login.conf: the default, don't think there's any reason to change it on a non-shared machine.
sysctl.conf:
ddb.onpanic?=1
vm.swap_encrypt=1
kern.maxfiles=8192
kern.ipc.shm_use_phys=1
security.models.extensions.usermount=1
security.models.extensions.user_set_cpu_affinity=1
hw.audio0.multiuser=1
kern.maxfiles being bumped is necessary to run large applications (Firefox), NetBSD 10 will come with a much increased default though. kern.ipc.shm_use_phys may or may not be helpful. security.models.extensions.* determine whether some commands (schedctl, mount) work as non-root. hw.audio0.multiuser is necessary to run some daemons that play audio as a different user (musicpd).