-
Install FreeBSD with encryption (out-of-the-box) like https://vermaden.wordpress.com/2018/11/20/freebsd-desktop-part-2-1-install-freebsd-12/ , including encrypting the root zpool and swap.
-
After reboot, update the base system
freebsd-update fetch
freebsd-update install
reboot
- Install packages
pkg update
pkg install chromium firefox keepassxc nextcloudclient xorg drm-kmod xf86-video-intel gnome3-lite cups powerdxx gdm webcamd sudo terminator
# Installation did this
aesni_load="YES"
geom_eli_load="YES"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
opensolaris_load="YES"
zfs_load="YES"
# Quick boot
boot_mute="YES"
autoboot_delay="-1"
beastie_disable="YES"
# https://driftshell.com/freebsd_setup.html
hw.pci.do_power_nodriver="3"
hint.p4tcc.0.disabled="1"
hint.acpi_throttle.0.disabled="1"
hint.ahcich.0.pm_level="5"
hint.ahcich.1.pm_level="5"
hint.ahcich.2.pm_level="5"
hint.ahcich.3.pm_level="5"
hint.ahcich.4.pm_level="5"
hint.ahcich.5.pm_level="5"
# Boot-time kernel tuning
kern.ipc.shmseg=1024
kern.ipc.shmmni=1024
kern.maxproc=100000
# Filesystems in Userspace
fuse_load="YES"
# In-memory filesystems
tmpfs_load="YES"
# Asynchronous I/O
aio_load="YES"
# Handle Unicode on removable media
libiconv_load="YES"
libmchain_load="YES"
cd9660_iconv_load="YES"
msdosfs_iconv_load="YES"
# Intel i915 tunables (many of those are often default in Linux distros)
#enable power savings
drm.i915.powersave=1
#enable render C-state 6.
drm.i915.enable_rc6="7"
#enable Intel IOMMU,
drm.i915.intel_iommu_enabled="1"
#enable LVDS downlock,
drm.i915.lvds_downclock=1
#use semaphores for inter-ring sync
drm.i915.semaphores="1"
#enable framebuffer compression
drmi915_enable_fbc=1
# Sound
snd_hda_load="YES"
#higher sound card buffering latency
hw.snd.latency=7
#enable LCD screen brightness control (see below)
acpi_video_load="YES"
#enable Thinkpad ACPI driver (see below); will likely allow suspending/resuming easily, see # acpi_ibm(4) man page
acpi_ibm_load="YES"
#limit ZFS ARC (4G instead of default half=8Gb out of 16)
vfs.zfs.arc_max="4G"
#enable CPU freq monitoring
cpufreq_load="YES"
#enable temperature monitoring
coretemp_load="YES"
# SD Card reader
mmc_load="YES"
mmcsd_load="YES"
sdhci_load="YES"
# For webcam
cuse_load="YES"
# Installer did this
hostname="xwing.minwi.lan"
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"
create_args_wlan0="country ES"
sshd_enable="YES"
moused_enable="YES"
ntpdate_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
# Disable some messages at boot
rc_startmsgs=NO
# Disable sendmail
sendmail_enable="NONE"
# load the drm-next-kmod video driver
kld_list="/boot/modules/i915kms.ko"
# Add hald and dbus because Xorg needs them
hald_enable="YES"
dbus_enable="YES"
# Gnome 3 things
gnome3_enable="YES"
# GDM
gdm_enable="YES"
# Performance tunning
powerdxx_enable="YES"
powerdxx_flags="-a hiadaptive -b adaptive -i 75 -r 85 -p 500"
performance_cx_lower="Cmax"
economy_cx_lowest="Cmax"
# enable printing
cupsd_enable="YES"
# enable use of the webcam
webcamd_enable="YES"
# Don't pause during boot for DHCP
background_dhclient="YES"
# Installer did this
vfs.zfs.min_auto_ashift=12
# Stop scattered core files
kern.corefile=/tmp/%N.core
# Fix resume from suspend
hw.usb.no_suspend_wait=1
hw.pci.do_power_suspend=0
hw.pci.do_power_resume=1
hw.pci.do_power_nodriver=3
# Suspend when lid closed
hw.acpi.lid_switch_state=S3
# https://driftshell.com/freebsd_setup.html
hw.acpi.video.lcd0.brightness=85
hw.acpi.video.lcd0.economy=60
hw.acpi.video.lcd0.fullpower=95
dev.acpi_ibm.0.thinklight=0
dev.acpi_ibm.0.bluetooth=0 #disables bluetooth
net.local.stream.recvspace=65536
net.local.stream.sendspace=65536
# Enhance shared memory X11 interface
kern.ipc.shmmax=67108864
kern.ipc.shmall=32768
# Enhance desktop responsiveness under high CPU use (200/224)
kern.sched.preempt_thresh=224
# Bump up maximum number of open files
kern.maxfiles=200000
# increase UFS readahead
vfs.read_max=128
# allow users to mount disks without root permissions
vfs.usermount=1
# disable annoying system beep
hw.syscons.bell=0
kern.vt.enable_bell=0
# needed for chromium to work
kern.ipc.shm_allow_removed=1
# louder speakers
hw.snd.vpc_0db=1
# Special keys
dev.acpi_ibm.0.handlerevents=0x04\ 0x10\ 0x11
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0p3.eli none swap sw 0 0
proc /proc procfs rw 0 0
fdesc /dev/fd fdescfs rw,auto,late 0 0
- Get the latest leapsecond file (it will be fixed when running some cronjobs, but to speed up the process)
service ntpd onefetch
- Add user to video group
pw groupmod video -M login_name
- Brightness keys:
Create the following /etc/devd/keys.conf file:
notify 10 {
match "system" "ACPI";
match "subsystem" "IBM";
action "/usr/local/sbin/acpi_oem_exec.sh $notify ibm";
};
Create a /usr/local/sbin/acpi_oem_exec.sh file with the following content:
#!/bin/sh
if [ "$1" = "" -o "$2" = "" ]
then
echo "usage: $0 notify oem_name"
exit 1
fi
NOTIFY=`echo $1`
LOGGER="logger"
CALC="bc"
BC_PRECOMMANDS="scale=2"
ECHO="echo"
CUT="cut"
MAX_LCD_BRIGHTNESS=7
MAX_VOLUME=14
OEM=$2
DISPLAY_PIPE=/tmp/acpi_${OEM}_display
case ${NOTIFY} in
0x05)
LEVEL=`sysctl -n dev.acpi_${OEM}.0.bluetooth`
if [ "$LEVEL" = "1" ]
then
sysctl dev.acpi_${OEM}.0.bluetooth=0
MESSAGE="bluetooth disabled"
else
sysctl dev.acpi_${OEM}.0.bluetooth=1
MESSAGE="bluetooth enabled"
fi
;;
0x10)
LVL=`sysctl -n hw.acpi.video.lcd0.brightness`
LVL=$(((LVL / 10 + 1) * 10))
sysctl hw.acpi.video.lcd0.brightness=${LVL}
MESSAGE="LEVEL ${LVL}"
;;
0x11)
LVL=`sysctl -n hw.acpi.video.lcd0.brightness`
LVL=$((( (LVL + 1) / 10 - 1) * 10))
[ ${LVL} -lt 10 ] && LVL=5
sysctl hw.acpi.video.lcd0.brightness=${LVL}
MESSAGE="LEVEL ${LVL}"
;;
0x12)
LEVEL=`sysctl -n dev.acpi_${OEM}.0.thinklight`
if [ "$LEVEL" = "1" ]
then
MESSAGE="thinklight enabled"
else
MESSAGE="thinklight disabled"
fi
;;
0x15|0x16)
LEVEL=`sysctl -n dev.acpi_${OEM}.0.volume`
PERCENT=`${ECHO} "${BC_PRECOMMANDS} ; ${LEVEL} / ${MAX_VOLUME} * 100" | ${CALC} | ${CUT} -d . -f 1`
MESSAGE="volume level ${PERCENT}%"
;;
0x17)
LEVEL=`sysctl -n dev.acpi_${OEM}.0.mute`
if [ "$LEVEL" = "1" ]
then
MESSAGE="volume muted"
else
MESSAGE="volume unmuted"
fi
;;
*)
;;
esac
${LOGGER} ${MESSAGE}
if [ -p ${DISPLAY_PIPE} ]
then
${ECHO} ${MESSAGE} >> ${DISPLAY_PIPE} &
fi
exit 0
Set permissions:
chmod a+x /usr/local/sbin/acpi_oem_exec.sh
- Video and touchpad tweaks for xorg:
Create /usr/local/etc/X11/xorg.conf.d/20-intel.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "SNA"
Option "TearFree" "true"
EndSection
/usr/local/etc/X11/xorg.conf.d/10-input.conf
Section "InputClass"
Identifier "libinput keyboard catchall"
MatchIsKeyboard "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "XkbRules" "evdev"
EndSection
Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "NaturalScrolling" "on"
Option "Tapping" "on"
Option "DisableWhileTyping" "on"
Option "AccelSpeed" "0.42"
EndSection
- UTF-8 everywhere
Edit /etc/profile and add this at the end:
LANG=en_US.UTF-8; export LANG
CHARSET=UTF-8; export CHARSET
Edit /etc/login.conf, and at the bottom of the default login class, default:, change the last line to:
:umask=022:\
:charset=UTF-8:\
:lang=en_US.UTF-8:
Rebuild the DB:
cap_mkdb /etc/login.conf
- Set up ports
portsnap fetch
portsnap extract
portsnap fetch update