diyIT/FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Feb 25, 2020

Browse Source
This commit is contained in:
Charlie Root
2020-02-25 11:28:31 -08:00
commit f26cf87f5a
436 changed files with 67904 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
configs/etc/defaults/devfs.rules Normal file
View File

@ -0,0 +1,112 @@
#
# The following are some default rules for devfs(5) mounts.
# The format is very simple. Empty lines and lines beginning
# with a hash '#' are ignored. If the hash mark occurs anywhere
# other than the beginning of a line, it and any subsequent
# characters will be ignored. A line in between brackets '[]'
# denotes the beginning of a ruleset. In the brackets should
# be a name for the rule and its ruleset number. Any other lines
# will be considered to be the 'action' part of a rule
# passed to the devfs(8) command. These will be passed
# "as-is" to the devfs(8) command with the exception that
# any references to other rulesets will be expanded first. These
# references must include a dollar sign '$' in front of the
# name to be expanded properly.
#
# $FreeBSD: releng/12.1/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
#
# Very basic and secure ruleset: Hide everything.
# Used as a basis for other rules.
#
[devfsrules_hide_all=1]
add hide
# Basic devices typically necessary.
# Requires: devfsrules_hide_all
#
[devfsrules_unhide_basic=2]
add path log unhide
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide
# Devices typically needed to support logged-in users.
# Requires: devfsrules_hide_all
#
[devfsrules_unhide_login=3]
add path 'ptyp*' unhide
add path 'ptyq*' unhide
add path 'ptyr*' unhide
add path 'ptys*' unhide
add path 'ptyP*' unhide
add path 'ptyQ*' unhide
add path 'ptyR*' unhide
add path 'ptyS*' unhide
add path 'ptyl*' unhide
add path 'ptym*' unhide
add path 'ptyn*' unhide
add path 'ptyo*' unhide
add path 'ptyL*' unhide
add path 'ptyM*' unhide
add path 'ptyN*' unhide
add path 'ptyO*' unhide
add path 'ttyp*' unhide
add path 'ttyq*' unhide
add path 'ttyr*' unhide
add path 'ttys*' unhide
add path 'ttyP*' unhide
add path 'ttyQ*' unhide
add path 'ttyR*' unhide
add path 'ttyS*' unhide
add path 'ttyl*' unhide
add path 'ttym*' unhide
add path 'ttyn*' unhide
add path 'ttyo*' unhide
add path 'ttyL*' unhide
add path 'ttyM*' unhide
add path 'ttyN*' unhide
add path 'ttyO*' unhide
add path ptmx unhide
add path pts unhide
add path 'pts/*' unhide
add path fd unhide
add path 'fd/*' unhide
add path stdin unhide
add path stdout unhide
add path stderr unhide
# Devices usually found in a jail.
#
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path fuse unhide
add path zfs unhide
[usbrules=100]
add path 'usbctl' mode 660 group uucp
add path 'usb/*' mode 660 group uucp
add path 'ttyU*' mode 660 group uucp
[serial_usb_rules=1000]
add include $devfsrules_jail
add path 'cuau*' unhide
add path 'cuaU*' unhide
add path 'ttyu*' unhide
add path 'ttyU*' unhide
add path 'usb*' unhide
add path 'usb/*' unhide
[devfs_rules_bhyve_jail=2000]
add include $devfsrules_jail
add path vmm unhide
add path vmm/* unhide
add path vmm.io unhide
add path vmm.io/* unhide
add path tap* unhide
add path zvol/ship/raw/* unhide
add path nmdm* unhide

407
configs/etc/defaults/periodic.conf Normal file
View File

@ -0,0 +1,407 @@
#!/bin/sh
#
# This is defaults/periodic.conf - a file full of useful variables that
# you can set to change the default behaviour of periodic jobs on your
# system. You should not edit this file! Put any overrides into one of the
# $periodic_conf_files instead and you will be able to update these defaults
# later without spamming your local configuration information.
#
# The $periodic_conf_files files should only contain values which override
# values set in this file. This eases the upgrade path when defaults
# are changed and new features are added.
#
# For a more detailed explanation of all the periodic.conf variables, please
# refer to the periodic.conf(5) manual page.
#
# $FreeBSD: releng/12.1/usr.sbin/periodic/periodic.conf 337648 2018-08-11 17:11:08Z brd $
#
# What files override these defaults ?
periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
# periodic script dirs
local_periodic="/usr/local/etc/periodic"
# Max time to sleep to avoid causing congestion on download servers
anticongestion_sleeptime=3600
# Daily options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $daily_output might be set to /var/log/daily.log if you
# wish to log the daily output and have the files rotated by newsyslog(8)
#
daily_output="root" # user or /file
daily_show_success="YES" # scripts returning 0
daily_show_info="YES" # scripts returning 1
daily_show_badconfig="YES" # scripts returning 2
# 100.clean-disks
daily_clean_disks_enable="NO" # Delete files daily
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
daily_clean_disks_days=3 # If older than this
daily_clean_disks_verbose="YES" # Mention files deleted
# 110.clean-tmps
daily_clean_tmps_enable="NO" # Delete stuff daily
daily_clean_tmps_dirs="/tmp" # Delete under here
daily_clean_tmps_days="3" # If not accessed for
daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal"
# Don't delete these
daily_clean_tmps_verbose="YES" # Mention files deleted
# 120.clean-preserve
daily_clean_preserve_enable="YES" # Delete files daily
daily_clean_preserve_days=7 # If not modified for
daily_clean_preserve_verbose="YES" # Mention files deleted
# 130.clean-msgs
daily_clean_msgs_enable="YES" # Delete msgs daily
daily_clean_msgs_days= # If not modified for
# 140.clean-rwho
daily_clean_rwho_enable="YES" # Delete rwho daily
daily_clean_rwho_days=7 # If not modified for
daily_clean_rwho_verbose="YES" # Mention files deleted
# 150.clean-hoststat
daily_clean_hoststat_enable="YES" # Purge sendmail host
# status cache daily
# 200.backup-passwd
daily_backup_passwd_enable="YES" # Backup passwd & group
# 210.backup-aliases
daily_backup_aliases_enable="YES" # Backup mail aliases
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
# 310.accounting
daily_accounting_enable="YES" # Rotate acct files
daily_accounting_compress="NO" # Gzip rotated files
daily_accounting_flags=-q # Flags to /usr/sbin/sa
daily_accounting_save=3 # How many files to save
# 330.news
daily_news_expire_enable="YES" # Run news.expire
# 400.status-disks
daily_status_disks_enable="NO" # Check disk status
daily_status_disks_df_flags="-l -h" # df(1) flags for check
# 401.status-graid
daily_status_graid_enable="NO" # Check graid(8)
# 404.status-zfs
daily_status_zfs_enable="YES" # Check ZFS
daily_status_zfs_zpool_list_enable="YES" # List ZFS pools
# 406.status-gmirror
daily_status_gmirror_enable="NO" # Check gmirror(8)
# 407.status-graid3
daily_status_graid3_enable="NO" # Check graid3(8)
# 408.status-gstripe
daily_status_gstripe_enable="NO" # Check gstripe(8)
# 409.status-gconcat
daily_status_gconcat_enable="NO" # Check gconcat(8)
# 410.status-mfi
daily_status_mfi_enable="NO" # Check mfiutil(8)
# 420.status-network
daily_status_network_enable="NO" # Check network status
daily_status_network_usedns="YES" # DNS lookups are ok
daily_status_network_netstat_flags="-d" # netstat(1) flags
# 430.status-uptime
daily_status_uptime_enable="YES" # Check system uptime
# 440.status-mailq
daily_status_mailq_enable="YES" # Check mail status
daily_status_mailq_shorten="NO" # Shorten output
daily_status_include_submit_mailq="YES" # Also submit queue
# 450.status-security
daily_status_security_enable="YES" # Security check
# See also "Security options" below for more options
daily_status_security_inline="NO" # Run inline ?
daily_status_security_output="root" # user or /file
# 460.status-mail-rejects
daily_status_mail_rejects_enable="YES" # Check mail rejects
daily_status_mail_rejects_logs=3 # How many logs to check
daily_status_mail_rejects_shorten="NO" # Shorten output
# 480.leapfile-ntpd
daily_ntpd_leapfile_enable="YES" # Fetch NTP leapfile
# 480.status-ntpd
daily_status_ntpd_enable="NO" # Check NTP status
# 500.queuerun
daily_queuerun_enable="YES" # Run mail queue
daily_submit_queuerun="YES" # Also submit queue
# 510.status-world-kernel
daily_status_world_kernel="YES" # Check the running
# userland/kernel version
# 800.scrub-zfs
daily_scrub_zfs_enable="YES"
daily_scrub_zfs_pools="" # empty string selects all pools
daily_scrub_zfs_default_threshold="35" # days between scrubs
#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold
# 999.local
daily_local="/etc/daily.local" # Local scripts
# Weekly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $weekly_output might be set to /var/log/weekly.log if you
# wish to log the weekly output and have the files rotated by newsyslog(8)
#
weekly_output="root" # user or /file
weekly_show_success="YES" # scripts returning 0
weekly_show_info="YES" # scripts returning 1
weekly_show_badconfig="NO" # scripts returning 2
# 310.locate
weekly_locate_enable="YES" # Update locate weekly
# 320.whatis
weekly_whatis_enable="YES" # Update whatis weekly
# 340.noid
weekly_noid_enable="NO" # Find unowned files
weekly_noid_dirs="/" # Look here
# 450.status-security
weekly_status_security_enable="YES" # Security check
# See also "Security options" above for more options
weekly_status_security_inline="NO" # Run inline ?
weekly_status_security_output="root" # user or /file
# 999.local
weekly_local="/etc/weekly.local" # Local scripts
# Monthly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $monthly_output might be set to /var/log/monthly.log if you
# wish to log the monthly output and have the files rotated by newsyslog(8)
#
monthly_output="root" # user or /file
monthly_show_success="YES" # scripts returning 0
monthly_show_info="YES" # scripts returning 1
monthly_show_badconfig="NO" # scripts returning 2
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
# 450.status-security
monthly_status_security_enable="YES" # Security check
# See also "Security options" above for more options
monthly_status_security_inline="NO" # Run inline ?
monthly_status_security_output="root" # user or /file
# 999.local
monthly_local="/etc/monthly.local" # Local scripts
# Security options
security_show_success="YES" # scripts returning 0
security_show_info="YES" # scripts returning 1
security_show_badconfig="NO" # scripts returning 2
# These options are used by the security periodic(8) scripts spawned in
# daily and weekly 450.status-security.
security_status_logdir="/var/log" # Directory for logs
security_status_diff_flags="-b -u" # flags for diff output
# Each of the security_status_*_period options below can have one of the
# following values:
# - NO: do not run at all
# - daily: only run during the daily security status
# - weekly: only run during the weekly security status
# - monthly: only run during the monthly security status
# Note that if periodic security scripts are run from crontab(5) directly,
# they will be run unless _enable or _period is set to "NO".
# 100.chksetuid
security_status_chksetuid_enable="NO"
security_status_chksetuid_period="daily"
# 110.neggrpperm
security_status_neggrpperm_enable="YES"
security_status_neggrpperm_period="daily"
# 200.chkmounts
security_status_chkmounts_enable="YES"
security_status_chkmounts_period="daily"
#security_status_chkmounts_ignore="^amd:" # Don't check matching
# FS types
security_status_noamd="NO" # Don't check amd mounts
# 300.chkuid0
security_status_chkuid0_enable="YES"
security_status_chkuid0_period="daily"
# 400.passwdless
security_status_passwdless_enable="YES"
security_status_passwdless_period="daily"
# 410.logincheck
security_status_logincheck_enable="YES"
security_status_logincheck_period="daily"
# 500.ipfwdenied
security_status_ipfwdenied_enable="YES"
security_status_ipfwdenied_period="daily"
# 510.ipfdenied
security_status_ipfdenied_enable="YES"
security_status_ipfdenied_period="daily"
# 520.pfdenied
security_status_pfdenied_enable="YES"
security_status_pfdenied_period="daily"
# 550.ipfwlimit
security_status_ipfwlimit_enable="YES"
security_status_ipfwlimit_period="daily"
# 610.ipf6denied
security_status_ipf6denied_enable="YES"
security_status_ipf6denied_period="daily"
# 700.kernelmsg
security_status_kernelmsg_enable="YES"
security_status_kernelmsg_period="daily"
# 800.loginfail
security_status_loginfail_enable="YES"
security_status_loginfail_period="daily"
# 900.tcpwrap
security_status_tcpwrap_enable="YES"
security_status_tcpwrap_period="daily"
# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
# scripts to source defaults/periodic.conf overrides safely.
if [ -z "${source_periodic_confs_defined}" ]; then
source_periodic_confs_defined=yes
# Sleep for a random amount of time in order to mitigate the thundering
# herd problem of multiple hosts running periodic simultaneously.
# Will not sleep when used interactively.
# Will sleep at most once per invocation of periodic
anticongestion() {
[ -n "$PERIODIC_IS_INTERACTIVE" ] && return
if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
rm -f $PERIODIC_ANTICONGESTION_FILE
sleep `jot -r 1 0 ${anticongestion_sleeptime}`
fi
}
# Compatibility with old daily variable names.
# They can be removed in stable/11.
security_daily_compat_var() {
local var=$1 dailyvar value
dailyvar=daily_status_security${var#security_status}
periodvar=${var%enable}period
eval value=\"\$$dailyvar\"
[ -z "$value" ] && return
echo "Warning: Variable \$$dailyvar is deprecated," \
"use \$$var instead." >&2
case "$value" in
[Yy][Ee][Ss])
eval $var=YES
eval $periodvar=daily
;;
*)
eval $var=\"$value\"
;;
esac
}
check_yesno_period() {
local var="$1" periodvar value period
eval value=\"\$$var\"
case "$value" in
[Yy][Ee][Ss]) ;;
*) return 1 ;;
esac
periodvar=${var%enable}period
eval period=\"\$$periodvar\"
case "$PERIODIC" in
"security daily")
case "$period" in
[Dd][Aa][Ii][Ll][Yy]) return 0 ;;
*) return 1 ;;
esac
;;
"security weekly")
case "$period" in
[Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
*) return 1 ;;
esac
;;
"security monthly")
case "$period" in
[Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
*) return 1 ;;
esac
;;
security)
# Run directly from crontab(5).
case "$period" in
[Nn][Oo]) return 1 ;;
*) return 0 ;;
esac
;;
'')
# Script run manually.
return 0
;;
*)
echo "ASSERTION FAILED: Unexpected value for" \
"\$PERIODIC: '$PERIODIC'" >&2
exit 127
;;
esac
}
source_periodic_confs() {
local i sourced_files
for i in ${periodic_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
[ -r $i ] && . $i
;;
esac
done
}
fi

76
configs/etc/freebsd-update.conf Normal file
View File

@ -0,0 +1,76 @@
# $FreeBSD: releng/12.1/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
#Components src world kernel
# Example for updating the userland and the kernel source code only:
Components src world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no

12
configs/etc/fstab Normal file
View File

@ -0,0 +1,12 @@
# Device Mountpoint FStype Options Dump Pass#
/dev/ada2p3 none swap sw 0 0
/dev/ada3p3 none swap sw 0 0
#/dev/da0p1 none swap sw 0 0
/dev/da1p1 none swap sw 0 0
/dev/da2p1 none swap sw 0 0
/dev/da3p1 none swap sw 0 0
/dev/da4p1 none swap sw 0 0
#/dev/da5p1 none swap sw 0 0
#/dev/da6p1 none swap sw 0 0
#/dev/da7p1 none swap sw 0 0
fdescfs /dev/fd fdescfs rw 0 0

324
configs/etc/login.conf Normal file
View File

@ -0,0 +1,324 @@
# login.conf - login class capabilities database.
#
# Remember to rebuild the database after each change to this file:
#
# cap_mkdb /etc/login.conf
#
# This file controls resource limits, accounting limits and
# default user environment settings.
#
# $FreeBSD: releng/12.1/usr.bin/login/login.conf 338399 2018-08-30 15:52:03Z brd $
#
# Default settings effectively disable resource limits, see the
# examples below for a starting point to enable them.
# defaults
# These settings are used by login(1) by default for classless users
# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
#
# Note that since a colon ':' is used to separate capability entries,
# a \c escape sequence must be used to embed a literal colon in the
# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
# AND SEMANTICS'' section of getcap(3) for more escape sequences).
default:\
:passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
:nologin=/var/run/nologin:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=64K:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:swapuse=unlimited:\
:pseudoterminals=unlimited:\
:kqueues=unlimited:\
:umtxp=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:\
:charset=UTF-8:\
:lang=en_US.UTF-8:
#
# A collection of common class names - forward them all to 'default'
# (login would normally do this anyway, but having a class name
# here suppresses the diagnostic)
#
standard:\
:tc=default:
xuser:\
:tc=default:
staff:\
:tc=default:
daemon:\
:memorylocked=128M:\
:tc=default:
news:\
:tc=default:
dialer:\
:tc=default:
#
# Root can always login
#
# N.B. login_getpwclass(3) will use this entry for the root account,
# in preference to 'default'.
root:\
:ignorenologin:\
:memorylocked=unlimited:\
:tc=default:
#
# Russian Users Accounts. Setup proper environment variables.
#
russian|Russian Users Accounts:\
:charset=UTF-8:\
:lang=ru_RU.UTF-8:\
:tc=default:
######################################################################
######################################################################
##
## Example entries
##
######################################################################
######################################################################
## Example defaults
## These settings are used by login(1) by default for classless users
## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
#
#default:\
# :cputime=infinity:\
# :datasize-cur=22M:\
# :stacksize-cur=8M:\
# :memorylocked-cur=10M:\
# :memoryuse-cur=30M:\
# :filesize=infinity:\
# :coredumpsize=infinity:\
# :maxproc-cur=64:\
# :openfiles-cur=64:\
# :priority=0:\
# :requirehome@:\
# :umask=022:\
# :tc=auth-defaults:
#
#
##
## standard - standard user defaults
##
#standard:\
# :copyright=/etc/COPYRIGHT:\
# :welcome=/etc/motd:\
# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
# :path=~/bin /bin /usr/bin /usr/local/bin:\
# :manpath=/usr/share/man /usr/local/man:\
# :nologin=/var/run/nologin:\
# :cputime=1h30m:\
# :datasize=8M:\
# :vmemoryuse=100M:\
# :stacksize=2M:\
# :memorylocked=4M:\
# :memoryuse=8M:\
# :filesize=8M:\
# :coredumpsize=8M:\
# :openfiles=24:\
# :maxproc=32:\
# :priority=0:\
# :requirehome:\
# :passwordtime=90d:\
# :umask=002:\
# :ignoretime@:\
# :tc=default:
#
#
##
## users of X (needs more resources!)
##
#xuser:\
# :manpath=/usr/share/man /usr/local/man:\
# :cputime=4h:\
# :datasize=12M:\
# :vmemoryuse=infinity:\
# :stacksize=4M:\
# :filesize=8M:\
# :memoryuse=16M:\
# :openfiles=32:\
# :maxproc=48:\
# :tc=standard:
#
#
##
## Staff users - few restrictions and allow login anytime
##
#staff:\
# :ignorenologin:\
# :ignoretime:\
# :requirehome@:\
# :accounted@:\
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :umask=022:\
# :tc=standard:
#
#
##
## root - fallback for root logins
##
#root:\
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :cputime=infinity:\
# :datasize=infinity:\
# :stacksize=infinity:\
# :memorylocked=infinity:\
# :memoryuse=infinity:\
# :filesize=infinity:\
# :coredumpsize=infinity:\
# :openfiles=infinity:\
# :maxproc=infinity:\
# :memoryuse-cur=32M:\
# :maxproc-cur=64:\
# :openfiles-cur=1024:\
# :priority=0:\
# :requirehome@:\
# :umask=022:\
# :tc=auth-root-defaults:
#
#
##
## Settings used by /etc/rc
##
#daemon:\
# :coredumpsize@:\
# :coredumpsize-cur=0:\
# :datasize=infinity:\
# :datasize-cur@:\
# :maxproc=512:\
# :maxproc-cur@:\
# :memoryuse-cur=64M:\
# :memorylocked-cur=64M:\
# :openfiles=1024:\
# :openfiles-cur@:\
# :stacksize=16M:\
# :stacksize-cur@:\
# :tc=default:
#
#
##
## Settings used by news subsystem
##
#news:\
# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :cputime=infinity:\
# :filesize=128M:\
# :datasize-cur=64M:\
# :stacksize-cur=32M:\
# :coredumpsize-cur=0:\
# :maxmemorysize-cur=128M:\
# :memorylocked=32M:\
# :maxproc=128:\
# :openfiles=256:\
# :tc=default:
#
#
##
## The dialer class should be used for a dialup PPP account
## Welcome messages/news suppressed
##
#dialer:\
# :hushlogin:\
# :requirehome@:\
# :cputime=unlimited:\
# :filesize=2M:\
# :datasize=2M:\
# :stacksize=4M:\
# :coredumpsize=0:\
# :memoryuse=4M:\
# :memorylocked=1M:\
# :maxproc=16:\
# :openfiles=32:\
# :tc=standard:
#
#
##
## Site full-time 24/7 PPP connection
## - no time accounting, restricted to access via dialin lines
##
#site:\
# :ignoretime:\
# :passwordtime@:\
# :refreshtime@:\
# :refreshperiod@:\
# :sessionlimit@:\
# :autodelete@:\
# :expireperiod@:\
# :graceexpire@:\
# :gracetime@:\
# :warnexpire@:\
# :warnpassword@:\
# :idletime@:\
# :sessiontime@:\
# :daytime@:\
# :weektime@:\
# :monthtime@:\
# :warntime@:\
# :accounted@:\
# :tc=dialer:\
# :tc=staff:
#
#
##
## Example standard accounting entries for subscriber levels
##
#
#subscriber|Subscribers:\
# :accounted:\
# :refreshtime=180d:\
# :refreshperiod@:\
# :sessionlimit@:\
# :autodelete=30d:\
# :expireperiod=180d:\
# :graceexpire=7d:\
# :gracetime=10m:\
# :warnexpire=7d:\
# :warnpassword=7d:\
# :idletime=30m:\
# :sessiontime=4h:\
# :daytime=6h:\
# :weektime=40h:\
# :monthtime=120h:\
# :warntime=4h:\
# :tc=standard:
#
#
##
## Subscriber accounts. These accounts have their login times
## accounted and have access limits applied.
##
#subppp|PPP Subscriber Accounts:\
# :tc=dialer:\
# :tc=subscriber:
#
#
#subshell|Shell Subscriber Accounts:\
# :tc=subscriber:
#
##
## If you want some of the accounts to use traditional UNIX DES based
## password hashes.
##
#des_users:\
# :passwd_format=des:\
# :tc=default:

105
configs/etc/ntp.conf Normal file
View File

@ -0,0 +1,105 @@
#
# $FreeBSD: releng/12.1/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 17:42:42Z brd $
#
# Default NTP servers for the FreeBSD operating system.
#
# Don't forget to enable ntpd in /etc/rc.conf with:
# ntpd_enable="YES"
#
# The driftfile is by default /var/db/ntpd.drift, check
# /etc/defaults/rc.conf on how to change the location.
#
#
# Set the target and limit for adding servers configured via pool statements
# or discovered dynamically via mechanisms such as broadcast and manycast.
# Ntpd automatically adds maxclock-1 servers from configured pools, and may
# add as many as maxclock*2 if necessary to ensure that at least minclock
# servers are providing good consistant time.
#
tos minclock 3 maxclock 6
#
# The following pool statement will give you a random set of NTP servers
# geographically close to you. A single pool statement adds multiple
# servers from the pool, according to the tos minclock/maxclock targets.
# See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages
# users with a static IP and good upstream NTP servers to add a server
# to the pool. See http://www.pool.ntp.org/join.html if you are interested.
#
# The option `iburst' is used for faster initial synchronization.
#
#pool 0.freebsd.pool.ntp.org iburst
#
# If you want to pick yourself which country's public NTP server
# you want to sync against, comment out the above pool, uncomment
# the next one, and replace CC with the country's abbreviation.
# Make sure that the hostname resolves to a proper IP address!
#
# pool 0.CC.pool.ntp.org iburst
#
# To configure a specific server, such as an organization-wide local
# server, add lines similar to the following. One or more specific
# servers can be configured in addition to, or instead of, any server
# pools specified above. When both are configured, ntpd first adds all
# the specific servers, then adds servers from the pool until the tos
# minclock/maxclock targets are met.
#
#server time.my-internal.org iburst
server 192.168.0.5 iburst
#
# Security:
#
# By default, only allow time queries and block all other requests
# from unauthenticated clients.
#
# The "restrict source" line allows peers to be mobilized when added by
# ntpd from a pool, but does not enable mobilizing a new peer association
# by other dynamic means (broadcast, manycast, ntpq commands, etc).
#
# See http://support.ntp.org/bin/view/Support/AccessRestrictions
# for more information.
#
restrict default limited kod nomodify notrap noquery nopeer
restrict source limited kod nomodify notrap noquery
#
# Alternatively, the following rules would block all unauthorized access.
#
#restrict default ignore
#
# In this case, all remote NTP time servers also need to be explicitly
# allowed or they would not be able to exchange time information with
# this server.
#
# Please note that this example doesn't work for the servers in
# the pool.ntp.org domain since they return multiple A records.
#
#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
#
# The following settings allow unrestricted access from the localhost
restrict 127.0.0.1
restrict ::1
#
# If a server loses sync with all upstream servers, NTP clients
# no longer follow that server. The local clock can be configured
# to provide a time source when this happens, but it should usually
# be configured on just one server on a network. For more details see
# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
# The use of Orphan Mode may be preferable.
#
#server 127.127.1.0
#fudge 127.127.1.0 stratum 10
# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
# for documentation regarding leapfile. Updates to the file can be obtained
# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.
#leapfile "/etc/ntp/leap-seconds"
leapfile "/var/db/ntpd.leap-seconds.list"

20
configs/etc/profile Normal file
View File

@ -0,0 +1,20 @@
# $FreeBSD: releng/12.1/bin/sh/profile 337849 2018-08-15 14:41:24Z brd $
#
# System-wide .profile file for sh(1).
#
# Uncomment this to give you the default 4.2 behavior, where disk
# information is shown in K-Blocks
# BLOCKSIZE=K; export BLOCKSIZE
#
# For the setting of languages and character sets please see
# login.conf(5) and in particular the charset and lang options.
# For full locales list check /usr/share/locale/*
# You should also read the setlocale(3) man page for information
# on how to achieve more precise control of locale settings.
#
# Check system messages
# msgs -q
# Allow terminal messages
# mesg y
LANG=en_US.UTF-8; export LANG
CHARSET=UTF-8; export CHARSET

85
configs/etc/rc.conf Normal file
View File

@ -0,0 +1,85 @@
zfs_enable="YES"
kld_list="nmdm vmm ipfw"
# Do not mark to autodetach otherwise ZFS gets very unhappy.
geli_autodetach="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="/dev/ada2p3"
dumpdir="/var/crash"
savecore_enable="YES"
# Turbo boost
performance_cpu_freq="HIGH"
ntpd_sync_on_start="YES"
ntpd_enable="YES"
powerd_enable="YES"
powerd_flags="-a hiadaptive -n hiadaptive -m 2500 -M 3300"
smartd_enable="YES"
nut_enable="YES"
#dbus_enable="YES"
firewall_enable="NO"
firewall_type="open"
firewall_logging="YES"
firewall_logif="YES"
# interfaces
cloned_interfaces_sticky="YES"
cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9"
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
ifconfig_igb0="up"
ifconfig_igb1="up"
vlans_lagg0="1 2 5 9"
ipv6_activate_all_interfaces="YES"
rtsold_enable="YES"
ifconfig_lagg0_1="inet 192.168.0.10/24"
ifconfig_lagg0_1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv"
ifconfig_lagg0_2="inet 192.168.1.10/24"
ifconfig_lagg0_2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv"
ifconfig_lagg0_5="inet 192.168.2.10/24"
ifconfig_lagg0_5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv"
ifconfig_lagg0_9="inet 192.168.200.10/24"
ifconfig_lagg0_9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv"
ifconfig_bridge1="addm lagg0.1 up"
ifconfig_bridge2="addm lagg0.2 up"
ifconfig_bridge5="addm lagg0.5 up"
ifconfig_bridge9="addm lagg0.9 up"
defaultrouter="192.168.0.5"
ipv6_defaultrouter="2603:3024:3f6:e1::5"
# interfaces
hostname="nas.ahlawat.com"
syslogd_enable="YES"
syslogd_flags="-ss"
syslog_ng_enable="NO"
syslog_ng_config="-u daemon"
syslog_ng_pid="/var/run/syslog-ng.pid"
sendmail_enable="NO"
sendmail_outbound_enable="NO"
sendmail_submit_enable="YES"
sendmail_msp_queue_enable="YES"
sshd_enable="YES"
iocage_enable="YES"
devfs_system_ruleset="usbrules"
node_exporter_enable="YES"
node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*"
gstat_exporter_enable="YES"

1
configs/etc/resolvconf.conf Normal file
View File

@ -0,0 +1 @@
export name_servers=192.168.0.5

113
configs/etc/sysctl.conf Normal file
View File

@ -0,0 +1,113 @@
# $FreeBSD: releng/12.1/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
security.bsd.see_other_uids=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=1
vfs.zfs.min_auto_ashift=12
kern.coredump=1
kern.sugid_coredump=1
kern.sched.interact=5
kern.sched.slice=3
vfs.read_max=128
vfs.timestamp_precision=3
net.link.tap.up_on_open=1
#net.link.lagg.lacp.default_strict_mode=0
net.inet.ip.fw.verbose_limit=5
dev.igb.0.fc=0
dev.igb.1.fc=0
#dev.igb.0.eee_control=0
#dev.igb.1.eee_control=0
# breaks the igb driver
hw.intr_storm_threshold=9000
kern.ipc.maxsockbuf=16777216
kern.ipc.shm_use_phys=1
kern.ipc.soacceptqueue=1024
kern.maxvnodes=4194304
kern.random.harvest.mask=351
kern.threads.max_threads_per_proc=9000
net.bpf.optimize_writers=1
net.inet.icmp.drop_redirect=1
net.inet.icmp.icmplim=512
net.inet.icmp.icmplim_output=0
net.inet.ip.forwarding=1
net.inet.ip.maxfragpackets=0
net.inet.ip.maxfragsperpacket=0
net.inet.ip.random_id=1
net.inet.ip.redirect=0
net.inet.raw.maxdgram=131072
net.inet.raw.recvspace=131072
net.inet.tcp.abc_l_var=44
net.inet.tcp.blackhole=2
net.inet.tcp.cc.abe=1
net.inet.tcp.cc.algorithm=cubic
#net.inet.tcp.cc.htcp.adaptive_backoff=1
#net.inet.tcp.cc.htcp.rtt_scaling=1
net.inet.tcp.delacktime=20
net.inet.tcp.drop_synfin=1
net.inet.tcp.initcwnd_segments=44
net.inet.tcp.keepidle=10000
net.inet.tcp.keepintvl=5000
net.inet.tcp.minmss=524
net.inet.tcp.msl=2500
net.inet.tcp.mssdflt=1448
net.inet.tcp.nolocaltimewait=1
net.inet.tcp.path_mtu_discovery=0
net.inet.tcp.reass.maxqueuelen=1448
net.inet.tcp.recvbuf_inc=65536
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.recvspace=262144
net.inet.tcp.rfc6675_pipe=1
net.inet.tcp.sendbuf_inc=32768
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.sendspace=262144
net.inet.tcp.syncache.rexmtlimit=0
net.inet.tcp.syncookies=0
net.inet.tcp.tso=0
net.inet.udp.blackhole=1
net.inet.udp.maxdgram=57344
net.inet6.icmp6.nodeinfo=0
net.inet6.ip6.accept_rtadv=1
net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.prefer_tempaddr=1
net.inet6.ip6.forwarding=1
net.inet6.ip6.maxfragpackets=0
net.inet6.ip6.maxfrags=0
net.inet6.ip6.redirect=0
net.link.bridge.pfil_bridge=0
net.link.bridge.pfil_member=0
net.link.bridge.pfil_onlyip=0
net.local.stream.recvspace=164240
net.local.stream.sendspace=164240
net.route.netisr_maxqlen=2048
net.raw.recvspace=65536
net.raw.sendspace=65536
vfs.zfs.arc_max=51539607552
vfs.zfs.delay_min_dirty_percent=96
vfs.zfs.dirty_data_max=12884901888
vfs.zfs.prefetch_disable=0
vfs.zfs.top_maxinflight=128
vfs.zfs.trim.txg_delay=2
vfs.zfs.txg.timeout=90
vfs.zfs.vdev.aggregation_limit=1048576
vfs.zfs.vdev.write_gap_limit=0
# no l2arc
#vfs.zfs.l2arc_write_boost=402653184
#vfs.zfs.l2arc_write_max=402653184
net.inet.tcp.functions_default=rack
net.inet.tcp.rack.tlpmethod=3
net.inet.tcp.rack.data_after_close=0
# Verify RACK
# sysctl net.inet.tcp.functions_available
# sysctl net.inet.tcp.rack.