About me

seninha.org
Last edited: 2021-07-20

My desktop

I use a blank desktop with no bars, docks or panels. My X11 session is set up by commands run from the ~/.xsession script. This script is a literal Rube Goldberg machine, full of pipes and background jobs. Several functions are defined in this file. There are three ways to interact with the desktop: with a desktop radial menu (also known as pie menu) via pmenu(1), by entering commands via xprompt(1), or by keybindings via sxhkd(1). All of them output a command to a interpreter function called xinterp. Responses are output to a notification window managed by xnotify(1). Each piece communicates with another by means of two named pipes, $xnotifyfifo and $xinterpfifo.

Playing with shod and pmenu.

Window Manager. I use the shod window manager. It is an hybrid (tiling and floating) tabbed window manager that is controlled solely by responding to client messages with EWMH hints and ICCCM events and by using a given key modifier with the mouse pointer. Windows begin floating on the desktop and are spawned in a proper empty place. When a window is maximized, it is tiled. Tiled windows are organized in columns; each tiled window ocupies a row in a column. This columnated behavior imitates the way acme(1) and wmii(1) handle their columns and frames.

Home directory. The contents of my $HOME directory are listed below.

Profile. Environment variables are set and exported in the ~/.profile file. I prefer to use environment variables than configuration files to configure my programs. At the end of ~/.profile, I set the file mode creation mask.

Terminal Session. My terminal session is set up by commands run from the ~/.session script. I use ksh(1) with emacs-like keybindings (for ^U and ^K, etc). I also enable brace expansion. I use few aliases; there are aliases to file management commands, file listing, commands with human-readable output, etc.

A terminal session.
A terminal session.

My laptop

I use a secondhand Thinkpad T430 model 23501M2.

What I expected. The following is the stock specification of this model, which comes without the iconic biometric fingerprint reader.

i5-3320M(2.6GHz), 8GB RAM, 320GB 7200rpm HD, 14in 1600x900 LCD,
Intel HD Graphics, DVD Recordable, Intel 802.11agn wireless,
WWAN upgradable, Bluetooth, 1Gb Ethernet, UltraNav, Secure Chip,
Camera, 9c Li-Ion, Win7 Pro 64

What I bought. However, being secondhand, the computer I bought was different from the stock. It came with a 465GB 7200rpm HD and a nonfunctional Bluetooth.

Modifications. After receiving it, I made some modifications on the computer.

My Thinkpad.
My Thinkpad.

Future modifications. There are other modifications I want to do on it. For information on T430 modding, see https://medium.com/@n4ru/3dff3f6a8e2e. I want to do the following.

My system

I use OpenBSD -stable. See https://www.openbsd.org/faq for more information on the operating system and how to install it.

User. After installation, I run userinfo(8) to make sure my user is in the wheel user group and in the staff login class. If it is not, I set it up with usermod(8).

Doas. Then, I create /etc/doas.conf to give administrator priviledges to the wheel group. The example file at /etc/examples/doas.conf is reasonable, and could be used. However, I like to not being asked for a password again for some time after successfully authenticating. I also do not want the $DISPLAY environment variable to be retained.

# echo "permit persist keepenv setenv { -DISPLAY } :wheel" >/etc/doas.conf

System resources limits. The default system resources limits to the staff login class defined at /etc/login.conf are reasonable. But the datasize-cur option can be increased a little bit, if necessary.

# vi /etc/login.conf

Power management. I enable apmd(8) for power management in my laptop. I use the -L flag instead of the -A flag because it showed to heat less the computer. I use the -z 10 flag to suspend the system when the battery gets to 10% and no AC is connected. I use the -t 60 for apmd(8) to poll the power state once per 60 seconds and log it via syslog(3).

# rcctl enable apmd
# rcctl set apmd flags -L -z 15 -t 60
# rcctl start apmd

X Display Manager. If xenodm(1) wasn't enabled during installation, it can be done so later like any other system daemon. I also edit xenodm's rc file /etc/X11/xenodm/Xsetup_0 to comment the line calling xconsole(1), disabling the xconsole window on the login screen. I also add the line xset b off to disable the system beep.

# rcctl enable xenodm
# rcctl start xenodm
# cat <<EOF | ed -s /etc/X11/xenodm/Xsetup_0
,s/^xconsole/#&/
\$a
xset b off
.
w
EOF

Enable mic and camera. I did not use mic until covid happened. Then I had to do audio calls every week. I do not use camera, however. But if necessary, recording can be enabled by writing to /etc/sysctl.conf.

# echo kern.audio.record=1 >> /etc/sysctl.conf
# echo kern.video.record=1 >> /etc/sysctl.conf

Configure network. Read faq6.

wscons keymap. I edit /etc/wsconsctl.conf to set the brasilian layout, remap some keys, and disable the beep. The changes affect only the console, it does not affect X sessions. I map the key above Tab and at left of 1 to Esc and CapsLock to Control.

$ cat /etc/wsconsctl.conf
keyboard.encoding=br
keyboard.bell.volume=0
keyboard.map+="keycode 2=1 exclam apostrophe"
keyboard.map+="keycode 3=2 quotedbl at"
keyboard.map+="keycode 41=Escape"
keyboard.map+="keycode 16=q Q bar"
keyboard.map+="keycode 17=w W question"
keyboard.map+="keycode 56=Cmd Alt_L"
keyboard.map+="keycode 58=Control_L"
keyboard.map+="keycode 29=Multi_key"

Install firmware packages and update the base system. Finally, I run fw_update(1) to install and update needed non-free firmware packages, and syspatch(8) to update the base system.

# fw_update
# syspatch

Install programs. I use some programs available on the OpenBSD package repository. The following command install them.

# pkg_add calc colortree feh fmpegthumbnailer firefox-esr fzf \
          heirloom-doctools maim moreutils mpc mpd mpv mutt \
          newsboat pstree rlwrap sxhkd sxiv unclutter unrar \
          unzip vim wmctrl xdotool xfe xlennart xsel \
          zathura zathura-djvu zathura-pdf-poppler zathura-ps

My server

I use a VPS at Vultr.com to host this website and other services.

Install patches and vim. The first thing I do after creating the virtual server is to log in as root via ssh and run syspatch(8) and install vim(1). Vim is the only program not in base that I run in this machine, only for convenience.

Create users. There are two users on my vps: admin and webdev (those are not their names, they're too obvious, I actually use other names, but let's call them thus). I create them with adduser(8) then call usermod(8) to put admin in the wheel secondary groups. admin is on the wheel group and has doas powers; webdev owns the root directory of the website and maintains the site.

Copy the public key to the server. I use scp(1) to copy my ssh public key from my laptop to the ~/ssh/authorized_keys file of each user on the remote machine.

Copy configuration files. The only two configuration files I copy from my local machine to the remote machine are vimrc and kshrc. I move them to the home directory of each user on the remote machine. I also create a ~/.profile file to set the $ENV variable necessary to read kshrc.

Edit doas. conf.To give administrative powers to the wheel group (and, consequently, to the admin user), I edit the /etc/doas.conf file on the remote machine.

seninha.org# cat /etc/doas.conf
permit persist keepenv :wheel

Change the ssh port. For security reasons, I change the ssh port of the server from 22 to a random number. I use rcctl(8) to do that and restart sshd(8).

seninha.org# rcctl set sshd flags -p $RAND_PORT
seninha.org# rcctl restart sshd

Protect ssh. For security reasons, I disable root login via ssh, password authentication and challenge-response. I edit the /etc/ssh/sshd_config file, uncomment and change the necessary lines. Then, I restart sshd(8).

seninha.org# cat /etc/ssh/sshd_config
[...]
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
[...]

Known hosts. To avoid having to type the port, user and hostname on my local machine every time I call ssh(1), I edit the ~/.ssh/config file in the home directory of my local user on my local machine (called thinkobsd (my thinkpad with openbsd)) to set two configurations, one for the admin user, and the other for the webdev user. Now, I only need to invoke ssh webdev to log in as webdev on the server.

thinkobsd$ cat ~/.ssh/config
Host webdev
HostName seninha.org
User webdev
Port $RAND_PORT

Host admin
HostName seninha.org
User admin
Port $RANDPORT

Configure httpd. TODO.

Configure acme. TODO.