blob: c57a7683a5002a9f3e5f957162432382b4c95f3e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#!/bin/sh
# Set to a list of packages to install.
export VM_EXTRA_PACKAGES="
comms/py-pyserial
converters/base64
devel/oci-cli
devel/py-babel
devel/py-iso8601
devel/py-pbr
devel/py-six
ftp/curl
lang/python
lang/python3
net/cloud-init
net/py-eventlet
net/py-netaddr
net/py-netifaces
net/py-oauth
net/rsync
panicmail
security/ca_root_nss
security/sudo
sysutils/firstboot-freebsd-update
sysutils/firstboot-pkgs
sysutils/panicmail
textproc/jq
"
# Should be enough for base image, image can be resized in needed
export VMSIZE=6g
# Set to a list of third-party software to enable in rc.conf(5).
export VM_RC_LIST="
cloudinit
firstboot_pkgs
firstboot_freebsd_update
growfs
ntpd
ntpd_sync_on_start
sshd
zfs"
vm_extra_pre_umount() {
cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
dumpdev=AUTO
sendmail_enable=NONE
EOF
cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
autoboot_delay="5"
beastie_disable="YES"
boot_serial="YES"
loader_logo="none"
cryptodev_load="YES"
opensolaris_load="YES"
xz_load="YES"
zfs_load="YES"
EOF
cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
# S11 Configure the SSH service to prevent password-based login
PermitRootLogin prohibit-password
PasswordAuthentication no
KbdInteractiveAuthentication no
PermitEmptyPasswords no
UseDNS no
EOF
# S14 Root user login must be disabled on serial-over-ssh console
pw -R ${DESTDIR} usermod root -w no
# OCI requirements override the default FreeBSD cloud-init settings
cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg
disable_root: true
system_info:
distro: freebsd
default_user:
name: freebsd
lock_passwd: True
gecos: "OCI Default User"
groups: [wheel]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/sh
network:
renderers: ['freebsd']
EOF
# Use Oracle Cloud Infrastructure NTP server
sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
${DESTDIR}/etc/ntp.conf
touch ${DESTDIR}/firstboot
if ! [ -z "${QEMUSTATIC}" ]; then
rm -f ${DESTDIR}/${EMULATOR}
fi
rm -f ${DESTDIR}/etc/resolv.conf
return 0
}
|
