diff options
Diffstat (limited to 'scripts/os/freebsd')
| -rw-r--r-- | scripts/os/freebsd/10-cpu | 2 | ||||
| -rw-r--r-- | scripts/os/freebsd/10-sysctls | 2 | ||||
| -rw-r--r-- | scripts/os/freebsd/20-zfs | 2 | ||||
| -rw-r--r-- | scripts/os/freebsd/50-idm | 9 | ||||
| -rw-r--r-- | scripts/os/freebsd/51-autofs | 33 | 
5 files changed, 45 insertions, 3 deletions
| diff --git a/scripts/os/freebsd/10-cpu b/scripts/os/freebsd/10-cpu index adc27d4..ea2afcf 100644 --- a/scripts/os/freebsd/10-cpu +++ b/scripts/os/freebsd/10-cpu @@ -19,6 +19,8 @@ sysrc -v \    performance_cx_lowest="$cx_lowest" \    economy_cx_lowest="$cx_lowest" +set_loader_conf machdep.hwpstate_pkg_ctrl=0 +  # Set energy/performance preference for Intel P-states.  # 0 = most performance, 100 = most power savings  if sysctl -n dev.hwpstate_intel.0.epp >/dev/null 2>&1; then diff --git a/scripts/os/freebsd/10-sysctls b/scripts/os/freebsd/10-sysctls index 865544a..b07a46c 100644 --- a/scripts/os/freebsd/10-sysctls +++ b/scripts/os/freebsd/10-sysctls @@ -70,6 +70,8 @@ if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then      security.bsd.see_other_gids="$see_other_uids" \      security.bsd.see_other_uids="$see_other_uids" \      security.bsd.unprivileged_read_msgbuf=0 \ +    vfs.nfsd.enable_locallocks=0 \ +    vfs.nfsd.issue_delegations=1 \      vfs.zfs.min_auto_ashift=12    # FreeBSD automatically scales kern.maxfilesperproc with the amount of memory. diff --git a/scripts/os/freebsd/20-zfs b/scripts/os/freebsd/20-zfs index aa37c0a..1cdc465 100644 --- a/scripts/os/freebsd/20-zfs +++ b/scripts/os/freebsd/20-zfs @@ -3,7 +3,7 @@  # Every host should have a "state" dataset, which is a ZFS dataset which  # persists across OS rebuilds.  [ -n "${state_dataset:-}" ] || die 'state_dataset not defined!' -create_dataset "$state_dataset" +create_dataset -o mountpoint=none "$state_dataset"  # If this is baremetal host or a VM, trim the zpools periodically.  if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then diff --git a/scripts/os/freebsd/50-idm b/scripts/os/freebsd/50-idm index d9c2541..0a9e882 100644 --- a/scripts/os/freebsd/50-idm +++ b/scripts/os/freebsd/50-idm @@ -20,7 +20,8 @@ pkg install -y \  # Configure PAM/NSS integration.  install_file -m 0644 \    /etc/nsswitch.conf \ -  /etc/pam.d/sshd +  /etc/pam.d/sshd \ +  /etc/pam.d/sudo  install_template -m 0644 \    /etc/krb5.conf \ @@ -114,7 +115,11 @@ install_file -m 0555 \    /usr/local/libexec/idm-ssh-authorized-keys  # Create user for running SSH AuthorizedKeysCommand. -add_user -u "$ssh_authzkeys_uid" -g "$host_keytab_groupname" "$ssh_authzkeys_username" +add_user \ +  -u "$ssh_authzkeys_uid" \ +  -g "$host_keytab_groupname" \ +  -d /nonexistent \ +  "$ssh_authzkeys_username"  # Enable and start nslcd/nscd.  sysrc -v \ diff --git a/scripts/os/freebsd/51-autofs b/scripts/os/freebsd/51-autofs new file mode 100644 index 0000000..4fe3c52 --- /dev/null +++ b/scripts/os/freebsd/51-autofs @@ -0,0 +1,33 @@ +#!/bin/sh + +# NFS mounts are not supported within jails. +if [ "$BOXCONF_VIRTUALIZATION_TYPE" = jail ] || \ +   [ "$BOXCONF_HOSTCLASS" = nfs_server ] || \ +   [ "${enable_idm:-}" = false ] || \ +   [ "${enable_autofs:-}" = false ]; then +  return 0 +fi + +: ${nfsuserd_cache_size:='256'} +: ${nfsuserd_num_servers:='4'} +: ${nfsuserd_cache_timeout:='1'} + +sysrc -v \ +  nfsuserd_enable=YES \ +  nfsuserd_flags="-usermax ${nfsuserd_cache_size} -usertimeout ${nfsuserd_cache_timeout} ${nfsuserd_num_servers}" \ +  gssd_enable=YES \ +  gssd_flags='-h -s /tmp' \ +  gssd_env="KRB5_KTNAME=${keytab_dir}/host.keytab" +  nfs_client_enable=YES \ +  nfscbd_enable=NO \ +  nfscbd_flags="-p ${nfscbd_port} -P host" \ +  autofs_enable=YES + +install_file -m 0644 /etc/auto_master +install_file -m 0555 /usr/local/libexec/idm-autofs-map +ln -snfv /usr/local/libexec/idm-autofs-map /etc/autofs/include + +# No nfscbd: causes kernel panics on FreeBSD 14.1 +for service in gssd nfsclient nfsuserd automount automountd autounmountd; do +  service "$service" status || service "$service" start +done | 
