gce.conf revision 278985 
1#!/bin/sh
2#
3# $FreeBSD: stable/10/release/tools/gce.conf 278985 2015-02-19 03:57:47Z gjb $
4#
5
6# Set to a list of packages to install.
7export VM_EXTRA_PACKAGES="firstboot-freebsd-update firstboot-pkgs \
8	google-cloud-sdk google-daemon panicmail sudo firstboot-growfs \
9	google-startup-scripts"
10
11# Set to a list of third-party software to enable in rc.conf(5).
12export VM_RC_LIST="google_accounts_manager ntpd sshd firstboot_growfs \
13	firstboot_pkgs google_startup"
14
15vm_extra_install_base() {
16	echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf
17	echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf
18	echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf
19}
20
21vm_extra_pre_umount() {
22	cat << EOF >> ${DESTDIR}/etc/rc.conf
23dumpdev="AUTO"
24ifconfig_DEFAULT="SYNCDHCP mtu 1460"
25ntpd_sync_on_start="YES"
26case \$(uname -r) in
27	*-BETA*|*-RC*|*-RELEASE*)
28		firstboot_freebsd_update_enable="YES"
29		;;
30	*)
31		;;
32esac
33# need to fill in something here
34#firstboot_pkgs_list=""
35panicmail_autosubmit="YES"
36EOF
37
38	cat << EOF >> ${DESTDIR}/boot/loader.conf
39autoboot_delay="-1"
40beastie_disable="YES"
41loader_logo="none"
42hw.memtest.tests="0"
43console="comconsole,vidconsole"
44hw.vtnet.mq_disable=1
45kern.timecounter.hardware=ACPI-safe
46aesni_load="YES"
47nvme_load="YES"
48EOF
49
50	echo '169.254.169.254 metadata.google.internal metadata' > \
51		${DESTDIR}/etc/hosts
52
53        # overwrite ntp.conf
54	cat << EOF > ${DESTDIR}/etc/ntp.conf
55server metadata.google.internal iburst
56
57restrict default kod nomodify notrap nopeer noquery
58restrict -6 default kod nomodify notrap nopeer noquery
59
60restrict 127.0.0.1
61restrict -6 ::1
62restrict 127.127.1.0
63EOF
64
65	cat << EOF >> ${DESTDIR}/etc/syslog.conf
66*.err;kern.warning;auth.notice;mail.crit                /dev/console
67EOF
68
69	cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
70ChallengeResponseAuthentication no
71X11Forwarding no
72AcceptEnv LANG
73Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
74AllowAgentForwarding no
75ClientAliveInterval 420
76EOF
77
78	cat << EOF >> ${DESTDIR}/etc/crontab
790       3       *       *       *       root    /usr/sbin/freebsd-update cron
80EOF
81
82	cat << EOF >> ${DESTDIR}/etc/sysctl.conf
83net.inet.icmp.drop_redirect=1
84net.inet.ip.redirect=0
85net.inet.tcp.blackhole=2
86net.inet.udp.blackhole=1
87kern.ipc.somaxconn=1024
88debug.trace_on_panic=1
89debug.debugger_on_panic=0
90EOF
91
92	## XXX: Verify this is needed.  I do not see this requirement
93	## in the docs, and it impairs the ability to boot-test a copy
94	## of the image prior to packaging for upload to GCE.
95	#sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys
96
97	touch ${DESTDIR}/firstboot
98
99	return 0
100}
101