huge amount of fixes

5 files changed, 45 insertions, 3 deletions

diff --git a/scripts/os/freebsd/10-cpu b/scripts/os/freebsd/10-cpu
index adc27d4..ea2afcf 100644
--- a/scripts/os/freebsd/10-cpu
+++ b/scripts/os/freebsd/10-cpu
@@ -19,6 +19,8 @@ sysrc -v \
   performance_cx_lowest="$cx_lowest" \
   economy_cx_lowest="$cx_lowest"
 
+set_loader_conf machdep.hwpstate_pkg_ctrl=0
+
 # Set energy/performance preference for Intel P-states.
 # 0 = most performance, 100 = most power savings
 if sysctl -n dev.hwpstate_intel.0.epp >/dev/null 2>&1; then
diff --git a/scripts/os/freebsd/10-sysctls b/scripts/os/freebsd/10-sysctls
index 865544a..b07a46c 100644
--- a/scripts/os/freebsd/10-sysctls
+++ b/scripts/os/freebsd/10-sysctls
@@ -70,6 +70,8 @@ if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then
     security.bsd.see_other_gids="$see_other_uids" \
     security.bsd.see_other_uids="$see_other_uids" \
     security.bsd.unprivileged_read_msgbuf=0 \
+    vfs.nfsd.enable_locallocks=0 \
+    vfs.nfsd.issue_delegations=1 \
     vfs.zfs.min_auto_ashift=12
 
   # FreeBSD automatically scales kern.maxfilesperproc with the amount of memory.
diff --git a/scripts/os/freebsd/20-zfs b/scripts/os/freebsd/20-zfs
index aa37c0a..1cdc465 100644
--- a/scripts/os/freebsd/20-zfs
+++ b/scripts/os/freebsd/20-zfs
@@ -3,7 +3,7 @@
 # Every host should have a "state" dataset, which is a ZFS dataset which
 # persists across OS rebuilds.
 [ -n "${state_dataset:-}" ] || die 'state_dataset not defined!'
-create_dataset "$state_dataset"
+create_dataset -o mountpoint=none "$state_dataset"
 
 # If this is baremetal host or a VM, trim the zpools periodically.
 if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then
diff --git a/scripts/os/freebsd/50-idm b/scripts/os/freebsd/50-idm
index d9c2541..0a9e882 100644
--- a/scripts/os/freebsd/50-idm
+++ b/scripts/os/freebsd/50-idm
@@ -20,7 +20,8 @@ pkg install -y \
 # Configure PAM/NSS integration.
 install_file -m 0644 \
   /etc/nsswitch.conf \
-  /etc/pam.d/sshd
+  /etc/pam.d/sshd \
+  /etc/pam.d/sudo
 
 install_template -m 0644 \
   /etc/krb5.conf \
@@ -114,7 +115,11 @@ install_file -m 0555 \
   /usr/local/libexec/idm-ssh-authorized-keys
 
 # Create user for running SSH AuthorizedKeysCommand.
-add_user -u "$ssh_authzkeys_uid" -g "$host_keytab_groupname" "$ssh_authzkeys_username"
+add_user \
+  -u "$ssh_authzkeys_uid" \
+  -g "$host_keytab_groupname" \
+  -d /nonexistent \
+  "$ssh_authzkeys_username"
 
 # Enable and start nslcd/nscd.
 sysrc -v \
diff --git a/scripts/os/freebsd/51-autofs b/scripts/os/freebsd/51-autofs
new file mode 100644
index 0000000..4fe3c52
--- /dev/null
+++ b/scripts/os/freebsd/51-autofs
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# NFS mounts are not supported within jails.
+if [ "$BOXCONF_VIRTUALIZATION_TYPE" = jail ] || \
+   [ "$BOXCONF_HOSTCLASS" = nfs_server ] || \
+   [ "${enable_idm:-}" = false ] || \
+   [ "${enable_autofs:-}" = false ]; then
+  return 0
+fi
+
+: ${nfsuserd_cache_size:='256'}
+: ${nfsuserd_num_servers:='4'}
+: ${nfsuserd_cache_timeout:='1'}
+
+sysrc -v \
+  nfsuserd_enable=YES \
+  nfsuserd_flags="-usermax ${nfsuserd_cache_size} -usertimeout ${nfsuserd_cache_timeout} ${nfsuserd_num_servers}" \
+  gssd_enable=YES \
+  gssd_flags='-h -s /tmp' \
+  gssd_env="KRB5_KTNAME=${keytab_dir}/host.keytab"
+  nfs_client_enable=YES \
+  nfscbd_enable=NO \
+  nfscbd_flags="-p ${nfscbd_port} -P host" \
+  autofs_enable=YES
+
+install_file -m 0644 /etc/auto_master
+install_file -m 0555 /usr/local/libexec/idm-autofs-map
+ln -snfv /usr/local/libexec/idm-autofs-map /etc/autofs/include
+
+# No nfscbd: causes kernel panics on FreeBSD 14.1
+for service in gssd nfsclient nfsuserd automount automountd autounmountd; do
+  service "$service" status || service "$service" start
+done