1. disable postfix if not needed (local mail still works without it; fetching remote mail won't. if you aren't sure you need this, then you don't!)
2. if applicable, disable powerd (some ports won't have this enabled. if on i386/amd64, leave it on if you have power/sleep/lid switches and want them to work. pre-ACPI/APM machines definitely don't need this)
3. use static addressing if possible, or set up dhcpcd to operate as one-shot (ymmv with the latter method depending on how your network deals with expired leases. if you want to try, i usually set my dhcpcd flags to "b1q64" (mostly because it's a Blinx: The Time Sweeper reference but also the aforementioned reason) )
4. use inetd for everything possible - e.g. once ssh keys are generated, you can have inetd handle ssh connections by adding something like this:ssh stream tcp nowait root /usr/sbin/sshd sshd -i
ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i
5. consider replacing some of the services in the base system with lighter alternatives from pkgsrc (e.g. openssh -> dropbear), but be sure to actually verify whether or not the alternative actually uses less memory - sometimes it does not, and sometimes it does on one system, but not another.
6. if your system is really cramped, and/or you also want to use less storage space, consider building the NetBSD userland from source, with the "SMALLPROG" flag. this removes some less-used functionality in many tools and utilities, so you may find that some features are no longer available, but your system will have a smaller footprint. you can also look into "crunchgen" if you want a busy-box style single-binary swiss army knife.
Conversation
Notices
-
Embed this notice
linear cannon (linear@nya.social)'s status on Tuesday, 26-Mar-2024 01:48:52 JST linear cannon - Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 26-Mar-2024 02:08:46 JST Haelwenn /элвэн/ :triskell: @linear inetd thing reminds me that I wonder about the at-rest vs. per-connection footprint between OpenSSH and tinyssh (which uses inetd).