source: hybrid/branches/releng-10/nanobsd/cfg/nanobsd.wleiden@ 13426

## Dit is een NanoBSD configuratie-template voor WirelessLeiden.   

## Instellingen weergegeven binnen dit bestand gelden als 

## standaard binnen de organisatie.



# Little hack to allow proper secify of KERNL/PKG location

if [ -n "$NANO_CFG_FILE" ]; then

  NANO_CONF_DIR=$(cd $(dirname $NANO_CFG_FILE); pwd -P)

else

  NANO_CONF_DIR=$(cd $(dirname $2); pwd -P)

fi



# object naam in /usr/obj/nanobsd.{obj}

NANO_NAME=wleiden-hybrid

NANO_SRC=/usr/src               # nanobsd source tree

NANO_TOOLS=$(pwd)

NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand

NANO_IMAGES=2                   # aantal nanobsd code slices/installs (1/2)   



NANO_CONFSIZE=20480             # Volume van de config slice (10MB) in 512bs

NANO_DATASIZE=0                 # volume van de data slice, 0 = not configured

NANO_CODESIZE=0                 # Let buildscript the operating system slice as large as posible 

NANO_RAM_TMPVARSIZE=102400      # Volume of combined var & tmp slice (50MB) in 512bs



NANO_LABEL=WLIMG

NANO_NEWFS="-b 4096 -f 512 -i 8192"   # Overwrite the default stettings to disable Soft-updates





#XXX: Eeks, fixed packages, needs building a hook to allow building the package

# of the shelfs if needed, copy to right directory, done. With only input needed

# a list of ports in the format like net/net-snmp

NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All

NANO_PACKAGE_LIST="*"





# Wireless Leiden ports from $WL_PORTSDIR are copied OVER $PORTSDIR

PORTSDIR='/usr/ports'

WL_PORTSDIR="$NANO_CONF_DIR/../ports/"



# Dirty quirk to allow comments in part below

PACKAGE_LIST=`cat <<EOF | sed -e 's/#.*$//g' | xargs

benchmarks/iperf

devel/py-yaml

editors/vim-lite

dns/dnsmasq

dns/nsd

dns/unbound

ftp/curl

lang/python2

lang/python

net/ladvd

net-mgmt/iftop

net-mgmt/net-snmp

net/mtr

net/isc-dhcp42-server

net/pen 

ports-mgmt/pkg

security/sudo

security/ca_root_nss

sysutils/screen

sysutils/ucspi-tcp

www/apache24

www/tinyproxy



# Extra WL ports

net/lvrouted

`

# Package target

PKG_MAKE_ARGS="PACKAGES=$(dirname $NANO_PACKAGE_DIR) BATCH=yes PACKAGE_BUILDING=yes"



PKG_MAKE_CONF="

# www/py-cherrypy         - include apache templating

# net-mgmt/net-snmp       - no perl please (size)

# net-mgmt/nagios-plugins - no threading (single CPU)

# shells/bash-static      - logging via syslog

# net/mtr                 - no X11 (no screen)

# lang/ocaml              - no TK support (requires X11)

# devel/ocaml-findlib     - no TOOLBOX support (requires ocaml with TK support)

OPTIONS_SET=    APACHE FPING SYSLOG

OPTIONS_UNSET=  PERL PERL_EMBEDDED X11 TK TOOLBOX

"



##NANO_PACKAGE_LIST=



# Warning: set to 1 to debug make build errors

# Number of recurrent parrallel make builds

if `grep -q 'acpi0: <PRLS PRLS_OEM> on motherboard' /var/run/dmesg.boot`; then

  # Mac OS X Parallels virtual machine

  NANO_PMAKE="make -B"  

else

  # Default 2 times number of CPU's inside machine

  NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2`

  NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}"    

fi



# Starting from soekris bios version 1.31 upwards boot0sio does not seems work

# anymore, but boot0 does (weird)

NANO_BOOTLOADER="boot/boot0"



# Strip down to a more acceptable size

# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB)

NANO_PRUNE="$NANO_PRUNE usr/share/examples"

NANO_PRUNE="$NANO_PRUNE usr/share/syscons"

NANO_PRUNE="$NANO_PRUNE usr/share/calendar"

# NB!  usr/share/misc contains termcap, vi(1) etc fails to work without it.

# NANOBSD_PRUNE +=      usr/share/misc

NANO_PRUNE="$NANO_PRUNE usr/share/pcvt"

NANO_PRUNE="$NANO_PRUNE usr/share/me"

NANO_PRUNE="$NANO_PRUNE usr/share/doc"











# Opties parsed gedurende build & install world

# Also check man 3 src.conf for details

# Some flags are misleading, e.g. could only be installworld (e.g.), for details:

#     http://phk.freebsd.dk/misc/build_options/

# For details on make options also check:

#     /usr/src/share/mk/bsd.own.mk

CONF_COMMON='

# Specific enabled options

#WITHOUT_ACPI=YES                       # geen advanced configuration power interface

#WITHOUT_BIND=YES                       # geen bind tools, dns/named geinstalleerd

#WITHOUT_CXX=YES                        # Set to not build g++(1) and related libraries.

#WITHOUT_GROFF=YES                      # Set to not build groff(1).

#WITHOUT_INET6=YES                      # geen ondersteuning inet versie 6 architectuur

#WITHOUT_INFO=YES                       # geen info bestanden, readable online docs

#WITHOUT_IPFILTER=YES                   # geen ip filtering geinstalleerd

#WITHOUT_KLDLOAD=YES                    # do not allow loading of kernel modules

#WITHOUT_MAILWRAPPER=YES                # geen mailwrapper bij gebruik sendmail

#WITHOUT_MAN=YES                        # geen handleidingen gecompileerd

#WITHOUT_MISC=YES                       # geen misc sub directory

#WITHOUT_MODULES=YES                    # geen ondersteuning toevoegen modules

#WITHOUT_PAM=YES                        # geen ondersteuning pa modules

#WITHOUT_PF=YES                         # geen packet filtering geinstalleerd 

#WITHOUT_SHARE=YES                      # geen share sub directory 

#WITHOUT_USB=YES                        # geen ondersteuning usb modules

# Specific disabled options

WITHOUT_ATM=YES                         # geen ondersteuning Asynchronous Transfer Mode

WITHOUT_AUDIT=YES                       # geen event auditing / audit trails    

WITHOUT_AUTHPF=YES                      # geen authenticating gateway user shell

WITHOUT_BLUETOOTH=YES                   # geen ondersteuning Bluetooth modules

WITHOUT_CALENDAR=YES                    # geen calendar reminder service gecompileerd

WITHOUT_CDDL=YES                        # Set to not build code licensed under Sun CDDL. (also ZFS)

WITHOUT_CPP=YES                         # Set to not build cpp(1).

WITHOUT_CVS=YES                         # geen cvs tools geinstalleerd

WITHOUT_DICT=YES                        # geen dictionary ondersteuning

WITHOUT_EXAMPLES=YES                    # geen voorbeeld configuratiebestanden

WITHOUT_FORTRAN=YES                     # geen ondersteuning fortran compilers

WITHOUT_GAMES=YES                       # geen games gecompileerd

WITHOUT_GCOV=YES                        # geen gcov test coverage program

WITHOUT_GDB=YES                         # geen gnu debugger gecompileerd

WITHOUT_GPIB=YES                        # geen ondersteuning gpib kaarten

WITHOUT_HTML=YES                        # geen html help bestanden gecompileerd

WITHOUT_I4B=YES                         # geen ondersteuning voor isdn

WITHOUT_IPX=YES                         # geen ondersteuning ipx protocols

WITHOUT_KERBEROS=YES                    # geen ondersteuning Kerberos authenticatie

WITHOUT_LOCALES=YES                     # geen ondersteuning lokalisatie 

WITHOUT_LPR=YES                         # geen ondersteuning print services

WITHOUT_NIS=YES                         # geen ondersteuning network information system

WITHOUT_PROFILE=YES                     # Set to avoid compiling profiled libraries.

WITHOUT_RCMDS=YES                       # geen ondersteuning rcmds,

WITHOUT_RESCUE=YES                      # geen rescue bestanden gecompileerd

WITHOUT_SENDMAIL=YES                    # geen sendmail geinstalleerd   

WITHOUT_SHAREDOCS=YES                   # geen share/docs directories

WITHOUT_SYSCONS=YES                     # geen syscon devices gecompileerd

WITHOUT_UNBOUND=YES                     # Port version will be used if any is used

'



CONF_BUILD="

${CONF_COMMON}

"



CONF_INSTALL="

${CONF_COMMON}

WITHOUT_TOOLCHAIN=YES                   # geen freebsd toolchain

"





# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards

#FlashDevice sandisk  1g        # nanobsd flashdevice entry

#FlashDevice sandisk 512mb      # nanobsd flashdevice entry

#FlashDevice transcend 2g       # nanobsd flashdevice entry

# Calculated value of PEAK hardware 1GB CF card

# C/H/S phys 1954/16/63, logical 977/32/63    

# Mediasize is calculated as C*H*S*512        



# Using logical values reported by ALIX board

# values for PCEngines blanc 1 GB cards

# C/H/S phys 1966/16/63, logical 983/32/63

NANO_MEDIASIZE=`expr 1008451584 / 512`

NANO_HEADS=32                            

NANO_SECTS=63                            





# Version tagging

cust_version_tag() (

        VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" 

        (

        echo "Generated by `id -un`@`hostname -f` at `date`"

        echo "" 

        echo "=== CONFIG specifics ==="

        svn info ${NANO_CONF_DIR}/../ || exit 0

        svn diff ${NANO_CONF_DIR}/../ || exit 0

        echo "=== BEGIN CONFIG specifics ==="

        ) > $VERSION_FILE

)



# Takes a very long time (10+) minutes to generate this file on an ALIX board,

# not practical for quick debugging and configuration.

cust_openvpn_dhparam() (

        if [ -r ${NANO_CONF_DIR}/usr/local/bin/openvpn ]; then

                DHFILE=${NANO_WORLDDIR}/etc/easy-rsa-keys/dh1024.pem

                mkdir -p `dirname $DHFILE`

                openssl dhparam -out $DHFILE 1024

        fi

)







# Assuming we are running a safe envirionment where snooping could occur during or after the build

cust_set_root_password() (

        if [ -n "${CFG_ROOT_PASSWORD}" ]; then

                pprint 2 "Set root password using CFG_ROOT_PASSWORD variable"

                chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -n root"

        else

                pprint 2 "Root password is <blank>, no password provided at variable CFG_ROOT_PASSWORD"

        fi

)







# EXPERIMENTAL patch like envirionment

# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to 

# keep us as close as possible to the base OS

# Patches are applied to the directory they live in

#cust_apply_nanobsd_patches() (

#       for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do

#               cd `dirname ${PATCHFILE}`

#       patch -t -N -p0 -i `basename ${PATCHFILE}`

#               #XX: What to with installed patch files? Delete them for the  time beeing

#               rm -v ${PATCHFILE}

#done







#)







# Customize ntpd

cust_ntpd() (

        chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift"       

)





# Enable Serial TTYs

cust_serial_ttys() (

        chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[0-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys



        # Serial login is consided to be phycically secured, so no credentials are required

        chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyu0/s/std.9600/al.9600/' /etc/ttys

)



# Customize sudoers files

cust_sudo_rules() {

        chroot ${NANO_WORLDDIR} find /usr/local/etc/sudoers.d/ -type f -exec chmod 0640 {} \+

}







# Install files from specific relative location

cust_install_files () (

        cd ${NANO_CONF_DIR}/../files

        find . -print | grep -v -e /CVS -e .svn  | cpio -dumpv ${NANO_WORLDDIR}

)





# Make tools available for root by default

cust_root_bin_to_tools() {

        ln -s /tools ${NANO_WORLDDIR}/root/bin

}





# Prune no needed directories of image

cust_nano_prune () (

        cd ${NANO_WORLDDIR}

        for ENTRY in ${NANO_PRUNE}; do

                rm -vfR ${ENTRY}

        done

)



# We actually do need an seperate /tmp, so undo the symlinking done in

# setup_nanobsd()

late_cust_unset_common_var_and_tmp() (

        cd ${NANO_WORLDDIR}

        rm tmp

        mkdir -m 1777 tmp

)





# Fill /cfg wmth custom files, based on 'create_i386_diskimage ( )'

last_nano_fill_cfg () (

        # Variables to be used

        IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}

        MNT=${MAKEOBJDIRPREFIX}/_.mnt



        # Mount '/cfg' slize in image

        MD=`mdconfig -a -t vnode -f ${IMG}`

        mount /dev/${MD}s3 ${MNT}



        # Location of '/cfg' directory

        cd ${NANO_CONF_DIR}/../cfg-files

        find . -print | grep -v -e /CVS -e .svn  | cpio -dumpv ${MNT}

        

        

        # Leave in nice end state

        umount ${MNT}

        mdconfig -d -u ${MD}

) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1



last_nano_disk_usage () (

        # Variables to be used

        IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}

        MNT=${MAKEOBJDIRPREFIX}/_.mnt



        # Mount root slize 

        MD=`mdconfig -a -t vnode -f ${IMG}`

        mount /dev/${MD}s1a ${MNT}



        # Show disk usage (percent free) inc header

        pprint 2  $(df -h | head -1)

        pprint 2 "$(df -h | grep /dev/${MD})"



        # Leave in nice end state

        umount ${MNT}

        mdconfig -d -u ${MD}

)



last_orders () (

        last_nano_fill_cfg

        last_nano_disk_usage

)



# Ugly hack to 'escaping' pprint from inside a customize_cmd to output

# instead of a file

exec 3>/dev/stdout

# Progress Print

#       Print $2 at level $1 

pprint() {

    if [ "$1" -le $PPLEVEL ]; then

        printf "%.${1}s %s\n" "#####" "$2" 1>&3

    fi

}



# Cust macro`s gestart in onderstaande volgorde

# XXX: Determine size before installing all find of additions to see how much

# base we are actually using ## du -h -d 0

customize_cmd cust_pkgng

customize_cmd cust_install_files

customize_cmd cust_ntpd

customize_cmd cust_serial_ttys

customize_cmd cust_version_tag

customize_cmd cust_root_bin_to_tools

customize_cmd cust_allow_ssh_root

customize_cmd cust_openvpn_dhparam

customize_cmd cust_nano_prune

customize_cmd cust_set_root_password

customize_cmd cust_sudo_rules

#customize_cmd cust_apply_nanobsd_patches

late_customize_cmd late_cust_unset_common_var_and_tmp



# Standard overwrite

if [ -r "$NANO_CONF_DIR/nanobsd.local" ]; then

 . $NANO_CONF_DIR/nanobsd.local

fi



# Extra config if existing is not suffient

if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then

  for FILE in $EXTRA_NANOBSD_CONFIG; do

    # File relative to config directory

    if [ "`echo $FILE | cut -c1`" != "/" ]; then

      FILE=$NANO_CONF_DIR/$FILE

    fi

    pprint 1 "Loading $FILE"

    . $FILE || exit 1

  done

fi