by pressing the power button.
hw.allowpowerdown=1
No More Annoying Beep
One of the many useful and unexpected things you'll learn in Absolute OpenBSD 2nd Edition is how to disable the annoying UNIX bell in /etc/wsconsctl.conf
keyboard.bell.volume=0
As of the 5.4 release wsconsctl no longer seems to work. You an also disable the bell using
# .xinitrc xset -b
or
# rc.conf.local mixerctl inputs.spkr.mute=on
User-Mounted Media
It's nice to be able to mount DVDs or flash media without switching to root, which is what the operator group is for.
# usermod -G operator eradman # chmod g=rw /dev/cd0*
Then flip a kernel option and you're all set.
# sysctl kern.usermount=1
$ mkdir -p mount/cdrom $ mount /dev/cd0c mount/cdrom
Suspend & Resume
OpenBSD has very good ACPI support, see apmd(8). zzz and ZZZ are shortcuts for suspend and hibernate if apmd is run at startup.
apmd_flags=""
X Configuration: .xinitrc
# .xinitrc redshift -O 5600 while true; do batt="$(sysctl -n hw.sensors.acpibat0.watthour3 | cut -f1,2 -d" ")" xsetroot -name "$batt" sleep 60 done & xsetroot -solid steelblue & exec dwm
redshift is a utility that makes designed to adjust the color temperature of your screen based on your surroundings, but it works equally as well for a manual color temperature adjustment. My IBM T60p appears cold, so I adjust the default of 6500K to 5600K.
Next I run a loop in the background that read the available battery life (Wh) and updates the window manager's display area.
Finally set the background color and start your favorite window manager.
Switch to an External Monitor
My screen at work is a bit larger then my laptop display (1400x1050 - 1650x1050), but I use a little docking script to switch to the external display.
#!/bin/sh xrandr --output LVDS --off xrandr --output VGA-0 --off xrandr --output DVI-0 --auto redshift -O 6200
Connecting to a Projector
If you started X with the VGA connected, it probably picked a resolution common to both your screen and the external display. On my T60 it can be reset like so
xrandr --output LVDS --mode 1400x1050
Use --query to find out what modes each display supports, then I set up a viewport that pans with the mouse pointer
xrandr --output VGA-0 --mode 1024x768 --panning 1400x1050
I also add some additional logic in my .xinitrc to switch to the external display automatically if X is started while connected to an external monitor:
xrandr --query | grep "DVI-0 connected" && ~/bin/docked-dvi xrandr --query | grep "VGA-0 connected" && ~/bin/docked-vga
tmux
There's only a few tweaks I make to my terminal multiplexor's configuration. I frequently run entr in a smaller pane on the bottom
bind-key C-t split-window -p 25
I don't know of a terminal color picker, but they can be printed with a shell loop.
#!/bin/ksh for i in `jot 255`; do printf "\033[38;5;${i}mcolour${i}\n" done
Then I set status background and active border to bright green
set -g status-bg colour118 set -g pane-active-border-fg colour118 set -g pane-border-fg colour30
Using Disk Encryption
OpenBSD provides software RAID by way of a virual host bust adaptor called softraid0. This HBA is also used for setting up disk encryption. To set use a disklabel (in my case for sd0g /home set the partition type to RAID
$ sudo disklabel -E /dev/sd0c Label editor (enter '?' for help at any prompt) g: 55641600 100653824 RAID > m g offset: [100653824] size: [55641600] FS type: [4.2BSD] RAID
Now configure it for crypto using -c C
# bioctl -c C -l /dev/sd0g softraid0 New passphrase: My Crypto Pass Phrase Re-type passphrase: My Crypto Pass Phrase softraid0: CRYPTO volume attached as sd1
Mount it using the same command. The kernel log will show a new virtual device appear
sd1 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed sd1: 27168MB, 512 bytes/sector, 55641072 sectors
Now add a disklabel and format the encrypted volume
$ sudo disklabel -E /dev/wd0c $ sudo newfs /dev/rwd0a
Devices in OpenBSD may be mounted by device name or by disklabel UID which is a random id generated when the label is created.
$ disklabel /dev/sd1c | grep uid duid: 779d87bac3905122
It's this ID that we'll to mount the volume, in this way plugging in other drives won't confuse mount after we prompt the user for a password on boot. Adding the following to rc.local will ask for a password four times before giving up
#/etc/rc.local for attept in 1 2 3 4; do bioctl -c C -l c3e2f405c96a8e10.g softraid0 && break sleep 1 done fsck /dev/rsd1a mount -o nodev,nosuid,softdep 779d87bac3905122.a /home
If you would like to enable crypto on the entire boot volume see this post by Ted Unangst.