summaryrefslogtreecommitdiffstats
path: root/release/tools/gce.conf
diff options
context:
space:
mode:
Diffstat (limited to 'release/tools/gce.conf')
-rw-r--r--release/tools/gce.conf96
1 files changed, 96 insertions, 0 deletions
diff --git a/release/tools/gce.conf b/release/tools/gce.conf
new file mode 100644
index 0000000..bccf1f4
--- /dev/null
+++ b/release/tools/gce.conf
@@ -0,0 +1,96 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# Set to a list of packages to install.
+export VM_EXTRA_PACKAGES="firstboot-freebsd-update firstboot-pkgs google-cloud-sdk google-daemon panicmail sudo firstboot-growfs google-startup-scripts"
+
+# Set to a list of third-party software to enable in rc.conf(5).
+export VM_RC_LIST="google_accounts_manager ntpd"
+
+vm_extra_install_base() {
+ echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf
+ echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf
+ echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf
+}
+
+vm_extra_pre_umount() {
+ cat << EOF >> ${DESTDIR}/etc/rc.conf
+console="comconsole"
+dumpdev="AUTO"
+ifconfig_vtnet0="SYNCDHCP mtu 1460"
+ntpd_sync_on_start="YES"
+ntpd_enable="YES"
+sshd_enable="YES"
+google_accounts_manager_enable="YES"
+#disabled until I can figure out why the reboot for updates is hanging
+#firstboot_freebsd_update_enable="YES"
+#firstboot_pkgs_enable="YES"
+# need to fill in something here
+#firstboot_pkgs_list=""
+panicmail_autosubmit="YES"
+firstboot_growfs_enable="YES"
+google_startup_enable="YES"
+EOF
+
+ cat << EOF >> ${DESTDIR}/boot/loader.conf
+autoboot_delay="-1"
+beastie_disable="YES"
+loader_logo="none"
+hw.memtest.tests="0"
+console="comconsole"
+hw.vtnet.mq_disable=1
+kern.timecounter.hardware=ACPI-safe
+aesni_load="YES"
+nvme_load="YES"
+EOF
+
+ echo '169.254.169.254 metadata.google.internal metadata' > \
+ ${DESTDIR}/etc/hosts
+
+ # overwrite ntp.conf
+ cat << EOF > ${DESTDIR}/etc/ntp.conf
+server metadata.google.internal iburst
+
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+restrict 127.0.0.1
+restrict -6 ::1
+restrict 127.127.1.0
+EOF
+
+ cat << EOF >> ${DESTDIR}/etc/syslog.conf
+*.err;kern.warning;auth.notice;mail.crit /dev/console
+EOF
+
+ cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
+ChallengeResponseAuthentication no
+X11Forwarding no
+AcceptEnv LANG
+Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+AllowAgentForwarding no
+ClientAliveInterval 420
+EOF
+
+ cat << EOF >> ${DESTDIR}/etc/crontab
+0 3 * * * root /usr/sbin/freebsd-update cron
+EOF
+
+ cat << EOF >> ${DESTDIR}/etc/sysctl.conf
+net.inet.icmp.drop_redirect=1
+net.inet.ip.redirect=0
+net.inet.tcp.blackhole=2
+net.inet.udp.blackhole=1
+kern.ipc.somaxconn=1024
+debug.trace_on_panic=1
+debug.debugger_on_panic=0
+EOF
+
+ sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys
+
+ touch ${DESTDIR}/firstboot
+
+ return 0
+}
OpenPOWER on IntegriCloud