xref: /netbsd-src/etc/defaults/rc.conf (revision a45db23f655e22f0c2354600d3b3c2cb98abf2dc) 
1#	$NetBSD: rc.conf,v 1.165 2023/07/02 12:39:05 nia Exp $
2#
3# /etc/defaults/rc.conf --
4#	default configuration of /etc/rc.conf
5#
6# see rc.conf(5) for more information.
7#
8# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
9# EDIT /etc/rc.conf INSTEAD.
10#
11
12#
13# Use program=YES to enable program, NO to disable it. program_flags are
14# passed to the program on the command line.
15#
16
17# Uncomment this if you want to use local paths in rc.
18#
19#export PATH=$PATH:/usr/pkg/sbin:/usr/pkg/bin:/usr/local/sbin:/usr/local/bin
20
21# Uncomment the following to execute each /etc/rc.d script in
22# the current shell rather than in a subshell.  This may be
23# faster on very slow machines that have an expensive fork(2).
24#	NOTE:	USE THIS AT YOUR OWN RISK; A ROGUE COMMAND
25#		MAY INADVERTENTLY PREVENT BOOT TO MULTIUSER.
26#
27#rc_fast_and_loose=YES
28
29# If rc_silent is true then /etc/rc will suppress most output to
30# the console.  The default is taken from the AB_SILENT flag passed
31# from the boot loader to the kernel in the boothowto(9) variable.
32#
33# rc_silent_cmd is executed once for each suppressed line of output.
34# Useful values are ":" and "twiddle".
35#
36rc_silent=$( [ "$(( $(/sbin/sysctl -n kern.boothowto 2>/dev/null || echo 0) \
37		    & 0x40000 ))" != 0 ] && echo true || echo false )
38rc_silent_cmd=twiddle
39
40# Additional flags to the rcorder(8) that's run by /etc/rc.
41#
42rc_rcorder_flags=""
43
44# The directories searched for rc scripts.
45# These directories must be part of the root file system.
46rc_directories=/etc/rc.d
47
48# If this is set to NO, shutdown(8) will not run /etc/rc.shutdown.
49#
50do_rcshutdown=YES
51
52# Additional flags to the rcorder(8) that's run by /etc/rc.shutdown.
53#
54rcshutdown_rcorder_flags=""
55
56# If this is non-blank, use as the number of seconds to run a watchdog
57# timer which will terminate /etc/rc.shutdown if the timeout expires.
58#
59rcshutdown_timeout=""
60
61
62# Basic network configuration
63#
64
65# Fully Qualified Internet Domain Name (a.k.a. hostname, e.g. foo.baz.edu).
66# If blank, use /etc/myname.
67#
68hostname=""
69
70# If there's only one way out of your IPv4 network, set this to the hostname
71# or the IPv4 address of the router that will get your packets off the LAN.
72# If blank, use /etc/mygate.
73#
74defaultroute=""
75
76# Same thing for IPv6.  If blank, use /etc/mygate6.
77#
78defaultroute6=""
79
80# The NIS domain name (formerly known as Yellow Pages); not in any way
81# related to Internet domain names.
82# If blank, use /etc/defaultdomain.
83#
84domainname=""
85
86# Filesystems to mount early in boot-up.
87# Note that `/var' is needed in $critical_filesystems_local (or
88# implied as part of `/') as certain services that need /var (such as
89# dhcpcd) may be needed to get the network operational enough to mount
90# the $critical_filesystems_remote.  Prepending "OPTIONAL:"  means it
91# will not be an error if that file system is not present in fstab(5).
92#
93critical_filesystems_local="OPTIONAL:/var"
94critical_filesystems_remote="OPTIONAL:/usr"
95critical_filesystems_zfs=""
96
97# Swap device controls.
98#
99no_swap=NO		# Set to YES if you have purposefully setup no swap
100			# partitions and don't want to be warned about it.
101swapoff=YES		# Remove block-type swap partitions upon shutdown
102			# This defaults to yes, so that raids shutdown cleanly
103swapoff_umount=auto	# Set to 'manual' to umount the tmpfs partitions listed
104			# in swapoff_umount_fs before removing swap. Set to
105			# 'auto' to umount all tmpfs partitions that contain
106			# no device nodes.
107swapoff_umount_fs=	# space-separated list of tmpfs mount points to umount
108			# before removing swap if swapoff_umount=manual
109
110# Concatenated disk driver.
111#
112ccd=YES
113
114# RAIDframe driver (manually configured devices).
115#
116raidframe=YES
117
118# Crypto file system.
119#
120cgd=YES
121
122# Logical Volume Manager
123#
124lvm=NO
125
126# One-time actions and programs on boot-up.
127#
128savecore=YES		savecore_flags="-z"
129			savecore_dir="/var/crash"
130resize_disklabel=NO				# resize disklabel to fill disk
131resize_gpt=NO					# resize GPT to fill disk
132resize_root=NO					# resize root to fill partition
133per_user_tmp=NO					# per-user /tmp directories
134per_user_tmp_dir="/private/tmp"			# real storage for /tmp
135clear_tmp=YES					# clear /tmp after reboot
136update_motd=YES					# updates /etc/motd
137update_motd_release=NO	motd_release_tag=""	# release info in /etc/motd
138dmesg=YES		dmesg_flags="-t"	# write /var/run/dmesg.boot
139accounting=NO					# uses /var/account/acct
140newsyslog=NO		newsyslog_flags=""	# trim log files
141quota=YES					# check and enable quotas
142ldconfig=YES					# rebuild a.out ldconfig cache
143sysdb=YES					# build system databases
144rndctl=NO		rndctl_flags=""		# configure rndctl(8)
145gpio=NO						# configure GPIO devices
146modules=YES					# process /etc/modules.conf
147
148# cope with other OSes using the real time clock at localtime on this
149# machine (by adjusting kern.rtc_offset at boot)
150rtclocaltime=NO
151
152# NOTE: default coredump name now set in /etc/sysctl.conf
153
154#
155# File system check flags; default to preen mode, checking file systems
156# that are listed in /etc/fstab in parallel as the fsck pass number
157# permits. Fix minor faults automatically, and exit with non 0 only
158# when major errors occur.
159#
160fsck_flags=-p
161
162# Security setting.  If $securelevel is non-empty, the system securelevel
163# is set to this value early in the boot sequence.  Otherwise the default
164# action is taken (see init(8)).
165#
166securelevel=""					# securelevel to set to
167
168# To set the IP address of an interface either use
169#  ifconfig_xxN="IP-NO"
170# where xxN is the interface.  If this variable is not set then
171# contents of the file /etc/ifconfig.xxN is used.
172
173# Networking startup.
174#
175# Wait up to 15 seconds for the tentative flag to clear from all addresses.
176# Wait up to 5 seconds for the detached flag to clear from all addresses.
177# Addresses are detached if there is no carrier, thus we have a small
178# wait to see if we get a carrier.
179# Even a wired interface may not recognise it has a carrier right away.
180ifconfig_wait_dad_flags="-w 15 -W 5"
181
182mdnsd=NO
183npf=NO
184npfd=NO			npfd_flags=""
185ipfilter=NO		ipfilter_flags=""	# uses /etc/ipf.conf
186ipnat=NO					# uses /etc/ipnat.conf
187ipfs=NO			ipfs_flags=""		# save/load ipnat and ipf states
188ipsec=NO					# uses /etc/ipsec.conf
189ipmon=NO		ipmon_flags="-Dns"	# syslog ipfilter messages
190pf=NO			pf_rules="/etc/pf.conf" pf_flags=""
191pflogd=NO
192ftp_proxy=NO
193racoon=NO					# IKE daemon
194auto_ifconfig=YES				# config all avail. interfaces
195net_interfaces=""				# used only if above is NO
196flushroutes=YES					# flush routes in netstart
197dhcpcd=NO		dhcpcd_flags="-qM"	# For ifconfig_XXX=dhcp.
198ntpdate=NO  		ntpdate_flags="-b -s"	# May need '-u' thru firewall
199ppp=YES			ppp_peers=""		# /etc/ppp/peers to call
200ip6mode=host					# host, autohost or router
201ip6uniquelocal=NO				# IPv6 unique-local forwarding
202
203# Special treatment for interfaces that need to be downed on
204# shutdown (because they might cause unnecessary costs or block resources
205# on the peer). All pppoe* interfaces are automatically included in this
206# list, add others here manually.
207#force_down_interfaces=""
208
209ifwatchd=NO	# execute up/down scripts for in-kernel PPPoE interfaces
210	ifwatchd_flags="-u /etc/ppp/ip-up -d /etc/ppp/ip-down pppoe0"
211
212# ALTQ configuration/monitoring daemon
213altqd=NO		altqd_flags=""
214
215# Daemons required by servers.  These are not needed for strictly client use.
216#
217
218# inetd is used to start the IP-based services enabled in /etc/inetd.conf
219#
220inetd=YES		inetd_flags="-l"	# -l logs libwrap
221
222# identd
223#
224identd=NO		identd_flags="-b -l -u nobody"
225
226# rpcbind (formerly known as 'portmap') is used to look up RPC-based services.
227#
228rpcbind=NO		rpcbind_flags="-l"	# -l logs libwrap
229
230# Commonly used daemons.
231#
232syslogd=YES		syslogd_flags="-s"	# -s "secure" unix domain only
233cron=YES
234named=NO		named_flags=""		# see below for named_chrootdir
235timed=NO		timed_flags=""
236ntpd=NO			ntpd_flags=""		# see below for ntpd_chrootdir
237# The default setting for postfix here is YES, but gets re-examined by
238# the rc.d/postfix startup script when it runs.  The script sets
239# _rc_d_postfix to "check", and then causes all rc.conf settings to
240# be re-evaluated.  If the value of $postfix after this is "check",
241# the script then checks to see if /etc/mailer.conf selects the system
242# postfix. If not, it does print a warning and does not start postfix
243# to avoid conflict with a different MTA.
244postfix=${_rc_d_postfix:-YES}
245lpd=NO			lpd_flags="-s"		# -s "secure" unix domain only
246sshd=NO			sshd_flags=""
247ssh_keygen_flags=""
248ftpd=NO			ftpd_flags="-ll"
249httpd=NO		httpd_flags=""
250			httpd_wwwdir="/var/www"
251			httpd_wwwuser="_httpd"
252
253# To run the named(8) DNS server as an unprivileged user under a
254# chroot(2) cage, uncomment the following after migrating the contents
255# of /etc/namedb to /var/chroot/named/etc/namedb
256#
257#named_chrootdir="/var/chroot/named"
258
259# To run the ntpd(8) NTP server as an unprivileged user under a
260# chroot(2) cage, uncomment the following, after ensuring that:
261#	- The kernel has "pseudo-device clockctl" compiled in
262#	- /dev/clockctl is present
263#
264#ntpd_chrootdir="/var/chroot/ntpd"
265
266# Routing daemons.
267#
268routed=NO		routed_flags="-q"
269gated=NO
270mrouted=NO		mrouted_flags=""
271route6d=NO		route6d_flags=""
272ldpd=NO
273
274# Daemons used to boot other hosts over a network.
275#
276rarpd=NO		rarpd_flags="-a"
277bootparamd=NO		bootparamd_flags=""
278dhcpd=NO		dhcpd_flags="-q"
279dhcpd6=NO		dhcpd6_flags="-q -cf /etc/dhcpd6.conf"
280dhcrelay=NO		dhcrelay_flags=""
281rbootd=NO		rbootd_flags=""
282mopd=NO			mopd_flags="-a"
283ndbootd=NO		ndbootd_flags="-s /tftpboot /tftpboot/bootyy"
284rtadvd=NO		rtadvd_flags=""
285isibootd=NO		isibootd_flags=""
286
287# X11 daemons.
288#
289xfs=NO			xfs_flags=""		# X11 font server
290xdm=NO			xdm_flags=""		# X11 display manager; needs
291						# wscons=YES for local displays.
292
293# Update fontconfig cache at boot
294fccache=YES
295
296# YP (NIS) daemons.
297#
298ypbind=NO		ypbind_flags=""
299ypserv=NO		ypserv_flags="-d"
300yppasswdd=NO		yppasswdd_flags=""
301
302# NFS daemons and parameters.
303#
304mountd=NO		mountd_flags=""		# NFS mount requests daemon
305nfs_client=NO					# enable client daemons
306nfs_server=NO					# enable server daemons
307			nfsd_flags=""
308lockd=NO		lockd_flags=""
309statd=NO		statd_flags=""
310amd=NO			amd_flags="-l syslog -x error,noinfo,nostats"
311			amd_dir=/amd			# mount dir
312
313# Heimdal Kerberos 5 KDC (with Kerberos IV compatibility)
314kdc=NO			kdc_flags="--detach"
315
316# iSCSI target
317iscsi_target=NO		iscsi_target_flags=""
318# iSCSI kernel initiator
319iscsid=NO
320# iSCSI attach from /etc/iscsi/volumes
321iscsid_volumes=YES
322
323# WPA daemons.
324hostapd=NO		hostapd_flags="-Bs /etc/hostapd.conf"
325wpa_supplicant=NO	wpa_supplicant_flags="-Ms -c /etc/wpa_supplicant.conf"
326
327# Bluetooth configuration
328bluetooth=NO
329# and the following are used when bluetooth=YES
330btconfig_devices=""                             # all
331bthcid=YES              bthcid_flags=""
332sdpd=YES                sdpd_flags=""
333
334# Other daemons.
335#
336rwhod=NO		rwhod_flags="-u _rwhod"
337devpubd=NO		devpubd_flags=""	# autocreate nodes for new devs
338envsys=NO					# Set /etc/envsys.conf preferences
339autofs=NO		automount_flags=""
340			automountd_flags=""
341			autounmountd_flags=""
342
343# Hardware daemons.
344#
345apmd=NO			apmd_flags=""		# APM power management daemon.
346powerd=NO		powerd_flags=""		# power management daemon
347screenblank=NO		screenblank_flags=""	# wscons and FBIO screenblanker
348
349moused=NO					# serial mouse handler
350			moused_flags="-p /dev/tty00"
351
352wdogctl=NO					# watchdog timer control
353#			wdogctl_flags="-k devicename"
354irdaattach=NO					# attach serial lines to IrDA
355			irdaattach_flags="tty00"
356
357# Configuration of "wscons" console driver virtual screens.
358#
359wscons=NO		wscons_flags=""		# setup wscons from wscons.conf
360
361# Configuration of "wsmoused" console driver cut-n-paste support
362#
363wsmoused=NO		wsmoused_flags=""
364
365# Configuration of "tpctl" touch panel calibration utility
366#
367tpctl=NO		tpctl_flags=""
368
369# Mixer setting
370#
371mixerctl=NO		mixerctl_mixers=""	# "mixer0 mixer1" means saving
372						# and restoring their settings
373
374# Vi recovery notification.  Vi(1)'s -r option can recover files which were
375# accidentally closed.  See vi(1) for more details.
376#
377virecover=YES
378
379# Veriexec signature loading.
380#
381veriexec=NO
382veriexec_strict=0
383veriexec_verbose=0
384veriexec_flags="-k"
385
386# Entropy load/save to/from /dev/random at startup/shutdown
387#
388random_seed=YES
389
390# Set to `check' to abort multi-user boot if not enough entropy, or
391# `wait' to wait until enough entropy, or `' (empty) to boot without
392# waiting or checking.
393#
394entropy="wait"
395
396# Creating / updating of man page index on boot
397makemandb=YES
398
399# Disable Simultaneous Multi-Threading
400smtoff=NO
401
402# blocklist daemon, needs npf
403blocklistd=NO
404
405# IPv6 address selection policy
406ip6addrctl=NO
407# ipv6_prefer, ipv4_prefer, auto
408ip6addrctl_policy=auto
409ip6addrctl_verbose=NO
410
411# Unbound
412unbound=NO
413unbound_chrootdir=/var/chroot/unbound
414
415# Nsd
416nsd=NO
417nsd_chrootdir=/var/chroot/nsd
418nsd_flags="-t ${nsd_chrootdir}"
419
420# ZFS
421zfs=NO
422