source: hybrid/branches/releng-10/nanobsd/cfg/nanobsd.wleiden@ 13423

Last change on this file since 13423 was 13423, checked in by rick, 9 years ago

Using unbound from ports allows clear design.

The local_unbound scripts are really messy and not tailored towards our needs,
moving to the port version which is less intrusive and does not try to be 'smart'.

While here include dnsmasq and nsd (again) allowing us to toy around with autoritive nameservers.

File size: 11.9 KB
Line 
1## Dit is een NanoBSD configuratie-template voor WirelessLeiden.
2## Instellingen weergegeven binnen dit bestand gelden als
3## standaard binnen de organisatie.
4
5# Little hack to allow proper secify of KERNL/PKG location
6if [ -n "$NANO_CFG_FILE" ]; then
7 NANO_CONF_DIR=$(cd $(dirname $NANO_CFG_FILE); pwd -P)
8else
9 NANO_CONF_DIR=$(cd $(dirname $2); pwd -P)
10fi
11
12# object naam in /usr/obj/nanobsd.{obj}
13NANO_NAME=wleiden-hybrid
14NANO_SRC=/usr/src # nanobsd source tree
15NANO_TOOLS=$(pwd)
16NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand
17NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2)
18
19NANO_CONFSIZE=20480 # Volume van de config slice (10MB) in 512bs
20NANO_DATASIZE=0 # volume van de data slice, 0 = not configured
21NANO_CODESIZE=0 # Let buildscript the operating system slice as large as posible
22NANO_RAM_TMPVARSIZE=102400 # Volume of combined var & tmp slice (50MB) in 512bs
23
24NANO_LABEL=WLIMG
25NANO_NEWFS="-b 4096 -f 512 -i 8192" # Overwrite the default stettings to disable Soft-updates
26
27
28#XXX: Eeks, fixed packages, needs building a hook to allow building the package
29# of the shelfs if needed, copy to right directory, done. With only input needed
30# a list of ports in the format like net/net-snmp
31NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All
32NANO_PACKAGE_LIST="*"
33
34
35# Wireless Leiden ports from $WL_PORTSDIR are copied OVER $PORTSDIR
36PORTSDIR='/usr/ports'
37WL_PORTSDIR="$NANO_CONF_DIR/../ports/"
38
39# Dirty quirk to allow comments in part below
40PACKAGE_LIST=`cat <<EOF | sed -e 's/#.*$//g' | xargs
41benchmarks/iperf
42devel/py-yaml
43editors/vim-lite
44dns/dnsmasq
45dns/nsd
46dns/unbound
47ftp/curl
48lang/python2
49lang/python
50net/ladvd
51net-mgmt/iftop
52net-mgmt/net-snmp
53net/mtr
54net/isc-dhcp42-server
55net/pen
56ports-mgmt/pkg
57security/sudo
58security/ca_root_nss
59sysutils/screen
60sysutils/ucspi-tcp
61www/apache24
62www/tinyproxy
63
64# Extra WL ports
65net/lvrouted
66`
67# Package target
68PKG_MAKE_ARGS="PACKAGES=$(dirname $NANO_PACKAGE_DIR) BATCH=yes PACKAGE_BUILDING=yes"
69
70PKG_MAKE_CONF="
71# www/py-cherrypy - include apache templating
72# net-mgmt/net-snmp - no perl please (size)
73# net-mgmt/nagios-plugins - no threading (single CPU)
74# shells/bash-static - logging via syslog
75# net/mtr - no X11 (no screen)
76# lang/ocaml - no TK support (requires X11)
77# devel/ocaml-findlib - no TOOLBOX support (requires ocaml with TK support)
78OPTIONS_SET= APACHE FPING SYSLOG
79OPTIONS_UNSET= PERL PERL_EMBEDDED X11 TK TOOLBOX
80"
81
82##NANO_PACKAGE_LIST=
83
84# Warning: set to 1 to debug make build errors
85# Number of recurrent parrallel make builds
86if `grep -q 'acpi0: <PRLS PRLS_OEM> on motherboard' /var/run/dmesg.boot`; then
87 # Mac OS X Parallels virtual machine
88 NANO_PMAKE="make -B"
89else
90 # Default 2 times number of CPU's inside machine
91 NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2`
92 NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}"
93fi
94
95# Starting from soekris bios version 1.31 upwards boot0sio does not seems work
96# anymore, but boot0 does (weird)
97NANO_BOOTLOADER="boot/boot0"
98
99# Strip down to a more acceptable size
100# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB)
101NANO_PRUNE="$NANO_PRUNE usr/share/examples"
102NANO_PRUNE="$NANO_PRUNE usr/share/syscons"
103NANO_PRUNE="$NANO_PRUNE usr/share/calendar"
104# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it.
105# NANOBSD_PRUNE += usr/share/misc
106NANO_PRUNE="$NANO_PRUNE usr/share/pcvt"
107NANO_PRUNE="$NANO_PRUNE usr/share/me"
108NANO_PRUNE="$NANO_PRUNE usr/share/doc"
109
110
111
112
113
114# Opties parsed gedurende build & install world
115# Also check man 3 src.conf for details
116# Some flags are misleading, e.g. could only be installworld (e.g.), for details:
117# http://phk.freebsd.dk/misc/build_options/
118# For details on make options also check:
119# /usr/src/share/mk/bsd.own.mk
120CONF_COMMON='
121# Specific enabled options
122#WITHOUT_ACPI=YES # geen advanced configuration power interface
123#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd
124#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries.
125#WITHOUT_GROFF=YES # Set to not build groff(1).
126#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur
127#WITHOUT_INFO=YES # geen info bestanden, readable online docs
128#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd
129#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules
130#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail
131#WITHOUT_MAN=YES # geen handleidingen gecompileerd
132#WITHOUT_MISC=YES # geen misc sub directory
133#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules
134#WITHOUT_PAM=YES # geen ondersteuning pa modules
135#WITHOUT_PF=YES # geen packet filtering geinstalleerd
136#WITHOUT_SHARE=YES # geen share sub directory
137#WITHOUT_USB=YES # geen ondersteuning usb modules
138# Specific disabled options
139WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode
140WITHOUT_AUDIT=YES # geen event auditing / audit trails
141WITHOUT_AUTHPF=YES # geen authenticating gateway user shell
142WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules
143WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd
144WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS)
145WITHOUT_CPP=YES # Set to not build cpp(1).
146WITHOUT_CVS=YES # geen cvs tools geinstalleerd
147WITHOUT_DICT=YES # geen dictionary ondersteuning
148WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden
149WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers
150WITHOUT_GAMES=YES # geen games gecompileerd
151WITHOUT_GCOV=YES # geen gcov test coverage program
152WITHOUT_GDB=YES # geen gnu debugger gecompileerd
153WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten
154WITHOUT_HTML=YES # geen html help bestanden gecompileerd
155WITHOUT_I4B=YES # geen ondersteuning voor isdn
156WITHOUT_IPX=YES # geen ondersteuning ipx protocols
157WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie
158WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie
159WITHOUT_LPR=YES # geen ondersteuning print services
160WITHOUT_NIS=YES # geen ondersteuning network information system
161WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries.
162WITHOUT_RCMDS=YES # geen ondersteuning rcmds,
163WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd
164WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd
165WITHOUT_SHAREDOCS=YES # geen share/docs directories
166WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd
167WITHOUT_UNBOUND=YES # Port version will be used if any is used
168'
169
170CONF_BUILD="
171${CONF_COMMON}
172"
173
174CONF_INSTALL="
175${CONF_COMMON}
176WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain
177"
178
179
180# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards
181#FlashDevice sandisk 1g # nanobsd flashdevice entry
182#FlashDevice sandisk 512mb # nanobsd flashdevice entry
183#FlashDevice transcend 2g # nanobsd flashdevice entry
184# Calculated value of PEAK hardware 1GB CF card
185# C/H/S phys 1954/16/63, logical 977/32/63
186# Mediasize is calculated as C*H*S*512
187
188# Using logical values reported by ALIX board
189# values for PCEngines blanc 1 GB cards
190# C/H/S phys 1966/16/63, logical 983/32/63
191NANO_MEDIASIZE=`expr 1008451584 / 512`
192NANO_HEADS=32
193NANO_SECTS=63
194
195
196# Version tagging
197cust_version_tag() (
198 VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt"
199 (
200 echo "Generated by `id -un`@`hostname -f` at `date`"
201 echo ""
202 echo "=== CONFIG specifics ==="
203 svn info ${NANO_CONF_DIR}/../ || exit 0
204 svn diff ${NANO_CONF_DIR}/../ || exit 0
205 echo "=== BEGIN CONFIG specifics ==="
206 ) > $VERSION_FILE
207)
208
209# Takes a very long time (10+) minutes to generate this file on an ALIX board,
210# not practical for quick debugging and configuration.
211cust_openvpn_dhparam() (
212 DHFILE=${NANO_WORLDDIR}/etc/easy-rsa-keys/dh1024.pem
213 mkdir -p `dirname $DHFILE`
214 openssl dhparam -out $DHFILE 1024
215)
216
217
218
219# Assuming we are running a safe envirionment where snooping could occur during or after the build
220cust_set_root_password() (
221 if [ -n "${CFG_ROOT_PASSWORD}" ]; then
222 pprint 2 "Set root password using CFG_ROOT_PASSWORD variable"
223 chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -n root"
224 else
225 pprint 2 "Root password is <blank>, no password provided at variable CFG_ROOT_PASSWORD"
226 fi
227)
228
229
230
231# EXPERIMENTAL patch like envirionment
232# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to
233# keep us as close as possible to the base OS
234# Patches are applied to the directory they live in
235#cust_apply_nanobsd_patches() (
236# for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do
237# cd `dirname ${PATCHFILE}`
238# patch -t -N -p0 -i `basename ${PATCHFILE}`
239# #XX: What to with installed patch files? Delete them for the time beeing
240# rm -v ${PATCHFILE}
241#done
242
243
244
245#)
246
247
248
249# Customize ntpd
250cust_ntpd() (
251 chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift"
252)
253
254
255# Enable Serial TTYs
256cust_serial_ttys() (
257 chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[0-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys
258)
259
260# Customize sudoers files
261cust_sudo_rules() {
262 chroot ${NANO_WORLDDIR} find /usr/local/etc/sudoers.d/ -type f -exec chmod 0640 {} \+
263}
264
265
266
267# Install files from specific relative location
268cust_install_files () (
269 cd ${NANO_CONF_DIR}/../files
270 find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR}
271)
272
273
274# Make tools available for root by default
275cust_root_bin_to_tools() {
276 ln -s /tools ${NANO_WORLDDIR}/root/bin
277}
278
279
280# Prune no needed directories of image
281cust_nano_prune () (
282 cd ${NANO_WORLDDIR}
283 for ENTRY in ${NANO_PRUNE}; do
284 rm -vfR ${ENTRY}
285 done
286)
287
288# We actually do need an seperate /tmp, so undo the symlinking done in
289# setup_nanobsd()
290late_cust_unset_common_var_and_tmp() (
291 cd ${NANO_WORLDDIR}
292 rm tmp
293 mkdir -m 1777 tmp
294)
295
296
297# Fill /cfg wmth custom files, based on 'create_i386_diskimage ( )'
298last_nano_fill_cfg () (
299 # Variables to be used
300 IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}
301 MNT=${MAKEOBJDIRPREFIX}/_.mnt
302
303 # Mount '/cfg' slize in image
304 MD=`mdconfig -a -t vnode -f ${IMG}`
305 mount /dev/${MD}s3 ${MNT}
306
307 # Location of '/cfg' directory
308 cd ${NANO_CONF_DIR}/../cfg-files
309 find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT}
310
311
312 # Leave in nice end state
313 umount ${MNT}
314 mdconfig -d -u ${MD}
315) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1
316
317last_nano_disk_usage () (
318 # Variables to be used
319 IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}
320 MNT=${MAKEOBJDIRPREFIX}/_.mnt
321
322 # Mount root slize
323 MD=`mdconfig -a -t vnode -f ${IMG}`
324 mount /dev/${MD}s1a ${MNT}
325
326 # Show disk usage (percent free) inc header
327 pprint 2 $(df -h | head -1)
328 pprint 2 "$(df -h | grep /dev/${MD})"
329
330 # Leave in nice end state
331 umount ${MNT}
332 mdconfig -d -u ${MD}
333)
334
335last_orders () (
336 last_nano_fill_cfg
337 last_nano_disk_usage
338)
339
340# Ugly hack to 'escaping' pprint from inside a customize_cmd to output
341# instead of a file
342exec 3>/dev/stdout
343# Progress Print
344# Print $2 at level $1
345pprint() {
346 if [ "$1" -le $PPLEVEL ]; then
347 printf "%.${1}s %s\n" "#####" "$2" 1>&3
348 fi
349}
350
351# Cust macro`s gestart in onderstaande volgorde
352# XXX: Determine size before installing all find of additions to see how much
353# base we are actually using ## du -h -d 0
354customize_cmd cust_pkgng
355customize_cmd cust_install_files
356customize_cmd cust_ntpd
357customize_cmd cust_serial_ttys
358customize_cmd cust_version_tag
359customize_cmd cust_root_bin_to_tools
360customize_cmd cust_allow_ssh_root
361customize_cmd cust_openvpn_dhparam
362customize_cmd cust_nano_prune
363customize_cmd cust_set_root_password
364customize_cmd cust_sudo_rules
365#customize_cmd cust_apply_nanobsd_patches
366late_customize_cmd late_cust_unset_common_var_and_tmp
367
368# Standard overwrite
369if [ -r "$NANO_CONF_DIR/nanobsd.local" ]; then
370 . $NANO_CONF_DIR/nanobsd.local
371fi
372
373# Extra config if existing is not suffient
374if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then
375 for FILE in $EXTRA_NANOBSD_CONFIG; do
376 # File relative to config directory
377 if [ "`echo $FILE | cut -c1`" != "/" ]; then
378 FILE=$NANO_CONF_DIR/$FILE
379 fi
380 pprint 1 "Loading $FILE"
381 . $FILE || exit 1
382 done
383fi
Note: See TracBrowser for help on using the repository browser.