summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doas.conf2
-rw-r--r--login_conf_x220_jun22117
-rw-r--r--pf.conf-x123
-rw-r--r--rc.conf.local5
-rw-r--r--sysctl_x220_jun2222
-rw-r--r--xsession_x2209
6 files changed, 178 insertions, 0 deletions
diff --git a/doas.conf b/doas.conf
new file mode 100644
index 0000000..caa5c7d
--- /dev/null
+++ b/doas.conf
@@ -0,0 +1,2 @@
+permit keepenv persist lemon as root
+permit persist keepenv :wheel
diff --git a/login_conf_x220_jun22 b/login_conf_x220_jun22
new file mode 100644
index 0000000..7244340
--- /dev/null
+++ b/login_conf_x220_jun22
@@ -0,0 +1,117 @@
+# $OpenBSD: login.conf,v 1.19 2021/04/25 16:36:56 mortimer Exp $
+
+#
+# Sample login.conf file. See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# passwd Use only the local password file
+# chpass Do not authenticate, but change user's password (change
+# the YP password if the user has one, else change the
+# local password)
+# lchpass Do not login; change user's local password instead
+# radius Use radius authentication
+# reject Use rejected authentication
+# skey Use S/Key authentication
+# activ ActivCard X9.9 token authentication
+# crypto CRYPTOCard X9.9 token authentication
+# snk Digital Pathways SecureNet Key authentication
+# tis TIS Firewall Toolkit authentication
+# token Generic X9.9 token authentication
+# yubikey YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+# :tc=auth-defaults:\
+# to read something like: (enables passwd, "myauth", and activ)
+# :auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+ :umask=022:\
+ :datasize-max=1024M:\
+ :datasize-cur=1024M:\
+ :maxproc-max=256:\
+ :maxproc-cur=128:\
+ :openfiles-max=10240:\
+ :openfiles-cur=10240:\
+ :stacksize-cur=4M:\
+ :localcipher=blowfish,a:\
+ :tc=auth-defaults:\
+ :tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure to reset these values to system defaults in the default class!
+#
+daemon:\
+ :ignorenologin:\
+ :datasize=infinity:\
+ :maxproc=infinity:\
+ :openfiles-max=1024:\
+ :openfiles-cur=128:\
+ :stacksize-cur=8M:\
+ :tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+ :datasize-cur=1536M:\
+ :datasize-max=infinity:\
+ :maxproc-max=1024:\
+ :maxproc-cur=512:\
+ :openfiles-max=8192:\
+ :openfiles-cur=4096:\
+ :stacksize-cur=32M:\
+ :ignorenologin:\
+ :requirehome@:\
+ :tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+ :welcome=/etc/motd.authpf:\
+ :shell=/usr/sbin/authpf:\
+ :tc=default:
+
+#
+# Building ports with DPB uses raised limits
+#
+pbuild:\
+ :datasize-max=infinity:\
+ :datasize-cur=8192M:\
+ :maxproc-max=1024:\
+ :maxproc-cur=384:\
+ :stacksize-cur=8M:\
+ :priority=5:\
+ :tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+ :openfiles=512:\
+ :tc=daemon:
+
+unbound:\
+ :openfiles=512:\
+ :tc=daemon:
+
+xenodm:\
+ :openfiles=512:\
+ :tc=daemon:
diff --git a/pf.conf-x1 b/pf.conf-x1
new file mode 100644
index 0000000..5d09a9f
--- /dev/null
+++ b/pf.conf-x1
@@ -0,0 +1,23 @@
+# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
+#
+# See pf.conf(5) and /etc/examples/pf.conf
+
+set skip on lo
+
+block return # block stateless traffic
+pass # establish keep-state
+
+# By default, do not permit remote connections to X11
+block return in on ! lo0 proto tcp to port 6000:6010
+
+# Port build user does not need network
+block return out log proto {tcp udp} user _pbuild
+
+# for virtual machines (faq16) and https://github.com/vext01/recipes/blob/master/recipes/debian9_inside_vmm.md
+#vm_dns=8.8.8.8
+vm_dns=192.168.1.69
+vm_ext=iwm0
+
+match out on $vm_ext from 100.64.0.0/10 to any nat-to ($vm_ext)
+pass in log (all, to pflog1) proto { udp tcp } from 100.64.0.0/10 to any port domain \
+ rdr-to $vm_dns port domain
diff --git a/rc.conf.local b/rc.conf.local
new file mode 100644
index 0000000..d7f27b5
--- /dev/null
+++ b/rc.conf.local
@@ -0,0 +1,5 @@
+apmd_flags="-A -Z 20"
+sndiod_flags=-f rsnd/0 -F rsnd/1
+sshd_flags=NO
+vmd_flags=
+xenodm_flags=
diff --git a/sysctl_x220_jun22 b/sysctl_x220_jun22
new file mode 100644
index 0000000..0d2517f
--- /dev/null
+++ b/sysctl_x220_jun22
@@ -0,0 +1,22 @@
+
+# from https://www.c0ffee.net/blog/openbsd-on-a-laptop/
+# shared memory limits (chrome needs a ton)
+kern.shminfo.shmall=3145728
+kern.shminfo.shmmax=2147483647
+kern.shminfo.shmmni=1024
+
+# semaphores
+kern.shminfo.shmseg=1024
+kern.seminfo.semmns=4096
+kern.seminfo.semmni=1024
+
+kern.maxproc=32768
+kern.maxfiles=65535
+kern.bufcachepercent=90
+kern.maxvnodes=262144
+kern.somaxconn=2048
+
+kern.audio.record=1
+kern.video.record=1
+
+net.inet.ip.forwarding=1
diff --git a/xsession_x220 b/xsession_x220
new file mode 100644
index 0000000..13c2987
--- /dev/null
+++ b/xsession_x220
@@ -0,0 +1,9 @@
+export LANG=en_GB.UTF-8
+export ENV=$HOME/.kshrc
+xrdb -merge $HOME/.Xresources
+xsetroot -solid cadetblue
+xidle &
+xset b off
+slstatus &
+syncthing 2>&1 > /dev/null &
+dwm
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 21:21:45 +0000