xref: /freebsd-src/release/tools/oracle.conf (revision 89311e6f987ebb1a968eee6fe594b11bfb91977a) 
11be84d74SDave Cottlehuber#!/bin/sh
21be84d74SDave Cottlehuber# Set to a list of packages to install.
31be84d74SDave Cottlehuberexport VM_EXTRA_PACKAGES="
41be84d74SDave Cottlehuber    comms/py-pyserial
51be84d74SDave Cottlehuber    converters/base64
61be84d74SDave Cottlehuber    devel/oci-cli
71be84d74SDave Cottlehuber    devel/py-babel
81be84d74SDave Cottlehuber    devel/py-iso8601
91be84d74SDave Cottlehuber    devel/py-pbr
101be84d74SDave Cottlehuber    devel/py-six
111be84d74SDave Cottlehuber    ftp/curl
121be84d74SDave Cottlehuber    lang/python
131be84d74SDave Cottlehuber    lang/python3
141be84d74SDave Cottlehuber    net/cloud-init
151be84d74SDave Cottlehuber    net/py-eventlet
161be84d74SDave Cottlehuber    net/py-netaddr
171be84d74SDave Cottlehuber    net/py-netifaces
181be84d74SDave Cottlehuber    net/py-oauth
191be84d74SDave Cottlehuber    net/rsync
201be84d74SDave Cottlehuber    panicmail
211be84d74SDave Cottlehuber    security/ca_root_nss
221be84d74SDave Cottlehuber    security/sudo
231be84d74SDave Cottlehuber    sysutils/firstboot-freebsd-update
241be84d74SDave Cottlehuber    sysutils/firstboot-pkgs
251be84d74SDave Cottlehuber    sysutils/panicmail
261be84d74SDave Cottlehuber    textproc/jq
271be84d74SDave Cottlehuber    "
281be84d74SDave Cottlehuber
291be84d74SDave Cottlehuber# Should be enough for base image, image can be resized in needed
30*89311e6fSDave Cottlehuberexport VMSIZE=8g
311be84d74SDave Cottlehuber
321be84d74SDave Cottlehuber# Set to a list of third-party software to enable in rc.conf(5).
331be84d74SDave Cottlehuberexport VM_RC_LIST="
341be84d74SDave Cottlehuber    cloudinit
351be84d74SDave Cottlehuber    firstboot_pkgs
361be84d74SDave Cottlehuber    firstboot_freebsd_update
371be84d74SDave Cottlehuber    growfs
381be84d74SDave Cottlehuber    ntpd
391be84d74SDave Cottlehuber    ntpd_sync_on_start
401be84d74SDave Cottlehuber    sshd
411be84d74SDave Cottlehuber    zfs"
421be84d74SDave Cottlehuber
431be84d74SDave Cottlehubervm_extra_pre_umount() {
441be84d74SDave Cottlehuber	cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
451be84d74SDave Cottlehuber		dumpdev=AUTO
461be84d74SDave Cottlehuber		sendmail_enable=NONE
471be84d74SDave CottlehuberEOF
481be84d74SDave Cottlehuber
491be84d74SDave Cottlehuber	cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
501be84d74SDave Cottlehuber		autoboot_delay="5"
511be84d74SDave Cottlehuber		beastie_disable="YES"
521be84d74SDave Cottlehuber		boot_serial="YES"
531be84d74SDave Cottlehuber		loader_logo="none"
541be84d74SDave Cottlehuber		cryptodev_load="YES"
551be84d74SDave Cottlehuber		opensolaris_load="YES"
561be84d74SDave Cottlehuber		xz_load="YES"
571be84d74SDave Cottlehuber		zfs_load="YES"
581be84d74SDave CottlehuberEOF
591be84d74SDave Cottlehuber
601be84d74SDave Cottlehuber	cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
611be84d74SDave Cottlehuber		# S11 Configure the SSH service to prevent password-based login
621be84d74SDave Cottlehuber		PermitRootLogin prohibit-password
631be84d74SDave Cottlehuber		PasswordAuthentication no
641be84d74SDave Cottlehuber		KbdInteractiveAuthentication no
651be84d74SDave Cottlehuber		PermitEmptyPasswords no
661be84d74SDave Cottlehuber		UseDNS no
671be84d74SDave CottlehuberEOF
681be84d74SDave Cottlehuber
691be84d74SDave Cottlehuber	 # S14 Root user login must be disabled on serial-over-ssh console
701be84d74SDave Cottlehuber	 pw -R ${DESTDIR} usermod root -w no
711be84d74SDave Cottlehuber	 # Oracle requirements override the default FreeBSD cloud-init settings
721be84d74SDave Cottlehuber	 cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg
731be84d74SDave Cottlehuber		disable_root: true
741be84d74SDave Cottlehuber		system_info:
751be84d74SDave Cottlehuber		   distro: freebsd
761be84d74SDave Cottlehuber		   default_user:
771be84d74SDave Cottlehuber		     name: freebsd
781be84d74SDave Cottlehuber		     lock_passwd: True
791be84d74SDave Cottlehuber		     gecos: "Oracle Cloud Default User"
801be84d74SDave Cottlehuber		     groups: [wheel]
811be84d74SDave Cottlehuber		     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
821be84d74SDave Cottlehuber		     shell: /bin/sh
831be84d74SDave Cottlehuber		   network:
841be84d74SDave Cottlehuber		      renderers: ['freebsd']
851be84d74SDave CottlehuberEOF
861be84d74SDave Cottlehuber
871be84d74SDave Cottlehuber	# Use Oracle Cloud Infrastructure NTP server
881be84d74SDave Cottlehuber	sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
891be84d74SDave Cottlehuber        ${DESTDIR}/etc/ntp.conf
901be84d74SDave Cottlehuber
911be84d74SDave Cottlehuber	touch ${DESTDIR}/firstboot
921be84d74SDave Cottlehuber
931be84d74SDave Cottlehuber	return 0
941be84d74SDave Cottlehuber}
95