diff options
| -rw-r--r-- | etc/doas.conf | 10 | ||||
| -rw-r--r-- | etc/fstab | 12 | ||||
| -rw-r--r-- | etc/hostname.bridge0 | 1 | ||||
| -rw-r--r-- | etc/hostname.vether0 | 1 | ||||
| -rw-r--r-- | etc/login.conf | 118 | ||||
| -rw-r--r-- | etc/man.conf | 6 | ||||
| -rw-r--r-- | etc/myname | 1 | ||||
| -rw-r--r-- | etc/ntpd.conf | 11 | ||||
| -rw-r--r-- | etc/pf.conf | 21 | ||||
| -rw-r--r-- | etc/rc.conf.local | 5 | ||||
| -rw-r--r-- | etc/resolv.conf | 1 | ||||
| -rw-r--r-- | etc/sysctl.conf | 22 | ||||
| -rw-r--r-- | etc/vm.conf | 27 | ||||
| -rw-r--r-- | ledgerrc | 1 | ||||
| -rw-r--r-- | taskrc | 1 |
15 files changed, 237 insertions, 1 deletions
diff --git a/etc/doas.conf b/etc/doas.conf new file mode 100644 index 0000000..a66f5fb --- /dev/null +++ b/etc/doas.conf @@ -0,0 +1,10 @@ +permit keepenv persist lemon as root +permit persist keepenv :wheel + +permit nopass lemon as root cmd mount +permit nopass lemon as root cmd umount +permit nopass lemon as root cmd ntfs-3g + +permit keepenv nopass lemon as _pbuild +permit keepenv nopass lemon as _pfetch +permit keepenv nopass lemon as root diff --git a/etc/fstab b/etc/fstab new file mode 100644 index 0000000..c21cccc --- /dev/null +++ b/etc/fstab @@ -0,0 +1,12 @@ +ef17731f96a725ba.b none swap sw +ef17731f96a725ba.a / ffs rw,softdep,noatime 1 1 +ef17731f96a725ba.k /home ffs rw,softdep,noatime,nodev,nosuid 1 2 +ef17731f96a725ba.d /tmp ffs rw,softdep,noatime,nodev,nosuid 1 2 +ef17731f96a725ba.f /usr ffs rw,softdep,noatime,nodev 1 2 +ef17731f96a725ba.g /usr/X11R6 ffs rw,softdep,noatime,nodev 1 2 +ef17731f96a725ba.h /usr/local ffs rw,softdep,noatime,wxallowed,nodev 1 2 +ef17731f96a725ba.j /usr/obj ffs rw,softdep,noatime,nodev,nosuid 1 2 +ef17731f96a725ba.i /usr/src ffs rw,softdep,noatime,nodev,nosuid 1 2 +ef17731f96a725ba.e /var ffs rw,softdep,noatime,nodev,nosuid 1 2 +swap /home/lemon/.cache mfs rw,nodev,nosuid,-s=800m 0 0 +swap /tmp mfs rw,nodev,nosuid,-s=800m 0 0 diff --git a/etc/hostname.bridge0 b/etc/hostname.bridge0 new file mode 100644 index 0000000..5a5a03b --- /dev/null +++ b/etc/hostname.bridge0 @@ -0,0 +1 @@ +add vether0 diff --git a/etc/hostname.vether0 b/etc/hostname.vether0 new file mode 100644 index 0000000..37ff656 --- /dev/null +++ b/etc/hostname.vether0 @@ -0,0 +1 @@ +inet 10.0.0.1 255.255.255.0 diff --git a/etc/login.conf b/etc/login.conf new file mode 100644 index 0000000..4de5910 --- /dev/null +++ b/etc/login.conf @@ -0,0 +1,118 @@ +# $OpenBSD: login.conf,v 1.19 2021/04/25 16:36:56 mortimer Exp $ + +# +# Sample login.conf file. See login.conf(5) for details. +# + +# +# Standard authentication styles: +# +# passwd Use only the local password file +# chpass Do not authenticate, but change user's password (change +# the YP password if the user has one, else change the +# local password) +# lchpass Do not login; change user's local password instead +# radius Use radius authentication +# reject Use rejected authentication +# skey Use S/Key authentication +# activ ActivCard X9.9 token authentication +# crypto CRYPTOCard X9.9 token authentication +# snk Digital Pathways SecureNet Key authentication +# tis TIS Firewall Toolkit authentication +# token Generic X9.9 token authentication +# yubikey YubiKey authentication +# + +# Default allowed authentication styles +auth-defaults:auth=passwd,skey: + +# Default allowed authentication styles for authentication type ftp +auth-ftp-defaults:auth-ftp=passwd: + +# +# The default values +# To alter the default authentication types change the line: +# :tc=auth-defaults:\ +# to read something like: (enables passwd, "myauth", and activ) +# :auth=passwd,myauth,activ:\ +# Any value changed in the daemon class should be reset in default +# class. +# +default:\ + :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ + :umask=022:\ + :datasize-max=1024M:\ + :datasize-cur=1024M:\ + :maxproc-max=256:\ + :maxproc-cur=128:\ + :openfiles-max=10240:\ + :openfiles-cur=10240:\ + :stacksize-cur=4M:\ + :localcipher=blowfish,a:\ + :tc=auth-defaults:\ + :tc=auth-ftp-defaults: + +# +# Settings used by /etc/rc and root +# This must be set properly for daemons started as root by inetd as well. +# Be sure to reset these values to system defaults in the default class! +# +daemon:\ + :ignorenologin:\ + :datasize=infinity:\ + :maxproc=infinity:\ + :openfiles-max=1024:\ + :openfiles-cur=128:\ + :stacksize-cur=8M:\ + :tc=default: + +# +# Staff have fewer restrictions and can login even when nologins are set. +# +staff:\ + :datasize-cur=infinity:\ + :datasize-max=infinity:\ + :datasize=infinity:\ + :maxproc-max=1024:\ + :maxproc-cur=512:\ + :openfiles-max=8192:\ + :openfiles-cur=4096:\ + :stacksize-cur=32M:\ + :ignorenologin:\ + :requirehome@:\ + :tc=default: + +# +# Authpf accounts get a special motd and shell +# +authpf:\ + :welcome=/etc/motd.authpf:\ + :shell=/usr/sbin/authpf:\ + :tc=default: + +# +# Building ports with DPB uses raised limits +# +pbuild:\ + :datasize-max=infinity:\ + :datasize-cur=8192M:\ + :maxproc-max=1024:\ + :maxproc-cur=384:\ + :stacksize-cur=8M:\ + :priority=5:\ + :tc=default: + +# +# Override resource limits for certain daemons started by rc.d(8) +# +bgpd:\ + :openfiles=512:\ + :tc=daemon: + +unbound:\ + :openfiles=512:\ + :tc=daemon: + +xenodm:\ + :openfiles=512:\ + :tc=daemon: diff --git a/etc/man.conf b/etc/man.conf new file mode 100644 index 0000000..8571723 --- /dev/null +++ b/etc/man.conf @@ -0,0 +1,6 @@ +manpath /usr/share/man +manpath /usr/X11R6/man +manpath /usr/local/man +manpath /usr/local/jdk-11/man/ +manpath /usr/local/share/fish/man +manpath /home/lemon/local/share/man diff --git a/etc/myname b/etc/myname new file mode 100644 index 0000000..fc6466a --- /dev/null +++ b/etc/myname @@ -0,0 +1 @@ +banality.x220 diff --git a/etc/ntpd.conf b/etc/ntpd.conf new file mode 100644 index 0000000..a4a3b05 --- /dev/null +++ b/etc/ntpd.conf @@ -0,0 +1,11 @@ +# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $ +# +# See ntpd.conf(5) and /etc/examples/ntpd.conf + +servers pool.ntp.org +server time.cloudflare.com +sensor * + +constraint from "9.9.9.9" # quad9 v4 without DNS +constraint from "2620:fe::fe" # quad9 v6 without DNS +constraints from "www.google.com" # intentionally not 8.8.8.8 diff --git a/etc/pf.conf b/etc/pf.conf new file mode 100644 index 0000000..01bcfbe --- /dev/null +++ b/etc/pf.conf @@ -0,0 +1,21 @@ +# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ +# +# See pf.conf(5) and /etc/examples/pf.conf + +set skip on lo + +block return # block stateless traffic +pass # establish keep-state + +# By default, do not permit remote connections to X11 +block return in on ! lo0 proto tcp to port 6000:6010 + +# Port build user does not need network +block return out log proto {tcp udp} user _pbuild + +dns_server=192.168.1.69 +match out on egress from vether0:network to any nat-to (egress) +pass in proto { udp tcp } from vether0:network to any port domain \ + rdr-to $dns_server port domain + + diff --git a/etc/rc.conf.local b/etc/rc.conf.local new file mode 100644 index 0000000..d7f27b5 --- /dev/null +++ b/etc/rc.conf.local @@ -0,0 +1,5 @@ +apmd_flags="-A -Z 20" +sndiod_flags=-f rsnd/0 -F rsnd/1 +sshd_flags=NO +vmd_flags= +xenodm_flags= diff --git a/etc/resolv.conf b/etc/resolv.conf new file mode 100644 index 0000000..aa3971c --- /dev/null +++ b/etc/resolv.conf @@ -0,0 +1 @@ +nameserver 192.168.1.69 # resolvd: iwn0 diff --git a/etc/sysctl.conf b/etc/sysctl.conf new file mode 100644 index 0000000..0d2517f --- /dev/null +++ b/etc/sysctl.conf @@ -0,0 +1,22 @@ + +# from https://www.c0ffee.net/blog/openbsd-on-a-laptop/ +# shared memory limits (chrome needs a ton) +kern.shminfo.shmall=3145728 +kern.shminfo.shmmax=2147483647 +kern.shminfo.shmmni=1024 + +# semaphores +kern.shminfo.shmseg=1024 +kern.seminfo.semmns=4096 +kern.seminfo.semmni=1024 + +kern.maxproc=32768 +kern.maxfiles=65535 +kern.bufcachepercent=90 +kern.maxvnodes=262144 +kern.somaxconn=2048 + +kern.audio.record=1 +kern.video.record=1 + +net.inet.ip.forwarding=1 diff --git a/etc/vm.conf b/etc/vm.conf new file mode 100644 index 0000000..355c986 --- /dev/null +++ b/etc/vm.conf @@ -0,0 +1,27 @@ +ROOT="/home/lemon/vms" +vm "shanvo2" { + disable + memory 2G + disk $ROOT/shanvo2.qcow2 + interface { lladdr "aa:bb:cc:dd:ee:ff" switch "uplink" } + owner lemon +} +vm "shanvo" { + disable + memory 2G + disk $ROOT/shanvo.qcow2 + interface { lladdr "aa:bb:cc:dd:ee:ee" switch "uplink" } + owner lemon +} +vm "deb" { + disable + memory 3G + disk $ROOT/disk.qcow2 + local interface + owner lemon +} + +switch "uplink" { + interface bridge0 +} + @@ -1,3 +1,4 @@ --strict --file ~/Documents/Budget/ledger/2022/ledger_budget/budget.ldg --start-of-week=1 +--pretty @@ -311,4 +311,3 @@ report.ml_deleted_last_month.filter=end.after:today-30day status:deleted regex=on news.version=2.6.0 -context=home |