AFTERBOOT(8) System Manager's Manual AFTERBOOT(8)

afterbootthings to check after first boot

This document attempts to list items for the system administrator to check and set up after installation and first boot of the system. A basic knowledge of UNIX systems is assumed.

By the time you have installed the system, it is possible that important security updates or critical bug fixes were released, it is therefore recommended to check and upgrade if necessary by using the apt(8) or apt-get(8) commands.

Ragnarok comes with doas, an alternative to sudo. In order to work, doas needs to be properly configured in /etc/doas.conf. For example, to allow members of the wheel group to run commands with doas, simply run the

echo 'permit :wheel' > /etc/doas.conf

command. To allow only a single user, replace ':wheel' with your user name.

For more configuration options, refer to the official doas(1) documentation.

The default firewall in Ragnarok is nftables. The default configuration blocks all incoming connections, except for those established by the user, and allows outgoing traffic.

It is good practice to inspect /etc/nftables.conf and further lock it down if need be. For example, disabling ICMP and IPv6, as long as the user understands (and can live with) the potential drawbacks in doing so.

Ragnarok uses the ifup(1) and ifdown(1) commands to connect to network interfaces configured in /etc/network/interfaces. wpasupplicant(1) is used in the background to handle connecting to protected WPA* wifi networks.

Wired connections should be configured automatically at install time. Wireless interfaces should be configured in /etc/network/interfaces.d/interface-name

The interface name can be found with the

find /sys/class/net

command. The wireless interface should begin with 'wlp'. A simple config file for a wireless interface (hereby named wlp1s0) would look as such:

allow-hotplug wlp1s0
iface wlp1s0 inet dhcp
wpa-ssid MYSSID
wpa-psk MYWIFIPASSWORD

This will suffice for a single interface which will be started at boot time.

For security reasons, it is highly recommended to run the

chmod 0600 /etc/network/interfaces.d/interface-name

command to prevent non-root users from reading the file.

For more information on configuring and connecting to networks, refer to the interfaces(5), ifup(1) and ifdown(1) manual pages.

In some cases, the hwclock.sh script does the job setting the system clock at boot. However, if system time goes out of sync, a proper NTP daemon should be installed. Ragnarok does not come with one by default, at least not in the 01 version, but NTPsec, Chrony or OpenNTPD are highly recommended and available in the repositories.

Ragnarok ships with bsd-mailx(1) and dma(8) for its default mailing system. It is advised to get familiar with it as it is used by the system to communicate with users.

To read mail sent to root without loging into its account, it is useful to create/edit /etc/aliases and alias root's mail to the default user created at install time:

root: username

The traditional simple command-line-mode mail user agent (from the OpenBSD project) which provides the /usr/bin/mail command. It does not include any of the features provided by more advanced mail user agents. See the bsd-mailx(1) manual page for further information.

The Dragonfly Mail Agent is a simple Mail Transport Agent from the DragonflyBSD project. It was chosen for Ragnarok's default MTA due to its simplicity and the fact that it does not listen on any port, ever. It accepts mails from local Mail User Agents (MUA) and delivers them either to local mailboxes or remote SMTP servers. Remote delivery includes support for features such as TLS/SSL and SMTP authentication.

dma is not intended as a replacement for full-featured MTAs. If such an MTA is needed, it is recommended to install something more appropriate, such as OpenSMTPD, which is the only other MTA fully supported by the Ragnarok project.

For more information on dma see the dma(8), mailq(8), newaliases(8), and sendmail(8) manual pages.

The /etc/cron.* directories contain various cron jobs for system maintenance. On systems that will not be always powered on, you can either install the anacron(8) package or handle them manually. For example, you could change the /etc/crontab file to run the cron jobs at a time when you know the system will be powered on. However, it is better to use the crontab -e command to enable the individual jobs that are needed, such as /etc/cron.daily/update-manpages.

For more details, see the cron(8), crontab(1), and crontab(5) manuals.

apt(8), apt-get(8), doas(1), nft(8), nftables(8),

November 09 2024 Ragnarok