xref: /netbsd-src/etc/defaults/rc.conf (revision 011f078b4d82025073c91186e8b6ed70398bb4fc) 
1#	$NetBSD: rc.conf,v 1.167 2023/10/05 08:19:27 abs Exp $
2#
3# /etc/defaults/rc.conf --
4#	default configuration of /etc/rc.conf
5#
6# see rc.conf(5) for more information.
7#
8# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
9# EDIT /etc/rc.conf INSTEAD.
10#
11
12#
13# Use program=YES to enable program, NO to disable it. program_flags are
14# passed to the program on the command line.
15#
16
17# Uncomment this if you want to use local paths in rc.
18#
19#export PATH=$PATH:/usr/pkg/sbin:/usr/pkg/bin:/usr/local/sbin:/usr/local/bin
20
21# Uncomment the following to execute each /etc/rc.d script in
22# the current shell rather than in a subshell.  This may be
23# faster on very slow machines that have an expensive fork(2).
24#	NOTE:	USE THIS AT YOUR OWN RISK; A ROGUE COMMAND
25#		MAY INADVERTENTLY PREVENT BOOT TO MULTIUSER.
26#
27#rc_fast_and_loose=YES
28
29# If rc_silent is true then /etc/rc will suppress most output to
30# the console.  The default is taken from the AB_SILENT flag passed
31# from the boot loader to the kernel in the boothowto(9) variable.
32#
33# rc_silent_cmd is executed once for each suppressed line of output.
34# Useful values are ":" and "twiddle".
35#
36rc_silent=$( [ "$(( $(/sbin/sysctl -n kern.boothowto 2>/dev/null || echo 0) \
37		    & 0x40000 ))" != 0 ] && echo true || echo false )
38rc_silent_cmd=twiddle
39
40# Additional flags to the rcorder(8) that's run by /etc/rc.
41#
42rc_rcorder_flags=""
43
44# The directories searched for rc scripts.
45# These directories must be part of the root file system.
46rc_directories=/etc/rc.d
47
48# If this is set to NO, shutdown(8) will not run /etc/rc.shutdown.
49#
50do_rcshutdown=YES
51
52# Additional flags to the rcorder(8) that's run by /etc/rc.shutdown.
53#
54rcshutdown_rcorder_flags=""
55
56# If this is non-blank, use as the number of seconds to run a watchdog
57# timer which will terminate /etc/rc.shutdown if the timeout expires.
58#
59rcshutdown_timeout=""
60
61
62# Basic network configuration
63#
64
65# Fully Qualified Internet Domain Name (a.k.a. hostname, e.g. foo.baz.edu).
66# If blank, use /etc/myname.
67#
68hostname=""
69
70# If there's only one way out of your IPv4 network, set this to the hostname
71# or the IPv4 address of the router that will get your packets off the LAN.
72# If blank, use /etc/mygate.
73#
74defaultroute=""
75
76# Same thing for IPv6.  If blank, use /etc/mygate6.
77#
78defaultroute6=""
79
80# The NIS domain name (formerly known as Yellow Pages); not in any way
81# related to Internet domain names.
82# If blank, use /etc/defaultdomain.
83#
84domainname=""
85
86# Filesystems to mount early in boot-up.
87# Note that `/var' is needed in $critical_filesystems_local (or
88# implied as part of `/') as certain services that need /var (such as
89# dhcpcd) may be needed to get the network operational enough to mount
90# the $critical_filesystems_remote.  Prepending "OPTIONAL:"  means it
91# will not be an error if that file system is not present in fstab(5).
92#
93critical_filesystems_local="OPTIONAL:/var"
94critical_filesystems_remote="OPTIONAL:/usr"
95critical_filesystems_zfs=""
96
97# Swap device controls.
98#
99no_swap=NO		# Set to YES if you have purposefully setup no swap
100			# partitions and don't want to be warned about it.
101swapoff=YES		# Remove block-type swap partitions upon shutdown
102			# This defaults to yes, so that raids shutdown cleanly
103swapoff_umount=auto	# Set to 'manual' to umount the tmpfs partitions listed
104			# in swapoff_umount_fs before removing swap. Set to
105			# 'auto' to umount all tmpfs partitions that contain
106			# no device nodes.
107swapoff_umount_fs=	# space-separated list of tmpfs mount points to umount
108			# before removing swap if swapoff_umount=manual
109
110# Concatenated disk driver.
111#
112ccd=YES
113
114# RAIDframe driver (manually configured devices).
115#
116raidframe=YES
117
118# Crypto file system.
119#
120cgd=YES
121
122# Logical Volume Manager
123#
124lvm=NO
125
126# One-time actions and programs on boot-up.
127#
128savecore=YES		savecore_flags="-z"
129			savecore_dir="/var/crash"
130resize_disklabel=NO				# resize disklabel to fill disk
131resize_gpt=NO					# resize GPT to fill disk
132resize_root=NO					# resize root to fill partition
133per_user_tmp=NO					# per-user /tmp directories
134per_user_tmp_dir="/private/tmp"			# real storage for /tmp
135clear_tmp=YES					# clear /tmp after reboot
136update_motd=YES					# updates /etc/motd
137update_motd_release=NO	motd_release_tag=""	# release info in /etc/motd
138dmesg=YES		dmesg_flags="-t"	# write /var/run/dmesg.boot
139accounting=NO					# uses /var/account/acct
140newsyslog=NO		newsyslog_flags=""	# trim log files
141quota=YES					# check and enable quotas
142ldconfig=YES					# rebuild a.out ldconfig cache
143sysdb=YES					# build system databases
144rndctl=NO		rndctl_flags=""		# configure rndctl(8)
145gpio=NO						# configure GPIO devices
146modules=YES					# process /etc/modules.conf
147certctl_init=NO					# rehash /etc/openssl/certs
148
149# cope with other OSes using the real time clock at localtime on this
150# machine (by adjusting kern.rtc_offset at boot)
151rtclocaltime=NO
152
153# NOTE: default coredump name now set in /etc/sysctl.conf
154
155#
156# File system check flags; default to preen mode, checking file systems
157# that are listed in /etc/fstab in parallel as the fsck pass number
158# permits. Fix minor faults automatically, and exit with non 0 only
159# when major errors occur.
160#
161fsck_flags=-p
162
163# Security setting.  If $securelevel is non-empty, the system securelevel
164# is set to this value early in the boot sequence.  Otherwise the default
165# action is taken (see init(8)).
166#
167securelevel=""					# securelevel to set to
168
169# To set the IP address of an interface either use
170#  ifconfig_xxN="IP-NO"
171# where xxN is the interface.  If this variable is not set then
172# contents of the file /etc/ifconfig.xxN is used.
173
174# Networking startup.
175#
176# Wait up to 15 seconds for the tentative flag to clear from all addresses.
177# Wait up to 5 seconds for the detached flag to clear from all addresses.
178# Addresses are detached if there is no carrier, thus we have a small
179# wait to see if we get a carrier.
180# Even a wired interface may not recognise it has a carrier right away.
181ifconfig_wait_dad_flags="-w 15 -W 5"
182
183mdnsd=NO
184npf=NO			npf_rules="/etc/npf.conf"
185npfd=NO			npfd_flags=""
186ipfilter=NO		ipfilter_flags=""	# uses /etc/ipf.conf
187ipnat=NO					# uses /etc/ipnat.conf
188ipfs=NO			ipfs_flags=""		# save/load ipnat and ipf states
189ipsec=NO					# uses /etc/ipsec.conf
190ipmon=NO		ipmon_flags="-Dns"	# syslog ipfilter messages
191pf=NO			pf_rules="/etc/pf.conf" pf_flags=""
192pflogd=NO
193ftp_proxy=NO
194racoon=NO					# IKE daemon
195auto_ifconfig=YES				# config all avail. interfaces
196net_interfaces=""				# used only if above is NO
197flushroutes=YES					# flush routes in netstart
198dhcpcd=NO		dhcpcd_flags="-qM"	# For ifconfig_XXX=dhcp.
199ntpdate=NO  		ntpdate_flags="-b -s"	# May need '-u' thru firewall
200ppp=YES			ppp_peers=""		# /etc/ppp/peers to call
201ip6mode=host					# host, autohost or router
202ip6uniquelocal=NO				# IPv6 unique-local forwarding
203
204# Special treatment for interfaces that need to be downed on
205# shutdown (because they might cause unnecessary costs or block resources
206# on the peer). All pppoe* interfaces are automatically included in this
207# list, add others here manually.
208#force_down_interfaces=""
209
210ifwatchd=NO	# execute up/down scripts for in-kernel PPPoE interfaces
211	ifwatchd_flags="-u /etc/ppp/ip-up -d /etc/ppp/ip-down pppoe0"
212
213# ALTQ configuration/monitoring daemon
214altqd=NO		altqd_flags=""
215
216# Daemons required by servers.  These are not needed for strictly client use.
217#
218
219# inetd is used to start the IP-based services enabled in /etc/inetd.conf
220#
221inetd=YES		inetd_flags="-l"	# -l logs libwrap
222
223# identd
224#
225identd=NO		identd_flags="-b -l -u nobody"
226
227# rpcbind (formerly known as 'portmap') is used to look up RPC-based services.
228#
229rpcbind=NO		rpcbind_flags="-l"	# -l logs libwrap
230
231# Commonly used daemons.
232#
233syslogd=YES		syslogd_flags="-s"	# -s "secure" unix domain only
234cron=YES
235named=NO		named_flags=""		# see below for named_chrootdir
236timed=NO		timed_flags=""
237ntpd=NO			ntpd_flags=""		# see below for ntpd_chrootdir
238# The default setting for postfix here is YES, but gets re-examined by
239# the rc.d/postfix startup script when it runs.  The script sets
240# _rc_d_postfix to "check", and then causes all rc.conf settings to
241# be re-evaluated.  If the value of $postfix after this is "check",
242# the script then checks to see if /etc/mailer.conf selects the system
243# postfix. If not, it does print a warning and does not start postfix
244# to avoid conflict with a different MTA.
245postfix=${_rc_d_postfix:-YES}
246lpd=NO			lpd_flags="-s"		# -s "secure" unix domain only
247sshd=NO			sshd_flags=""
248ssh_keygen_flags=""
249ftpd=NO			ftpd_flags="-ll"
250httpd=NO		httpd_flags=""
251			httpd_wwwdir="/var/www"
252			httpd_wwwuser="_httpd"
253
254# To run the named(8) DNS server as an unprivileged user under a
255# chroot(2) cage, uncomment the following after migrating the contents
256# of /etc/namedb to /var/chroot/named/etc/namedb
257#
258#named_chrootdir="/var/chroot/named"
259
260# To run the ntpd(8) NTP server as an unprivileged user under a
261# chroot(2) cage, uncomment the following, after ensuring that:
262#	- The kernel has "pseudo-device clockctl" compiled in
263#	- /dev/clockctl is present
264#
265#ntpd_chrootdir="/var/chroot/ntpd"
266
267# Routing daemons.
268#
269routed=NO		routed_flags="-q"
270gated=NO
271mrouted=NO		mrouted_flags=""
272route6d=NO		route6d_flags=""
273ldpd=NO
274
275# Daemons used to boot other hosts over a network.
276#
277rarpd=NO		rarpd_flags="-a"
278bootparamd=NO		bootparamd_flags=""
279dhcpd=NO		dhcpd_flags="-q"
280dhcpd6=NO		dhcpd6_flags="-q -cf /etc/dhcpd6.conf"
281dhcrelay=NO		dhcrelay_flags=""
282rbootd=NO		rbootd_flags=""
283mopd=NO			mopd_flags="-a"
284ndbootd=NO		ndbootd_flags="-s /tftpboot /tftpboot/bootyy"
285rtadvd=NO		rtadvd_flags=""
286isibootd=NO		isibootd_flags=""
287
288# X11 daemons.
289#
290xfs=NO			xfs_flags=""		# X11 font server
291xdm=NO			xdm_flags=""		# X11 display manager; needs
292						# wscons=YES for local displays.
293
294# Update fontconfig cache at boot
295fccache=YES
296
297# YP (NIS) daemons.
298#
299ypbind=NO		ypbind_flags=""
300ypserv=NO		ypserv_flags="-d"
301yppasswdd=NO		yppasswdd_flags=""
302
303# NFS daemons and parameters.
304#
305mountd=NO		mountd_flags=""		# NFS mount requests daemon
306nfs_client=NO					# enable client daemons
307nfs_server=NO					# enable server daemons
308			nfsd_flags=""
309lockd=NO		lockd_flags=""
310statd=NO		statd_flags=""
311amd=NO			amd_flags="-l syslog -x error,noinfo,nostats"
312			amd_dir=/amd			# mount dir
313
314# Heimdal Kerberos 5 KDC (with Kerberos IV compatibility)
315kdc=NO			kdc_flags="--detach"
316
317# iSCSI target
318iscsi_target=NO		iscsi_target_flags=""
319# iSCSI kernel initiator
320iscsid=NO
321# iSCSI attach from /etc/iscsi/volumes
322iscsid_volumes=YES
323
324# WPA daemons.
325hostapd=NO		hostapd_flags="-Bs /etc/hostapd.conf"
326wpa_supplicant=NO	wpa_supplicant_flags="-Ms -c /etc/wpa_supplicant.conf"
327
328# Bluetooth configuration
329bluetooth=NO
330# and the following are used when bluetooth=YES
331btconfig_devices=""                             # all
332bthcid=YES              bthcid_flags=""
333sdpd=YES                sdpd_flags=""
334
335# Other daemons.
336#
337rwhod=NO		rwhod_flags="-u _rwhod"
338devpubd=NO		devpubd_flags=""	# autocreate nodes for new devs
339envsys=NO					# Set /etc/envsys.conf preferences
340autofs=NO		automount_flags=""
341			automountd_flags=""
342			autounmountd_flags=""
343
344# Hardware daemons.
345#
346apmd=NO			apmd_flags=""		# APM power management daemon.
347powerd=NO		powerd_flags=""		# power management daemon
348screenblank=NO		screenblank_flags=""	# wscons and FBIO screenblanker
349
350moused=NO					# serial mouse handler
351			moused_flags="-p /dev/tty00"
352
353wdogctl=NO					# watchdog timer control
354#			wdogctl_flags="-k devicename"
355irdaattach=NO					# attach serial lines to IrDA
356			irdaattach_flags="tty00"
357
358# Configuration of "wscons" console driver virtual screens.
359#
360wscons=NO		wscons_flags=""		# setup wscons from wscons.conf
361
362# Configuration of "wsmoused" console driver cut-n-paste support
363#
364wsmoused=NO		wsmoused_flags=""
365
366# Configuration of "tpctl" touch panel calibration utility
367#
368tpctl=NO		tpctl_flags=""
369
370# Mixer setting
371#
372mixerctl=NO		mixerctl_mixers=""	# "mixer0 mixer1" means saving
373						# and restoring their settings
374
375# Vi recovery notification.  Vi(1)'s -r option can recover files which were
376# accidentally closed.  See vi(1) for more details.
377#
378virecover=YES
379
380# Veriexec signature loading.
381#
382veriexec=NO
383veriexec_strict=0
384veriexec_verbose=0
385veriexec_flags="-k"
386
387# Entropy load/save to/from /dev/random at startup/shutdown
388#
389random_seed=YES
390
391# Set to `check' to abort multi-user boot if not enough entropy, or
392# `wait' to wait until enough entropy, or `' (empty) to boot without
393# waiting or checking.
394#
395entropy="wait"
396
397# Creating / updating of man page index on boot
398makemandb=YES
399
400# Disable Simultaneous Multi-Threading
401smtoff=NO
402
403# blocklist daemon, needs npf
404blocklistd=NO
405
406# IPv6 address selection policy
407ip6addrctl=NO
408# ipv6_prefer, ipv4_prefer, auto
409ip6addrctl_policy=auto
410ip6addrctl_verbose=NO
411
412# Unbound
413unbound=NO
414unbound_chrootdir=/var/chroot/unbound
415
416# Nsd
417nsd=NO
418nsd_chrootdir=/var/chroot/nsd
419nsd_flags="-t ${nsd_chrootdir}"
420
421# ZFS
422zfs=NO
423