Time-stamp: <2017-05-12 10:00:55 (bm3719)>
#+STARTUP: content

This setup procedure is a bit specific to hardware and use cases of my machine.
But, since I had to create my own list in order to get the exact setup I
wanted, perhaps others will find it useful.  It does rely on various external
documents, shell scripts, and portable source installs which don't appear here.

I'll try to update it as needed for each release, but since I normally do
source upgrades and this document is more about a clean install/migration, some
parts of will only be updated when I do a new install from scratch.  Since I
know some people reference this document (particularly if stuck on something),
I try to keep it clean and free of errors.  If you're one of those people, I'd
stress how helpful it is to read the FreeBSD Handbook at least once, then keep
it handy as a reference.

* Setup procedure for FreeBSD 11.0-RELEASE
** Pre-install
*** back up current system
- Clean up any large files laying around user directories to speed up data
- Run `make clean' or equivalent on any personal project directories.
- Run rsync scripts to backup all user and system data to smb share.  If this
  is my primary workstation, be sure to grab:
  - /home
  - /root
  - /boot
  - /etc
  - /usr/local/etc
  - System website directories like /usr/local/www/cgi-bin and
    /usr/local/www/nginx (though the latter should be under VCS).
- Backup databases.
** Install
*** memstick image
- Grab memstick img from:
- Put in USB drive and check dmesg to make sure it's deviced at da0.
- Image drive with something like: dd
  if=FreeBSD-11.0-RELEASE-amd64-memstick.img of=/dev/da0 bs=4096 conv=sync
*** install OS
On both my laptop and workstation, use F2 to enter BIOS setup and F10 to select
boot media.

Run through the standard setup:
- Choose default keyboard layout.
- Set hostname.
- Distributions: lib32, src, ports (base and kernel are auto-included now).
- Partitioning: Do manual/expert setup.
- Partition Editor:
  - Delete any previous partitions.
  - Use entire disk, set slice to bootable, use GPT.  These will be prompted
    for automatically when creating first partitions.
  - For swap partitions, use freebsd-swap as the partition type.
  - For a 30GB drive: / 512M, SWAP 1xRAM, /var 512MB, /tmp 1G, /home 8G, /usr
    remaining space.
  - For a 64GB SSD: / 1GB, /var 1GB, /tmp 1536MB, /home 28GB, /usr remaining
    space (includes a 4GB swap file).
  - Modify the above accordingly for VMs (add a swap partition) or drives of
    different sizes.  Consider making /var 3G or more if I have a lot of
- Set root password.
- Setup network adapter with static IP.  Configure IPv4 without DHCP, skip
  IPv6.  For laptops, use DHCP and a non-static IP.  My Thinkpad requires
  setting regdomain to FCC4.  Otherwise, scans are non-functional.
- Set localdomain and DNS during resolver configuration.  The search field
  represents localdomain.  Grab the DNS entries from previous /etc/resolv.conf
- Set timezone and clock.
- System Configuration: sshd, moused.  On laptops, if I don't mind some extra
  RAM use, powerd can be useful.
- Security hardening options: Always disable opening a syslogd network socket.
  Disable sendmail on everything except my main workstation and VPS.
- Add bm3719 user.  Invite user to group wheel.
- As a final step, I may want to install the FreeBSD Handbook locally,
  especially on laptops, since I occasionally might get stuck without network
  access and have to look something up.
- Remove media and restart.  Don't pull the USB stick until after sync.

Some issues encountered in the past (though all seem resolved now):
- Prior to 10.2 on my workstation, installing from USB worked, but required
  entering `ufs:/dev/ad0' when dropped into the mountroot> prompt.
  Installation proceeded normally after that.
- In 10.0, when committing the filesystem changes, I would get a pre-check
  error.  This went away after awhile and seemingly had no ill effects.
*** enable TRIM support (SSD only)
If installing on an SSD, do this to increase write performance over the life
of the drive.
- Boot into single user mode
- Run `mount'.  For other file systems besides /, use the `ro' option,
  e.g. `mount -r /dev/ada0p3 /var'.
- Run `tunefs -t enable /dev/ada0p2' (through ada0p6)'.
- Check that it's enabled with `tunefs -p /dev/ada0p2'.

Do the above for all slices.  Also ensure soft updates (softdep) are enabled.
They should be default on UFS now.  Soft updates' main tradeoff is a
semi-large .sujournal file in the root FS mount location.
*** enable sshd
- Edit /etc/inetd.conf and uncomment IPV4 sshd.
- Edit /etc/rc.conf and ensure sshd_enable="YES" exists.
- Restart sshd daemon with `service sshd restart'.

From this point on, I can do all non-GUI tasks remotely.
*** set partitions noatime (SSD only)
Edit /etc/fstab and set all slices to noatime.  This saves some SSD wear and
speeds up disk access.
*** create swapfile in / (SSD only)
Creating a swap file instead of using a partition will allow swap to make use
of TRIM.  This creates a 4GB swap file in /usr/swap.  As root, do this:
- Run `mkdir /usr/swap'.
- Run `dd if=/dev/zero of=/usr/swap/swap bs=128k count=32768'.
- Run `chmod 0600 /usr/swap/swap'.
- Run `mdconfig -a -t vnode -f /usr/swap/swap -u 0'.
- Run `swapon /dev/md0'.
- Confirm that the space shows up in `top'.
- Add the following to /etc/fstab.  Note that the "late" flag is required for
  this to work post 10.1:
  md none swap sw,file=/usr/swap/swap,late 0 0
- It may be prudent to reboot and test this again to be sure it comes up.

Note: Be sure to include `device    md' in the custom kernel config.
*** user account
A user add step has been in the installer for a few versions now, so my user
account should already exist at this point.
- Be sure user bm3719 is added to group wheel.  This should've been done during
  install, but is easy to forget.
- If I need to use the account right now, I can scp some stuff over, but it's
  more efficient to wait until later to rsync it all at once and preserve
*** /root
Sometimes I have an old machine I'm migrating from, but usually I just swap
SSDs.  Modify the below accordingly if doing the former:
- Change /etc/ssh/sshd_config's PermitRootLogin to yes on old machine, and
  restart sshd there.
- scp various root files to root's home dir.
- Revert the sshd_config change on old box and restart service.

If not migrating machines, just scp /root from another FreeBSD machine (I
generally keep these synced).
*** pkgng
This is a replacement for pkg_tools.  Since it includes a built in security
audit (negating the need for portaudit) and is probably the way forward for
binary packages, I'm switching to it.
- Bootstrap the pkg system by running `/usr/sbin/pkg' as root, if I hadn't
  installed the ports system from install.
- Convert the pkg_tools database to pkgng by running `pkg2ng'.
- Delete /var/db/pkg.bak, if it exists.
- Edit /etc/make.conf and add (with a tab before yes):
  WITH_PKGNG=    yes
*** portsnap
- Run `portsnap fetch'.
- Run `portsnap extract'.
- Run `portsnap update'.
- Run `pkg update' and 'pkg upgrade'.
*** update world, src, kernel
- Ensure that the line `Components src world kernel' is present in
- Run `freebsd-update fetch'.
- Run `freebsd-update install' (if there were any changes).
- Comment out `kernel' from freebsd-update.conf.
- If the kernel was replaced, restart to begin using it.

Note that if source-upgrading, ensure world and kernel are commented out.
Update the source only and follow the steps to build a new world and kernel.
Only then update all ports.
*** copy over /etc/make.conf and /etc/ports.conf
These files are used to store common build flags preferences of mine for ports.

Merge the make.conf contents, since one was created earlier.
*** use clang as default compiler
Ensure /etc/make.conf includes this:

# Some convenience flags.
*** portmaster
- Install ports-mgmt/portmaster.  Flag for ZSH.
- Run `portmaster -L' to check if anything installed so far has new versions
  and update if necessary with `portmaster -a'.
** Post-install config
*** date/time
This should no longer be necessary with the new installer, but I'll leave this
step here in case it was skipped.
- Set proper timezone with: cp /usr/share/zoneinfo/America/New_York /etc/localtime
- Check `date' command and if wrong set with yymmddhhmm.ss datemask.
*** loader config
- Ensure /boot/loader.rc has the following lines:
  include /boot/loader.4th
  start  # or beastie-start
- Either copy over stuff from old loader.conf or (preferably) check
  /boot/defaults/loader.conf for the current defaults and settings options.  I
  probably at least want to lower the autoboot_delay.
- Set the default vt terminal console driver resolution by adding a line to
  /boot/loader.conf that corresponds to the native screen resolution:
- Shorten the autoboot delay with an entry in /boot/loader.conf:
*** /etc/motd
- Copy over banner from old box.
- I include some of the uname output in this, so be sure to update it later
  after kernel config (though I think this updates automatically now).
*** /etc/hosts
Add the following IPs to this file:           cellblock cellblock.bighouse.local           dreams    dreams.bighouse.local           sdfg      sdfg.bighouse.local

Also fix the domain name for localhost entries (fixes sendmail MTA errors) and
the sendmail timeouts at boot (if I see those, hit C-c to skip the wait).

Be sure has two entries, one for localhost, the other for the actual
hostname.  Full names for both should have the proper domain name.
*** /etc/resolv.conf
If using DHCP since install time, add local DNS server here (should already be
added through install) and a backup OpenDNS one.  Otherwise, this should
already be here.

For FreeBSD laptops and VMs, leave DHCP enabled.
*** virtual consoles
Edit /etc/ttys and disable ttyv3 through v7 by setting the status column
to `off'.  This leaves 3 consoles and saves a bunch of getty processes.  It
also keeps some clutter off the process list.
 *** remap caps lock to control
 This just changes caps lock, but still leaves the original control key as
 - cd /usr/share/syscons/keymaps/
 - cp us.iso.kbd us.iso-swap.kbd
 - Change the clock line to read:
   058   lctrl  lctrl  lctrl  lctrl  lctrl  lctrl  lctrl  lctrl   O
 - chmod go+r us.iso-swap.kbd
 - In /etc/rc.conf, add:
 Will take effect on next restart.
*** install a few utility ports
- www/lynx (with SSL; without color, IPV6, or NLS).
- sysutils/tmux.
- shells/zsh (with DOCS).  Ensure .zshrc is copied over.
- net/rsync (with DOCS, SSH, ZLIB_BASE).   Also remove ENCODINGS from
  dependency converters/libiconv.

Confirm zsh appears in /etc/shells and chsh to that.
*** sudo
- Install security/sudo (without AUDIT, NLS).
- Edit /usr/local/etc/sudoers and uncomment first line referencing group wheel.

I should now be able to stop su-ing to root and do everything via sudo.  The
only exception should be booting into single-user mode.
*** rsync $HOME directory
Don't use scp to restore $HOME due to symbolics links being followed, resulting
in copied data.  rsync preserves symlinks.  Run this:

rsync -av -e ssh old-server:~ ~/..

Check symlinks with `ls -alR | grep "\@"' and ensure they all still have
existing targets.
*** ACPI extras (laptops only)
For Thinkpad laptops, enable the Fn keys by adding this to /boot/loader.conf:

If using this, be sure to add `device acpi_ibm' to the kernel config later.
*** Xorg
- Install x11/xorg-minimal.  This takes a long time and prompts several times
  for build options.  It's probably a good idea to run `make config-recursive'
  first.  Be conservative with these flags.  For example, it's safe to disable
  all flags for docbook-related packages.  I've been setting Xorg itself to use
  HALD, since that tends to end up on the system anyway.

  Note that if using HALD, some additional config prompting will still occur.
  I might be able to get around that by first installing sysutils/hal.
- Install x11-drivers/xf86-video-intel (or xf86-video-vmware or whatever)
  driver.  Also, one can run something like `make install VIDEO_DRIVER=intel'
  to skip installing vesa, though it's probably a good idea to include it if
  there's any uncertainty about a specific driver working.

  For the intel driver, which appears to often be a mess, check the latest
  info here: https://wiki.freebsd.org/Intel_GPU
  For general Xorg info: https://wiki.freebsd.org/Xorg
  Additional info: https://wiki.archlinux.org/index.php/intel_graphics

  Note: graphics/libGLU and graphics/libGLw may be required by the intel
  driver's MESA dependency.  Previously, setting `Option "NoAccel" "true"' in
  the Device section was necessary, though this seems unnecessary now.

  Note: For intel drivers, AccelMethod can be defaulted to uxa or sna these
  days.  Default to sna using the build option, but if video has corruption
  issues, switch back to uxa in xorg.conf with the Device section entry:
  Option "AccelMethod" "uxa"
- Add the following to /etc/rc.conf to autodetect keyboards and mice:

  Start the hald service.  HALD may require a reboot.  Note that if using DEVD,
  change hald_enable to devd_enable.
- If this is a VM install, now is a good time to install VMware Tools (since it
  requires Perl).  Run `mkdir /mnt/cdrom' and mount the iso with `mount_cd9660
  /dev/cd0 /mnt/cdrom'.  This first requires that misc/compat6x is installed.
  Also install x11-drivers/xf86-input-vmmouse.  Know that it's often the case
  that VMware tools lags behind the current version of FreeBSD by an annoyingly
  large amount of time.  It might be necessary to skip this step for new
- As root run: 'Xorg -configure'.  This will generate an xorg.conf.new file.
- Test this file with: 'X -config xorg.conf.new -retro'.  If working, hit
  C-M-F1 and C-c.
- Check the Xorg stdout to check for errors.  Scan for warnings (WW) and errors
  (EE) in /var/log/Xorg.0.log.  If fbdev is needed, install
- Auto-configuration is almost never adequate though, so check older xorg.conf
  file and merge in anything important, like the monitor ModeLine.  Use `cvt'
  to find the appropriate settings.  On my current monitor, run `cvt --reduced
  1920 1200 60'.
- Once this is working, copy xorg.conf.new to /etc/X11/xorg.conf.
- Install ancillary Xorg apps that aren't in the minimal metaport, but that I
  still want to use:
  - x11/xmodmap
  - x11/xset
  - x11/xrdb
  - x11/xwd
  - x11/xkill
  - x11/libXrandr (for Haskell's X11)
  - x11-fonts/xfontsel
- Install deskutils/autocutsel and make sure its calls are uncommented in
- Make sure xmodmap key mappings in .xinitrc make sense with the keyboard being
*** urxvt
- Install x11/rxvt-unicode (without GDX_PIXBUF, ISO14755, NEXT_SCROLLBAR, PERL,
- Once I get xmonad up, be sure to check if the urxvt font setting shows any
  weirdness at the chosen size.  Sometimes characters like underscores don't
  render.  Change the size in ~/.Xdefaults if there's any problems.
** Environments
*** Haskell
The Haskell stack needs to go on first, since the only WM on the system will be
a user-specific install of xmonad.  This install uses stack (the package
manager), installed per-user.  This means that GHC will not be installed via
ports and everything Haskell-related has to go through stack.

Unfortunately, stack doesn't seem to be able to use clang.  Hopefully this will
be addressed at some point in the future.  In the meantime, this will pull in

Clean up any remaining cabal stuff:
- Ensure ~/.zshrc doesn't include ~/.cabal/bin in $PATH.
- Delete ~/.ghc and ~/.cabal.
- Delete contents of ~/.xmonad.

stack setup:
- Delete ~/.local if it exists.
- Delete ~/.stack if it exists.
- stack requires: devel/gmake lang/perl5 lang/gcc misc/compat8x misc/compat9x
  converters/libiconv security/ca_root_nss misc/compat9x.

  Probably lang/gcc, misc/compat8x won't be installed yet by this point.
- Run: curl -sSL https://get.haskellstack.org/ | sh
- Run: stack update
- Run: stack setup
- Configure or copy a previous ~/.stack/config.yaml file.

xmonad setup:
- Ensure $HOME/.local/bin is in $PATH.
- Either run both or just the second of the following commands.  Installing
  contrib might alleviate some dependency problems.
  stack install xmonad
  stack install xmonad-contrib
- Somewhere deep in the ~/.stack directory will be an example xmonad.hs file.
  Copy that over to ~/.xmonad and edit it with my normal changes.  At least
  change the default terminal emulator, since I've skipped installing xterm,
  and the myModMask variable.  Ensure the key remappings correspond to any
  xmodmap changes in ~/.xinitrc.
- Manually compile the xmonad.hs file with (note the -- necessary to send the
  command flag to ghc, not stack):
  stack ghc -- --make xmonad.hs

  Be sure that ~/.xinitrc points to this new binary explicitly, and doesn't
  resolve to the one installed from stack.
- Install x11/dmenu.
- Run startx as user.  Note that if fonts aren't installed yet, urxvt will
  have errors.  Skip ahead to the fonts task if I need to use X right now.

Install any other Haskell apps from Stackage being used.  This depends on what
I'm doing at the time, but might include Agda, happy, haskeline, alex, etc.

It might be a good idea to install fonts (see "fonts" section below) now in
order to test whether the Xorg environment is functional.  With this setup,
rxvt-unicode won't have a font to default to, so I otherwise can't get a
terminal up.  If I'm okay with plowing ahead though, I can skip it until later.
An alternative is to modify ~/.xinitrc to launch an X app like xfontsel, just
to make sure xmonad works.
*** GNU Emacs
- Install editors/emacs.  Use GTK2 toolkit since Conkeror will pull it in
  anyway.  Use config-recursive here.  Remove at least GCONF, GSETTINGS.
- Install from ports:
  - textproc/aspell
  - textproc/en-aspell
  - print/auctex (Long install.  Note that ghostscript9-agpl-base has had a
    broken docs build for a long time.  De-flag DOCS).
  - editors/apel
  - www/w3m
- .emacs file and .emacs.d directory should already be present from
  scp/rsync-ing user directory over.
- Startup Emacs in Xorg to make sure there's no init errors.

Haskell went on first, but now that Emacs is setup, a final step needs
completing to integrate it with the new stack install:
- Ensure that intero-mode is installed via ELPA.
- Create a new project with stack (or use an existing one).
- Open one of the .hs files in it and run M-x intero-mode.  If everything's
  wired up properly, this should install intero, the Haskell project on Stack.

Note that I used to install www/emacs-w3m (w/o SHIMBUN).  But, since
www/w3m-m17n was removed, use of normal w3m is required now.  Now I'm using
emacs-w3m from CVS.
*** Lisp
I'm mostly no longer writing any CL, but this is still used for Maxima and
occasionally running some existing code.  I can just install the packages and
skip the config unless I plan to do any programming here.
- Install lang/sbcl.
- Install devel/clisp-hyperspec.
- Swank setup: Need to recreate symlink to swank.asd in .sbcl/asdf-registry.
  See .sbclrc for setup details.
- asdf-installed packages are portable as long as ~/.sbcl is propagated.  Code
  in .sbclrc handles stale fasls.  However, it might not be a bad idea to wipe
  these, since it'll rerun the package tests and alert for missing
*** Python
Migrated this to a very basic setup, which just installs pexpect for scripts.
Might deprecate this altogether next time.

- 2.7.x should be brought in by Xorg.
- Install devel/py-pip.
- Install pexpect via pip as root.
- Install pyflakes via pip as root.  If this doesn't work, go to
  http://pypi.python.org/pypi/pyflakes and download pyflakes.  Modify the
  hashbang in setup.py.  Run `setup.py install --user'.

I may want to defer these, if I don't plan on doing any Python development any
time soon.  That'll make installing them later easier.
- Install devel/pylint (no GUI).
- Install lang/python-doc-html.
- Use pip to install python-distribute.  As root, run `pip install distribute'.
- Install devel/py-nose or `pip install nose'.
- Install devel/py-virtualenv or `pip install virtualenv'.
- Install numpy via pip.
*** Prolog
Skip this next time, since I've completed my Prolog task.

- Install lang/swi-pl.
- Recreate (or confirm the existence of) symlink needed for Emacs: ~/bin/prolog
  -> /usr/local/bin/swipl
*** CAS
- Install math/maxima (also brings in gnuplot).  For gnuplot, only enable DOCS,
  GD, X11.
- Make sure current version's elisp directory matches that referenced in
*** Java
The Java stack mainly just needs to host Clojure.  Ant is still needed to
compile l1j-en, however.
- Install java/openjdk8.
- Install devel/apache-ant (check if already installed first).
- Ensure /usr/local/openjdk8/bin binaries are symlinked and that $JAVA_HOME is
  properly set (which it won't be if the Java version changes).
- Install ftp/wget (needed for jde-help-symbol).
*** Clojure
This setup uses Leiningen to pull in the correct jar instead of the port in
lang/clojure, which there is no good reason to ever install.

My Clojure setup should be migrated from a previous system, but it's not a bad
idea to refresh everything by deleting ~/.m2 and everything in ~/.lein except
- The JDK and Ant should already be brought in by the openjdk install.
- Grab the latest Leiningen 2.x script with `wget --no-check-certificate
- Put this in ~/bin and chmod u+x it.
- Run `lein', which does some setup on the first run.
- Systems without `shasum' may report a download error due to a failed checksum
  validation when grabbing the Clojure jar.  Just verify that
  ~/.m2/repository/org/clojure/clojure/1.x.x/clojure-1.x.x.jar and
  ~/.lein/self-installs/leiningen-2.x.x-preview-standalone.jar are there.
- Ensure ~/.lein/profiles.clj is present or update it from dotfiles project.
- Make a test project somewhere to make sure everything works by running `lein
  new test-prog' then pull up a REPL against it in Emacs.  Alternatively, use
  an existing, up-to-date project.

If for some reason I don't want to redo everything, at least run `lein
*** JavaScript
- Install www/node
- Install www/npm
- Delete ~/node_modules.  Then install these packages using `npm install' on
  user account:
  - webpack
  - eslint
  - bower
  - markdown-pdf

Note that there's been times when something here is broken, so if there's
any critical npm-managed infrastructure, backup ~/node_modules first.

markdown-pdf brings in an npm-installed phantomjs.  This install has been
troublesome occasionally.  I've gotten it working by symlinking the node
*** Racket
Consider skipping this if I don't plan on doing any Racket programming.

- Delete existing ~/.racket.
- Ensure there's plenty of space on /var (raco writes to /var/tmp).
- Install lang/racket-minimal.
- As user, run `raco pkg install drracket'.
- Open up a .rkt file in Emacs and run M-x run-geiser.
*** C
- Install devel/global.
- Install devel/valgrind (Check if it pulls in a gcc version).
- Add procfs entry in /etc/fstab, like:
      proc /proc procfs rw 0 0
  Then run `mount proc'.
*** OCaml
- Install lang/ocaml (w/o X11).
- Install devel/ocaml-opam.
** Apps
*** fonts
- Install x11-fonts/code2000.
- Install x11-fonts/dejavu (check first if already installed).
- Install x11-fonts/xorg-fonts-100dpi.  This is needed by apps like xpdf and
- Run mkfontdir and mkfontscale in updated font directories under
  /usr/local/share/fonts/ (previously was /usr/local/lib/X11/fonts).  This will
  include OTF.
- Migrated .xinitrc should already xset fp+ these, but check to make sure they
  match available fonts.
- Update xorg.conf to include any missing font directories.
- In the Modules section of xorg.conf, add `Load "freetype"'.
- Check xfontsel to ensure all are registered.

Note that using x11-fonts/ttmkfdir and running 'ttmkfdir -o fonts.dir' in any
TT font dirs (like dejavu) seems to no longer be necessary.  The package seems
to be gone altogether now, in fact.
*** GPG
- Install security/gnupg1 without NLS or CURL.
- Test that I can open an existing encrypted file using Emacs GPG integration.
*** install remaining main apps
Check main apps list and install everything:
- archivers/p7zip
- devel/git (w/o CVS, NLS, P4).  Run my standard git user config after install.
- irc/irssi (with BOT, PERL, and TRUECOLOR)
- games/frotz (w/o OSS)
- graphics/xpdf
- graphics/graphviz (w/o NLS, PANGOCAIRO, NVTHREADS)
- print/tex-xdvik
- sysutils/tree
- textproc/code2html
- textproc/colordiff
- textproc/markdown
- textproc/textogif (skip this on headless installs)
*** mutt
- Install mail/mutt.  Disable HTML, SMIME_OUTLOOK_COMPAT, XML.  A dependency,
  gpgme, should be set to GNUPG1 if enabled.  De-flag UISERVER.
- Install mail/msmtp.
- Ensure ~/.mutt, ~/.muttrc, ~/.msmtprc, and ~/.mutt/cert.pem are copied over
  and chmoded properly.
- Start up mutt to test.
- In another mail-related issue, if I see system messages similar to "Alias0:
  missing map file ...", run this command:
  makemap hash /etc/mail/aliases.db < /etc/mail/aliases
*** sound
- Do a kldload snd_driver (this scans for most common audio devices and loads
  proper driver), check `cat /dev/sndstat' to see which was loaded, then
  kldunload snd_driver and add the proper line to /boot/loader.conf, such as
  `snd_hda_load="YES"'.  Be sure to add this proper driver to kernel config
  later and remove it from loader.conf.  See driver manpage for details.  Note
  that PnP devices don't require this anymore.  If the chipset is just pcm,
  that's usually a sign this is the case.
- Install audio/flac.
*** mplayer
- Install multimedia/mplayer with build options: FONTCONFIG OPENGL
- Play an mp3 or flac file in EMMS to test.

Note that mplayer has switched back and forth on whether it includes a THEORA
option.  If not, I'll have to install multimedia/libtheora for OGG support.
*** vim-lite
Install editors/vim-lite.  This is vim without the GUI and a few other frills,
mainly for root to use.
- Copy wombat.vim to /usr/local/share/vim/vim80/colors/ and ensure it has the
  same permissions as the other .vim files.
- Ensure .vimrc is copied over for user and root accounts.  Start up vim to
  ensure there are no config errors.  If it's working, the splash message won't
  be present.
*** Conkeror
- Install www/libxul.  Flag for BUNDLED_CAIRO, DBUS, OPTIMIZED_CFLAGS, ALSA,
  GTK2.  This failed for me once because I forgot to install graphics/png with
  APNG support.  If that happens, just rebuild it with that.  Another issue can
  occur where /etc/machine-id is missing.  If this happens, run `dbus-uuidgen >
  /etc/machine-id' as root.
- Navigate to ~/src/javascript/conkeror and do a `git pull --rebase'.
- Install customized "blackened" theme (not necessary if propagating
  ~/.conkeror.mozdev.org directory).
- Modify conkeror/modules/webjump.js, removing useless webjumps.
- Remove unwanted stuff from conkeror/search-engines.
- Remove same stuff from end of conkeror/modules/search-engine.js
- In conkeror/modules/minibuffer-read-option.js, edit this function to the
  minibuffer.prototype.read_yes_or_no = function () {
      var result = yield this.read_explicit_option(forward_keywords(arguments),
                     $options = ["yes", "no", "y", "n"]);
      yield co_return(result == "yes" || result == "y");
- Ensure script ~/bin/conkeror exists and test it.  Fix any rc file errors.
- To disable extensions security, run:
  session_pref("xpinstall.whitelist.required", false);
- Try to install Adblock Plus directly from adblockplus.org.  Sometimes this
  works, depending on the xulrunner/Conkeror version.  If so, run M-x
  extensions and configure the plugin.  If not, download the xpi file and
  manually install it from the extensions window.  Then add a filter list
- Grab NoScript .xpi (in ~/doc/conf) and run M-x extensions and manually
  install it.  Restart and go to the preferences.  Add macroexpand.com,, localhost, and github.com to the whitelist.
*** printing
TODO: Skipping printing in latest build.  Will have to refresh this later.

Install/config CUPS and USB printer HL-5240:
- Install print/cups, print/cups-client, print/gutenprint (without gimp-print
  drivers, instead using IJS), and print/foomatic-filters.
- Create /etc/devfs.rules with the following, which sets the permissions and
  associates print devices with the cups group:
  add path 'unlpt*' mode 0660 group cups
  add path 'ulpt*' mode 0660 group cups
  add path 'lpt*' mode 0660 group cups
- Add root and other users to cups group in /etc/group
- Enable CUPS and the above rules at startup by adding these lines to
- In order to enable CUPS printing under certain Windows clients, the line
  below should be uncommented in /usr/local/etc/cups/mime.types and
  /usr/local/etc/cups/mime.convs (this seems to be the default now, but check
- Either reboot or issue the following commands:
  service devfs restart
  service cupsd restart
- Config printers via the CUPS web interface by going to: http://localhost:631
- Go to Administration|Add Printer, type in names, select USB printer 1,
  specify Brother-HL-5240-Postscript.ppd file from the local filesystem. Use
  root l/p when asked for a login.
- Set US Letter, no double siding, 600dpi, no banners.
- On Windows, just add a network printer (should find it automatically).
  Search for driver, install Brother HL-5420 BR-Script3.
- Print a test page from CUPS admin panel.
- Install print/xpp.
- Try printing a test file from Emacs with M-x print-buffer.
*** Samba
- Install net/samba44 (or whatever the latest is).  At least de-flag ADS,
- /usr/local/etc/smb4.conf
        workgroup = BIGHOUSE
        server string = Samba Server Version %v
        netbios name = cellblock
        # Do not enable for more than one Samba server.
        wins support = Yes
        security = user
        passdb backend = tdbsam
# Share /usr/share/smb accessible only to bm3719 user.
        path = /usr/share/smb
        valid users = bm3719
        writable  = yes
        browsable = yes
        read only = no
        guest ok = no
        public = no
        create mask = 0666
        directory mask = 0755
- Test setup with: /usr/local/bin/testparm -s
- Create local shared directory of /usr/share/smb, chmoded to 0755.
- Add bm3719 to samba users with: pdbedit -a bm3719
- Add `samba_server_enable="YES"' to /etc/rc.conf.
- Test local share from Windows by going to network/cellblock/smb and creating
  a file.
- TODO: Test printer from any local Windows machines and if not working
  reinstall it with driver (see CUPS entry for details.)
- For backups, create a directory like /mnt/smb and make sure rsync backup
  scripts point to it.

Note: Here was my old printer section for Samba 3.6.  I'll reintegrate this for
4.4 at some point.
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
*** nginx
- Install www/nginx.  Skip most of the modules.  Recommended:
  - DSO
  - HTTP
  - HTTPV2
  - WWW
- Add nginx_enable="YES" to /etc/rc.conf.
- Copy over old /usr/local/etc/nginx/nginx.conf, or start over.
  - Be sure to include this snippet for user public_html directories and
    directory browsing:
    # Home directories
    location ~ ^/~(.+?)(/.*)?$ {
        alias /home/$1/public_html$2;
        # Enable directory browsing.
        autoindex on;
- Delete symlinked dir /usr/local/www/nginx.
- Clone server website to the above location.
- Test server and user sites.
*** ddclient
- Install dns/ddclient.
- Add ddclient_enable="YES" to /etc/rc.conf
- In ddclient.conf, ensure that for the interface, em0 is used locally, and xn0
  on the VPS.
- Copy over old ddclient.conf to /usr/local/etc/ddclient.conf
daemon=900                              # check every 15 minutes
syslog=yes                              # log update msgs to syslog
#mail=root                              # mail all msgs to root
#mail-failure=root                      # mail failed update msgs to root
pid=/var/run/ddclient.pid               # record PID in file.
use=if, if=em0                          # found after IP Address

protocol=freedns             ##
server=freedns.afraid.org    ## defaults to freedns.afraid.org
login=bm3719                 ## login name and password registered with the
## service
rcake.crabdance.com          ## the host registered with the service.
## single host update
protocol=freedns, \
login=bm3719, \
- Ensure ddclient.conf is chmod-ed 0600.
- service ddclient start
*** MySQL
- See /root/mysql_setup.txt
- Install databases/mysql57-server (this pulls in mysql56-client as well).  I
  guess select INNOBASE as the engine and disable PERFSCHM unless I'm running a
  production DB.
- Edit /usr/local/etc/mysql/my.cnf.  At least change the bind-address to to allow remote access.
- /usr/local/libexec/mysqld --initialize
- Note the temporary password for the root user, which will be displayed to
- Run 'mysqld_safe --user=mysql &'.  It's possible to copy
  support-files/mysql.server over to /etc/rc.d if i want to autostart at boot
  (which I don't).
- Check /var/db/mysql/cellblock.err to make sure everything starts okay.
- Login to mysql with: mysql -u root -p
- Change root password with:
- Since I sometimes do db backups/restores from other machines, it'll need
  remote root access, so run the following after logging in as root locally:
- Create database with: CREATE DATABASE l1jdb;
- Restore database from backup.
*** install optional ports
Here's some apps I've occasionally used on FreeBSD systems.  I'm excluding
these from the setup here by default do to keeping down unnecessary bloat.  If
I need these, a better option is to use them in a VM.
- Install databases/mongodb32.
- Install databases/mongodb32-tools.
- Install math/R.
- Install math/coq.
- Install java/eclipse, java/eclipse-gef, java/eclipse-webtools, and all
  Eclipse plugins being used.
- Install textproc/weka.
- Source install RapidMiner.
- pip install scipy
- Install math/gmp and lang/go (go-ethereum dependencies).
- devel/subversion (if using an older version, config with SERF, not NEON)
- Install x11-fonts/terminus-font or x11-fonts/terminus-ttf.
- Install lang/twelf.
*** install optional games
Always put a few games on at least my netbook to entertain myself when stuck on
airplanes or other places where I can't do anything productive.
- Install games/nethack36-nox11.
- Install games/stonesoup.
** Test
*** Emacs
- Open a .c, .cpp, .tex, .xml, .html, .js, .java, and .py file
- M-x slime, py-shell, maxima, w3m.
- Run magit-status on a git repo.
** Final tasks
*** build kernel and world
Normally, one might want to do this way earlier, but I'd rather get the system
working first.  Screwing something up on setting up the various environments is
far more likely than ruining the system with a kernel build (which is pretty
much impossible unless you're a total n00b).  On the other hand, if I'm
source-upgrading to a new version, switch the order here around and do this

The most efficient method is to rebuild world and kernel and the same time,
with world going first.
- Go through all device listings in ports, read manpages of any newly added
- Be sure to read /usr/src/UPDATING.
- Compare old kernel config to new one in ediff or something, but before
  merging anything in, be sure it still applies.
- Remove any temporarily added modules or kernel flags from /boot/loader.conf
  that will be redundant with the new kernel config.
- In particular, remove the sound driver load from /boot/loader.conf.
- Create a .hints file.
- Before something goes wrong, be sure to back up the last working kernel
  somewhere since /boot/kernel.old will be overwritten.
- After installing, run `ps aux' and `vmstat' to make sure they still work.  If
  not, the world and kernel are desynced.
- Comment out "world" in /etc/freebsd-update.conf.
- Ensure uname output on the first line in /etc/motd is updated (should happen
*** custom info files
Copy these from ~/doc/conf and update the index in /usr/local/info/dir

- The entry for SICP should look like this:
  The Algorithmic Language Scheme
  * SICP: (sicp). Structure and Interpretation of Computer Programs
*** files
- Ensure that files being edited during install are checked in or scp-ed over.
- Do one last filesystem sweep for config files and such missed.
- Delete everything in /usr/ports/distfiles.
- Go to /usr/ports and run `make clean'.
- Check websites to ensure functionality.
- Backup old system before retiring it and don't wipe it for a couple weeks.
  If using the drive swap method, just set aside that drive for awhile (usually
  I just keep it until the next fresh install).
*** security
- Before putting box online, check the security advisories for this version on:
- Apply any patches necessary.  Most likely, this won't happen, since the
  latest source was retrieved.
- Run `pkg audit -F'.
*** other users
Migrate over other users and their data.
- Recursively scp user dirs from /home.
- Copy over entries for users in /etc/passwd, /etc/master.passwd, and
- Run `pwd_mkdb -p /etc/master.passwd'.
- Recursively chown all user directories to appropriate ownership.
*** storage devices
If not adding other users, I can probably safely allow untrusted user device
mounting, but I prefer to limit it to group wheel members.
- Edit /etc/devfs.rules and add:
  add path 'da*' mode 0660 group wheel
  add path 'msdosfs/*' mode 0660 group wheel
  add path 'usb/*' mode 0660 group wheel
  add path 'ugen*' mode 0660 group wheel
- Edit /etc/sysctl.conf and add:
- Edit /etc/rc.conf and add:

Test by sticking in a USB drive and mounting /dev/da0.
*** setup SSH authentication
See projects.org "OpenSSH authentication" topic for details.
- Run `ssh-keygen -t rsa -C "bm3719@gmail.com"' locally and add to
  ~/.ssh/authorized_keys files on any remote hosts desired.
- Do the reverse for any hosts that need access to this machine.
- Add public key to GitHub and BitBucket accounts.
- Ensure ~/.gitconfig exists.
- Also create key pair for root and add its public key to GitHub and BitBucket
*** final update
If this has taken a few days, do a final update.
- portsnap fetch update
- portmaster -ay
*** clean up leaf ports
Check leaf ports with `portmaster -l' and clean up ones that aren't needed but
were dragged in for a build.  Cycle on this until I don't see any that I don't
want to keep.
*** done
- This gives a system with about 300-350 total packages installed and idles at
  around 18MB of active RAM usage after boot with all services running + one
  user shell.  It's possible to squeeze this in under 5GB of disk used, though
  I haven't tried that recently.
- Commence writing code.