My Standard, Minimal FreeBSD Desktop Install Script

August 28, 2023 | Reading time: 1 minutes

The following is a “living work in progress” collection of scripts I use to make life with FreeBSD a bit better and potentially more secure. Some of these are taken straight from Bastille’s recommended settings.

If you’re not a developer you might want to change ‘git’ below to ‘git-lite’

# Disable Access Time on ZFS
zfs set atime=off zroot

# Disable Sendmail
sysrc sendmail_enable="NO"
sysrc sendmail_submit_enable="NO"
sysrc sendmail_outbound_enable="NO"
sysrc sendmail_msp_queue_enable="NO"

# Update FreeBSD base
freebsd-update fetch
freebsd-update install

pkg install -y vim git zsh bash neofetch htop doas rsync

# configure doas
echo "permit nopass :wheel" >> /usr/local/etc/doas.conf

# Disable Console Beep (silence is golden)
sysctl hw.syscons.bell=0
sysctl kern.vt.enable_bell=0

Disable DSA and other old ssh key encryption methods

# generate SSH keys
rm /etc/ssh/ssh_host_*
sysrc sshd_dsa_enable="no"
sysrc sshd_ecdsa_enable="no"
sysrc sshd_ed25519_enable="yes"
sysrc sshd_rsa_enable="yes"
service sshd keygen
service sshd restart

Don’t forget to change “jeff” to your username if you’re configuring zsh

# Change my shell from sh to zsh
chsh -s /usr/local/bin/zsh jeff

fetch https://git.io/antigen -o /usr/local/share/zsh/antigen.zsh

# configure a sane zsh shell

cat <<EOF>~jeff/.zshrc
source /usr/local/share/zsh/antigen.zsh
antigen use oh-my-zsh
antigen bundle zsh-users/zsh-syntax-highlighting
antigen bundle zsh-users/zsh-autosuggestions
antigen bundle zsh-users/zsh-completions
antigen theme gentoo
antigen bundle genpass
antigen apply
EOF

chown jeff:jeff ~jeff/.zshrc

Apps I (try to) use at least weekly

I use GoHugo for this website because static blog sites save energy!

pkg install -y gohugo