#!/usr/local/bin/bash -u
# This is meant for new PC installs. Set for freebsd
#
## Notes:
# set my default shell to bash
# set up specifics for each host
# pkg install without prompts
myuser=$(whoami)
if [ $myuser != "root" ]; then
echo "Must be run as root. Sowwy"
exit 1
fi
cd /root/
user='kyelw'
host=$(hostname -s)
# Set up base-packages
pkg update
pkg install p5-Mozilla-CA ca_root_nss cups feh en_GB-libreoffice evince gimp python tmux-3.1b rsync p5-LWP-Protocol-https feh p5-libwww openvpn fusefs-sshfs terminus-font vlc musicpc musicpd vim rxvt-unicode subversion alsa-utils openvpn redshift i3lock arandr spectrwm scrot screen sudo git wget curl xorg xdm parcellite arandr chromium ffmpeg htop firefox-esr git gnupg gzip keepassxc curl lynx mpc ncmpcpp nmap redshift tcpdump thunderbird xfce dbus mpv xephyr
# youtube-dl
/usr/local/bin/wget 'https://yt-dl.org/downloads/latest/youtube-dl'; mv youtube-dl /usr/local/bin/youtube-dl; chown root:kyelw /usr/local/bin/youtube-dl ; chmod 755 /usr/local/bin/youtube-dl
# stfu
echo 'clear_tmp_enable="YES"
kld_list="/boot/modules/i915kms.ko"
syslogd_flags="-ss"
keymap="us.kbd"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
allscreens_kbdflags="-b quiet.off"
lpd_enable="YES"
musicpd_enable="NO"
sound_load="YES"
snd_hda_load="YES"
moused_enable="YES"
# allow sendmail outbound
sendmail_submit_enable="YES"
sendmail_outbound_enable="YES"
# stop syslog from listening
syslogd_flags="-s"
# clear /tmp
clear_tmp_enable="YES"
# ntp
ntpd_sync_on_start="YES"
ntpd_enable="YES"
# system accounting
accounting_enable="YES"
# fusefs for mounting usb drives
fusefs_load="YES"
# firewall
pf_enable="YES"
pf_rules="/etc/pf.conf"
# disable sendmail inbound
sendmail_enable="YES"
# ntp
ntpd_enable="YES"' > /etc/rc.conf
# variables are hard
echo "hostname=$(hostname -f)" >> /etc/rc.conf
# printing still sucks
sed -i -e 's#command="/usr/sbin/${name}"#command="/usr/sbin/${name} -s"#g' /etc/rc.d/lpd
mkdir -p /var/spool/lpd/lp
chown daemon:daemon /var/spool/lpd/lp
chmod 770 /var/spool/lpd/lp
echo 'scottprinter:\
:lp=9100@scottprinter:\
:sh:\
:mx#0:\
:rp=raw:\
:if=/usr/local/libexec/ps2pcl:\
:sd=/var/spool/lpd/lp:\
:lf=/var/log/lpd-errs:' > /etc/printcap
echo 'interface ignore wildcard
interface listen 127.0.0.1' >> /etc/ntp.conf
/
mkdir -p /usr/local/etc/cups/
echo '# Printer configuration file for CUPS v2.2.12
# Written by cupsd on 2020-02-24 15:49
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
UUID urn:uuid:58830332-feb2-3de7-3eff-5e58e01421b4
Info default
Location mo
DeviceURI socket://112.112.112.112:9100
State Idle
StateTime 1563492962
ConfigTime 1563410847
Type 4
Accepting Yes
Shared No
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
Attribute marker-colors \#000000
Attribute marker-levels 37
Attribute marker-names Black Cartridge HP CE255X
Attribute marker-types toner-cartridge
Attribute marker-change-time 1563492962
UUID urn:uuid:3kb8a3e-8cy8-3b7c-6eb9-357j8e88d185
Info
Location
MakeModel HP Color LaserJet 4700dn - CUPS+Gutenprint v5.3.3
DeviceURI socket://scottprinter:9100
State Idle
StateTime 1582588043
ConfigTime 1582587820
Reason toner-low-report
Reason toner-empty-warning
Type 4188
Accepting Yes
Shared No
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
Attribute marker-colors \#000000,#00FFFF,#FF00FF,#FFFF00
Attribute marker-levels 2,0,56,0
Attribute marker-names Black Cartridge HP CF380A,Cyan Cartridge HP CF381A,Magenta Cartridge HP CF383A,Yellow Cartridge HP CF382A
Attribute marker-types toner,toner,toner,toner
Attribute marker-change-time 1582588043
' > /usr/local/etc/cups/printers.conf
echo '# Printer configuration file for CUPS v2.2.12
# Written by cupsd on 2020-02-24 15:49
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
UUID urn:uuid:583l48831-f2ab-32ej-4jfl-5k58901401b4
Info default
Location mo
DeviceURI socket://112.112.112.112:9100
State Idle
StateTime 1563492962
ConfigTime 1563410847
Type 4
Accepting Yes
Shared No
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
Attribute marker-colors \#000000
Attribute marker-levels 37
Attribute marker-names Black Cartridge HP CE255X
Attribute marker-types toner-cartridge
Attribute marker-change-time 1563492962
UUID urn:uuid:b382888e-8ecb-336c-71e9-34769e78l185
Info
Location
MakeModel HP Color LaserJet 4700dn - CUPS+Gutenprint v5.3.3
DeviceURI socket://scottprinter:9100
State Idle
StateTime 1582588043
ConfigTime 1582587820
Reason toner-low-report
Reason toner-empty-warning
Type 4188
Accepting Yes
Shared No
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
Attribute marker-colors \#000000,#00FFFF,#FF00FF,#FFFF00
Attribute marker-levels 2,0,56,0
Attribute marker-names Black Cartridge HP CF380A,Cyan Cartridge HP CF381A,Magenta Cartridge HP CF383A,Yellow Cartridge HP CF382A
Attribute marker-types toner,toner,toner,toner
Attribute marker-change-time 1582588043
' > /usr/local/etc/cups/printers.conf.0
echo 'hint.hdaa.0.nid21.config="as=1 seq=15 device=Headphones"
hint.hdaa.1.nid20.config="as=1 seq=0"' >> /boot/device.hints
echo "kyelw ALL=(ALL) ALL" >> /usr/local/etc/sudoers
mkdir /mnt/usb
mkdir /mnt/backup
# Setting up rc-files repo
mkdir /var/files
mkdir /root/.ssh
mkdir /root/.subversion
echo -e "Host somehost.com\n\tUser tehdude\n\tPort 27\n\nHost *.somehost.com\n\tUser kevin\n\tIdentityFile=/var/files/rc-files/ALL/.ssh/homehost.id_rsa\n\tPort 27\n\tUserKnownHostsFile=/dev/null\n\tStrictHostKeyChecking=no\n\tProxyCommand ssh -q somehost.com -o StricthostKeyChecking=no -o UserKnownHostsFile=/dev/null nc -q0 %h 59" > /root/.ssh/config
echo -e "[tunnels]\nssh = ssh -F /root/.ssh/config -p 7922 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no " >> /root/.subversion/config
echo ""
read -p "Make sure ssh allows password authentication on repo, and hit enter"
echo "password for repo"
while true
do
/usr/local/bin/svn co svn+ssh://user@somehost.com/var/files/rc-files /var/files/rc-files
if [ $? -eq 0 ];
then
break
fi
done
chown kyelw:kyelw /var/files/rc-files/ALL/.ssh/keyname.id_rsa
chmod 640 /var/files/rc-files/ALL/.ssh/otherkeyname.id_rsa
ln -s /usr/local/bin/bash /bin/bash
ln -s /var/files/rc-files /home/${user}/rc.files
ln -s /var/files/scripts /home/${user}/scripts
ln -s /var/files/scripts/toggle_music.sh /usr/local/bin/music_toggle.sh
ln -s /var/files/scripts/pause_music.sh /usr/local/bin/music_pause.sh
ln -s /var/files/scripts/prev_track.sh /usr/local/bin/music_prev.sh
ln -s /var/files/scripts/next_track.sh /usr/local/bin/music_next.sh
ln -s /var/files/scripts/volume_up.sh /usr/local/bin/music_volume_up.sh
ln -s /var/files/scripts/volume_down.sh /usr/local/bin/music_volume_down.sh
ln -s /var/files/scripts/lock.phone.pause.music.sh /usr/local/bin/
ln -s /var/files/scripts/backlight.sh /usr/local/bin/
ln -s /var/files/scripts/fix.resolve.sh /usr/local/sbin/
ln -s /usr/local/bin/mpc /usr/bin/mpc
ln -s /var/files/scripts/send.to.somehost.sh /usr/local/sbin/
chmod +x /var/files/scripts/backlight.sh
chmod +x /usr/local/bin/backlight.sh
mkdir /home/${user}/.ssh
ln -s /var/files/rc-files/${host}/.ssh/config /home/${user}/.ssh/config
echo "127.127.127.126 scottprinter" >> /etc/hosts
echo ""
echo "password for svn.somehost.com"
while true
do
svn co svn+ssh://user@svn.somehost.com/var/files/scripts /var/files/scripts
if [ $? -eq 0 ];
then
break
fi
done
ln -s /var/files/scripts /home/${user}/scripts
for dir in $(find "/var/files/rc-files/${host}/" -type d | tr '.' ' ' | awk '{print $2;}' | sed '/^$/d');
do
mkdir /home/${user}/."${dir}"
done
chown -R ${user}:${user} /var/files 2>/dev/null
chown -R ${user}:${user} /home/${user} 2>/dev/null
ln -s /var/files/scripts/rc.file.builder.sh /usr/local/bin/rc.file.builder.sh
rm /root/.ssh/config
cd /usr/ports
/usr/sbin/portsnap fetch
/usr/sbin/portsnap extract
cd /usr/ports/x11-drivers/xf86-video-ati-legacy/
make install
cd /usr/ports/x11-drivers/xf86-input-synaptics
make install
cd /usr/ports/graphics/intel-backlight
make install
cd /usr/ports/www/p5-LWP-Protocol-https
make install
cd /usr/ports/sysutils/coreutils/
make install
ln -s /usr/local/bin/gmd5sum /usr/local/bin/md5sum
cd /usr/ports/graphics/drm-next-kmod/
make
make install
cd
while true
do
chpass -s /bin/bash kyelw
if [ $? -eq 0 ];
then
break
fi
done
pw groupmod video -m kyelw
pw groupmod mpd -m kyelw
echo '#
# $FreeBSD: releng/11.2/etc/etc.amd64/ttys 333673 2018-05-16 13:18:37Z imp $
# @(#)ttys 5.1 (Berkeley) 4/17/89
#
# This file specifies various information about terminals on the system.
# It is used by several different programs. Common entries for the
# various columns include:
#
# name The name of the terminal device.
#
# getty The program to start running on the terminal. Typically a
# getty program, as the name implies. Other common entries
# include none, when no getty is needed, and xdm, to start the
# X Window System.
#
# type The initial terminal type for this port. For hardwired
# terminal lines, this will contain the type of terminal used.
# For virtual consoles, the correct type is typically xterm.
# Other common values include dialup for incoming modem ports, and
# unknown when the terminal type cannot be predetermined.
#
# status Must be on or off. If on, init will run the getty program on
# the specified port. If the word "secure" appears, this tty
# allows root login.
#
# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
ttyv1 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv2 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv3 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv4 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv5 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv6 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv7 "/usr/libexec/getty Pc" xterm onifexists secure
ttyv8 "/usr/local/bin/xdm -nodaemon" xterm on secure
# Serial terminals
# The "dialup" keyword identifies dialin lines to login, fingerd etc.
ttyu0 "/usr/libexec/getty 3wire" vt100 onifconsole secure
ttyu1 "/usr/libexec/getty 3wire" vt100 onifconsole secure
ttyu2 "/usr/libexec/getty 3wire" vt100 onifconsole secure
ttyu3 "/usr/libexec/getty 3wire" vt100 onifconsole secure
# Dumb console
dcons "/usr/libexec/getty std.9600" vt100 off secure
' > /etc/ttys
# mpd stuff
kldload fuse
mkdir /var/log/mpd
touch /var/log/mpd/mpd.log
chown mpd:mpd /var/log/mpd/mpd.log
mkdir /var/run/mpd
chown mpd:mpd /var/run/mpd
mkdir /var/mpd
chown mpd:mpd /var/mpd
touch /var/mpd/tag_cache
chown mpd:mpd /var/mpd/tag_cache
touch /var/mpd/state
chown mpd:mpd /var/mpd/state
# to set up music (works on kyelw)
# music stuff
cp /var/files/rc-files/misc-files/mpd.conf /usr/local/etc/musicpd.conf
mkdir /mnt/music
mkdir -p /var/lib/mpd
ln -s /mnt/music/tag_cache /var/lib/mpd/tag_cache
ln -s /mnt/music/playlists /var/lib/mpd/playlists
pw groupadd audio
if [ "${hostname}" == 'lappy' ]
then
cd /usr/ports/graphics/drm-kmod/
make install
echo 'hw.snd.default_unit=0' >> /etc/sysctl.conf
elif [ "${hostname}" == 'kyelw' ]
then
echo 'hw.snd.default_unit=1' >> /etc/sysctl.conf
fi
echo '# login.conf - login class capabilities database.
#
# Remember to rebuild the database after each change to this file:
#
# cap_mkdb /etc/login.conf
#
# This file controls resource limits, accounting limits and
# default user environment settings.
#
# $FreeBSD: releng/11.2/etc/login.conf 296723 2016-03-12 14:54:34Z kib $
#
# Default settings effectively disable resource limits, see the
# examples below for a starting point to enable them.
# defaults
# These settings are used by login(1) by default for classless users
# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
#
# Note that since a colon ":" is used to separate capability entries,
# a \c escape sequence must be used to embed a literal colon in the
# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
# AND SEMANTICS" section of getcap(3) for more escape sequences).
default:\
:passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
:nologin=/var/run/nologin:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=64K:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:sbsize=unlimited:\
:vmemoryuse=unlimited:\
:swapuse=unlimited:\
:pseudoterminals=unlimited:\
:kqueues=unlimited:\
:umtxp=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:\
:charset=UTF-8:\
:lang=en_US.UTF-8:
#
# A collection of common class names - forward them all to "default"
# (login would normally do this anyway, but having a class name
# here suppresses the diagnostic)
#
standard:\
:tc=default:
xuser:\
:tc=default:
staff:\
:tc=default:
daemon:\
:memorylocked=128M:\
:tc=default:
news:\
:tc=default:
dialer:\
:tc=default:
#
# Root can always login
#
# N.B. login_getpwclass(3) will use this entry for the root account,
# in preference to "default".
root:\
:ignorenologin:\
:memorylocked=unlimited:\
:tc=default:
#
# Russian Users Accounts. Setup proper environment variables.
#
russian|Russian Users Accounts:\
:charset=UTF-8:\
:lang=ru_RU.UTF-8:\
:tc=default:
######################################################################
######################################################################
##
## Example entries
##
######################################################################
######################################################################
## Example defaults
## These settings are used by login(1) by default for classless users
## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
#
#default:\
# :cputime=infinity:\
# :datasize-cur=22M:\
# :stacksize-cur=8M:\
# :memorylocked-cur=10M:\
# :memoryuse-cur=30M:\
# :filesize=infinity:\
# :coredumpsize=infinity:\
# :maxproc-cur=64:\
# :openfiles-cur=64:\
# :priority=0:\
# :requirehome@:\
# :umask=022:\
# :tc=auth-defaults:
#
#
##
## standard - standard user defaults
##
#standard:\
# :copyright=/etc/COPYRIGHT:\
# :welcome=/etc/motd:\
# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
# :path=~/bin /bin /usr/bin /usr/local/bin:\
# :manpath=/usr/share/man /usr/local/man:\
# :nologin=/var/run/nologin:\
# :cputime=1h30m:\
# :datasize=8M:\
# :vmemoryuse=100M:\
# :stacksize=2M:\
# :memorylocked=4M:\
# :memoryuse=8M:\
# :filesize=8M:\
# :coredumpsize=8M:\
# :openfiles=24:\
# :maxproc=32:\
# :priority=0:\
# :requirehome:\
# :passwordtime=90d:\
# :umask=002:\
# :ignoretime@:\
# :tc=default:
#
#
##
## users of X (needs more resources!)
##
#xuser:\
# :manpath=/usr/share/man /usr/local/man:\
# :cputime=4h:\
# :datasize=12M:\
# :vmemoryuse=infinity:\
# :stacksize=4M:\
# :filesize=8M:\
# :memoryuse=16M:\
# :openfiles=32:\
# :maxproc=48:\
# :tc=standard:
#
#
##
## Staff users - few restrictions and allow login anytime
##
#staff:\
# :ignorenologin:\
# :ignoretime:\
# :requirehome@:\
# :accounted@:\
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :umask=022:\
# :tc=standard:
#
#
##
## root - fallback for root logins
##
#root:\
# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :cputime=infinity:\
# :datasize=infinity:\
# :stacksize=infinity:\
# :memorylocked=infinity:\
# :memoryuse=infinity:\
# :filesize=infinity:\
# :coredumpsize=infinity:\
# :openfiles=infinity:\
# :maxproc=infinity:\
# :memoryuse-cur=32M:\
# :maxproc-cur=64:\
# :openfiles-cur=1024:\
# :priority=0:\
# :requirehome@:\
# :umask=022:\
# :tc=auth-root-defaults:
#
#
##
## Settings used by /etc/rc
##
#daemon:\
# :coredumpsize@:\
# :coredumpsize-cur=0:\
# :datasize=infinity:\
# :datasize-cur@:\
# :maxproc=512:\
# :maxproc-cur@:\
# :memoryuse-cur=64M:\
# :memorylocked-cur=64M:\
# :openfiles=1024:\
# :openfiles-cur@:\
# :stacksize=16M:\
# :stacksize-cur@:\
# :tc=default:
#
#
##
## Settings used by news subsystem
##
#news:\
# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
# :cputime=infinity:\
# :filesize=128M:\
# :datasize-cur=64M:\
# :stacksize-cur=32M:\
# :coredumpsize-cur=0:\
# :maxmemorysize-cur=128M:\
# :memorylocked=32M:\
# :maxproc=128:\
# :openfiles=256:\
# :tc=default:
#
#
##
## The dialer class should be used for a dialup PPP account
## Welcome messages/news suppressed
##
#dialer:\
# :hushlogin:\
# :requirehome@:\
# :cputime=unlimited:\
# :filesize=2M:\
# :datasize=2M:\
# :stacksize=4M:\
# :coredumpsize=0:\
# :memoryuse=4M:\
# :memorylocked=1M:\
# :maxproc=16:\
# :openfiles=32:\
# :tc=standard:
#
#
##
## Site full-time 24/7 PPP connection
## - no time accounting, restricted to access via dialin lines
##
#site:\
# :ignoretime:\
# :passwordtime@:\
# :refreshtime@:\
# :refreshperiod@:\
# :sessionlimit@:\
# :autodelete@:\
# :expireperiod@:\
# :graceexpire@:\
# :gracetime@:\
# :warnexpire@:\
# :warnpassword@:\
# :idletime@:\
# :sessiontime@:\
# :daytime@:\
# :weektime@:\
# :monthtime@:\
# :warntime@:\
# :accounted@:\
# :tc=dialer:\
# :tc=staff:
#
#
##
## Example standard accounting entries for subscriber levels
##
#
#subscriber|Subscribers:\
# :accounted:\
# :refreshtime=180d:\
# :refreshperiod@:\
# :sessionlimit@:\
# :autodelete=30d:\
# :expireperiod=180d:\
# :graceexpire=7d:\
# :gracetime=10m:\
# :warnexpire=7d:\
# :warnpassword=7d:\
# :idletime=30m:\
# :sessiontime=4h:\
# :daytime=6h:\
# :weektime=40h:\
# :monthtime=120h:\
# :warntime=4h:\
# :tc=standard:
#
#
##
## Subscriber accounts. These accounts have their login times
## accounted and have access limits applied.
##
#subppp|PPP Subscriber Accounts:\
# :tc=dialer:\
# :tc=subscriber:
#
#
#subshell|Shell Subscriber Accounts:\
# :tc=subscriber:
#
##
## If you want some of the accounts to use traditional UNIX DES based
## password hashes.
##
#des_users:\
# :passwd_format=des:\
# :tc=default:' > /etc/login.conf
/usr/bin/cap_mkdb /etc/login.conf
echo '# $FreeBSD: releng/11.2/etc/freebsd-update.conf 257694 2013-11-05 09:30:06Z glebius $
# Trusted keyprint. Changing this is a Bad Idea unless youve received
# a PGP-signed email from telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c384j4e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server wont provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
MailTo kyelw@thekyel.com
# Is FreeBSD Update allowed to create new files?
AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
BackupKernelSymbolFiles no' > /etc/freebsd-update.conf
# load fuse for sshfs
echo 'fuse_load="YES"
geom_eli_load="YES"
aesni_load="YES"
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
autoboot_delay="3"
# for the librem 13
hw.psm.elantech_support="1"
zfs_load="YES"' > /boot/loader.conf
echo 'hw.psm.tap_timeout=0
security.bsd.unprivileged_idprio=1' >> /etc/sysctl.conf
echo '#!/bin/sh
#
# For a more detailed explanation of all the periodic.conf variables, please
# refer to the periodic.conf(5) manual page.
#
# $FreeBSD: releng/11.2/etc/defaults/periodic.conf 317857 2017-05-05 21:59:34Z asomers $
#
# What files override these defaults ?
periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
# periodic script dirs
local_periodic="/usr/local/etc/periodic"
# Max time to sleep to avoid causing congestion on download servers
anticongestion_sleeptime=3600
# Daily options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $daily_output might be set to /var/log/daily.log if you
# wish to log the daily output and have the files rotated by newsyslog(8)
#
daily_output="root" # user or /file
daily_show_success="YES" # scripts returning 0
daily_show_info="YES" # scripts returning 1
daily_show_badconfig="YES" # scripts returning 2
# 100.clean-disks
daily_clean_disks_enable="NO" # Delete files daily
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
daily_clean_disks_days=3 # If older than this
daily_clean_disks_verbose="YES" # Mention files deleted
# 110.clean-tmps
daily_clean_tmps_enable="NO" # Delete stuff daily
daily_clean_tmps_dirs="/tmp" # Delete under here
daily_clean_tmps_days="3" # If not accessed for
daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" # Dont delete these
daily_clean_tmps_verbose="YES" # Mention files deleted
# 120.clean-preserve
daily_clean_preserve_enable="YES" # Delete files daily
daily_clean_preserve_days=7 # If not modified for
daily_clean_preserve_verbose="YES" # Mention files deleted
# 130.clean-msgs
daily_clean_msgs_enable="YES" # Delete msgs daily
daily_clean_msgs_days= # If not modified for
# 140.clean-rwho
daily_clean_rwho_enable="YES" # Delete rwho daily
daily_clean_rwho_days=7 # If not modified for
daily_clean_rwho_verbose="YES" # Mention files deleted
# 150.clean-hoststat
daily_clean_hoststat_enable="YES" # Purge sendmail host status cache daily
# 200.backup-passwd
daily_backup_passwd_enable="YES" # Backup passwd & group
# 210.backup-aliases
daily_backup_aliases_enable="YES" # Backup mail aliases
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
# 310.accounting
daily_accounting_enable="YES" # Rotate acct files
daily_accounting_compress="NO" # Gzip rotated files
daily_accounting_flags=-q # Flags to /usr/sbin/sa
daily_accounting_save=3 # How many files to save
# 330.news
daily_news_expire_enable="YES" # Run news.expire
# 400.status-disks
daily_status_disks_enable="YES" # Check disk status
daily_status_disks_df_flags="-l -h" # df(1) flags for check
# 401.status-graid
daily_status_graid_enable="NO" # Check graid(8)
# 404.status-zfs
daily_status_zfs_enable="YES" # Check ZFS
daily_status_zfs_zpool_list_enable="YES" # List ZFS pools
# 406.status-gmirror
daily_status_gmirror_enable="NO" # Check gmirror(8)
# 407.status-graid3
daily_status_graid3_enable="NO" # Check graid3(8)
# 408.status-gstripe
daily_status_gstripe_enable="NO" # Check gstripe(8)
# 409.status-gconcat
daily_status_gconcat_enable="NO" # Check gconcat(8)
# 410.status-mfi
daily_status_mfi_enable="NO" # Check mfiutil(8)
# 420.status-network
daily_status_network_enable="YES" # Check network status
daily_status_network_usedns="YES" # DNS lookups are ok
daily_status_network_netstat_flags="-d" # netstat(1) flags
# 430.status-uptime
daily_status_uptime_enable="YES" # Check system uptime
# 440.status-mailq
daily_status_mailq_enable="YES" # Check mail status
daily_status_mailq_shorten="NO" # Shorten output
daily_status_include_submit_mailq="YES" # Also submit queue
# 450.status-security
daily_status_security_enable="YES" # Security check
# See also "Security options" below for more options
daily_status_security_inline="NO" # Run inline ?
daily_status_security_output="root" # user or /file
# 460.status-mail-rejects
daily_status_mail_rejects_enable="YES" # Check mail rejects
daily_status_mail_rejects_logs=3 # How many logs to check
daily_status_mail_rejects_shorten="NO" # Shorten output
# 480.leapfile-ntpd
daily_ntpd_leapfile_enable="YES" # Fetch NTP leapfile
# 480.status-ntpd
daily_status_ntpd_enable="NO" # Check NTP status
# 500.queuerun
daily_queuerun_enable="YES" # Run mail queue
daily_submit_queuerun="YES" # Also submit queue
# 510.status-world-kernel
daily_status_world_kernel="YES" # Check the running
# userland/kernel version
# 800.scrub-zfs
daily_scrub_zfs_enable="NO"
daily_scrub_zfs_pools="" # empty string selects all pools
daily_scrub_zfs_default_threshold="35" # days between scrubs
#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold
# 999.local
daily_local="/etc/daily.local" # Local scripts
# Weekly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $weekly_output might be set to /var/log/weekly.log if you
# wish to log the weekly output and have the files rotated by newsyslog(8)
#
weekly_output="root" # user or /file
weekly_show_success="YES" # scripts returning 0
weekly_show_info="YES" # scripts returning 1
weekly_show_badconfig="YES" # scripts returning 2
# 310.locate
weekly_locate_enable="YES" # Update locate weekly
# 320.whatis
weekly_whatis_enable="YES" # Update whatis weekly
# 330.catman
weekly_catman_enable="NO" # Preformat man pages
# 340.noid
weekly_noid_enable="NO" # Find unowned files
weekly_noid_dirs="/" # Look here
# 450.status-security
weekly_status_security_enable="YES" # Security check
# See also "Security options" above for more options
weekly_status_security_inline="NO" # Run inline ?
weekly_status_security_output="root" # user or /file
# 999.local
weekly_local="/etc/weekly.local" # Local scripts
# Monthly options
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output. $monthly_output might be set to /var/log/monthly.log if you
# wish to log the monthly output and have the files rotated by newsyslog(8)
#
monthly_output="root" # user or /file
monthly_show_success="YES" # scripts returning 0
monthly_show_info="YES" # scripts returning 1
monthly_show_badconfig="YES" # scripts returning 2
# 200.accounting
monthly_accounting_enable="YES" # Login accounting
# 450.status-security
monthly_status_security_enable="YES" # Security check
# See also "Security options" above for more options
monthly_status_security_inline="NO" # Run inline ?
monthly_status_security_output="root" # user or /file
# 999.local
monthly_local="/etc/monthly.local" # Local scripts
# Security options
security_show_success="YES" # scripts returning 0
security_show_info="YES" # scripts returning 1
security_show_badconfig="YES" # scripts returning 2
# These options are used by the security periodic(8) scripts spawned in
# daily and weekly 450.status-security.
security_status_logdir="/var/log" # Directory for logs
security_status_diff_flags="-b -u" # flags for diff output
# Each of the security_status_*_period options below can have one of the
# following values:
# - NO: do not run at all
# - daily: only run during the daily security status
# - weekly: only run during the weekly security status
# - monthly: only run during the monthly security status
# Note that if periodic security scripts are run from crontab(5) directly,
# they will be run unless _enable or _period is set to "NO".
# 100.chksetuid
security_status_chksetuid_enable="YES"
security_status_chksetuid_period="daily"
# 110.neggrpperm
security_status_neggrpperm_enable="YES"
security_status_neggrpperm_period="daily"
# 200.chkmounts
security_status_chkmounts_enable="YES"
security_status_chkmounts_period="daily"
#security_status_chkmounts_ignore="^amd:" # Dont check matching
# FS types
security_status_noamd="NO" # Dont check amd mounts
# 300.chkuid0
security_status_chkuid0_enable="YES"
security_status_chkuid0_period="daily"
# 400.passwdless
security_status_passwdless_enable="YES"
security_status_passwdless_period="daily"
# 410.logincheck
security_status_logincheck_enable="YES"
security_status_logincheck_period="daily"
# 500.ipfwdenied
security_status_ipfwdenied_enable="YES"
security_status_ipfwdenied_period="daily"
# 510.ipfdenied
security_status_ipfdenied_enable="YES"
security_status_ipfdenied_period="daily"
# 520.pfdenied
security_status_pfdenied_enable="YES"
security_status_pfdenied_period="daily"
# 550.ipfwlimit
security_status_ipfwlimit_enable="YES"
security_status_ipfwlimit_period="daily"
# 610.ipf6denied
security_status_ipf6denied_enable="YES"
security_status_ipf6denied_period="daily"
# 700.kernelmsg
security_status_kernelmsg_enable="YES"
security_status_kernelmsg_period="daily"
# 800.loginfail
security_status_loginfail_enable="YES"
security_status_loginfail_period="daily"
# 900.tcpwrap
security_status_tcpwrap_enable="YES"
security_status_tcpwrap_period="daily"
# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
# scripts to source defaults/periodic.conf overrides safely.
if [ -z "${source_periodic_confs_defined}" ]; then
source_periodic_confs_defined=yes
# Sleep for a random amount of time in order to mitigate the thundering
# herd problem of multiple hosts running periodic simultaneously.
# Will not sleep when used interactively.
# Will sleep at most once per invocation of periodic
anticongestion() {
[ -n "$PERIODIC_IS_INTERACTIVE" ] && return
if [ -f "$PERIODIC_ANTICONGESTION_FILE" ]; then
rm -f $PERIODIC_ANTICONGESTION_FILE
sleep `jot -r 1 0 ${anticongestion_sleeptime}`
fi
}
# Compatibility with old daily variable names.
# They can be removed in stable/11.
security_daily_compat_var() {
local var=$1 dailyvar value
dailyvar=daily_status_security${var#security_status}
periodvar=${var%enable}period
eval value=\"\$$dailyvar\"
[ -z "$value" ] && return
echo "Warning: Variable \$$dailyvar is deprecated," \
"use \$$var instead." >&2
case "$value" in
[Yy][Ee][Ss])
eval $var=YES
eval $periodvar=daily
;;
*)
eval $var=\"$value\"
;;
esac
}
check_yesno_period() {
local var="$1" periodvar value period
eval value=\"\$$var\"
case "$value" in
[Yy][Ee][Ss]) ;;
*) return 1 ;;
esac
periodvar=${var%enable}period
eval period=\"\$$periodvar\"
case "$PERIODIC" in
"security daily")
case "$period" in
[Dd][Aa][Ii][Ll][Yy]) return 0 ;;
*) return 1 ;;
esac
;;
"security weekly")
case "$period" in
[Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;;
*) return 1 ;;
esac
;;
"security monthly")
case "$period" in
[Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;;
*) return 1 ;;
esac
;;
security)
# Run directly from crontab(5).
case "$period" in
[Nn][Oo]) return 1 ;;
*) return 0 ;;
esac
;;
*)
echo "ASSERTION FAILED: Unexpected value for" \
"\$PERIODIC: $PERIODIC" >&2
exit 127
;;
esac
}
source_periodic_confs() {
local i sourced_files
for i in ${periodic_conf_files}; do
case ${sourced_files} in
*:$i:*)
;;
*)
sourced_files="${sourced_files}:$i:"
[ -r $i ] && . $i
;;
esac
done
}
fi
' > /etc/periodic.conf
echo '#!/bin/sh
xsetroot -solid black
/usr/local/bin/xset s off # dont activate screensaver
/usr/local/bin/xset s noblank # dont blank the video device
/usr/local/bin/xset -dpms # disable DPMS (Energy Star) features.' > /usr/local/etc/X11/xdm/Xsetup_0
# sendmail
echo "# \$FreeBSD: releng/11.2/etc/mail/aliases 243752 2012-12-01 15:11:46Z rwatson $
# @(#)aliases 5.3 (Berkeley) 5/24/90
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks.
#
# >>>>>>>>>> The program newaliases must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
#
# See also RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES
# AND FUNCTIONS, May 1997
# http://tools.ietf.org/html/rfc2142
# Pretty much everything else in this file points to root, so
# you would do well in either reading roots mailbox or forwarding
# roots email from here.
# root: me@my.domain
# Basic system aliases -- these MUST be present
root: $(hostname -s)@somehost.com
MAILER-DAEMON: postmaster
postmaster: root
# General redirections for pseudo accounts
_dhcp: root
_pflogd: root
auditdistd: root
bin: root
bind: root
daemon: root
games: root
hast: root
kmem: root
mailnull: postmaster
man: root
news: root
nobody: root
operator: root
pop: root
proxy: root
smmsp: postmaster
sshd: root
system: root
toor: root
tty: root
usenet: news
uucp: root
abuse: root
security: root
ftp: root
ftp-bugs: ftp" > /etc/mail/aliases
/usr/bin/newaliases
# whoever thought this was a good idea to add as a default in vim needs to be punched in their stupid face
echo 'autocmd BufNewFile,BufRead * setlocal formatoptions-=cro
set paste' > /usr/local/etc/vim/vimrc
echo 'set mouse=' >> /root/.vimrc
# bashrc
echo 'source $HOME/.bashrc' >> /home/kyelw/.profile
echo '7d9c693k4j4dd5b17132f5f005bf4c982' > /var/lib/dbus/machine-id
chmod +x /var/files/scripts/backlight.sh
mkdir /var/account/acct
mkdir /etc/openvpn
mkdir /etc/news.expire
mkdir /var/repo
chown kyelw:kyelw /var/repo
mkdir /var/log/mtree
eth=$(ifconfig | grep flags | grep -vE "lo0" | awk '{print $1;}' | tr -d ':')
ip=$(ifconfig | grep inet | grep -vE "inet6|127.0.0.1" | awk '{print $2;}')
echo "ext_if="${eth}"
set skip on lo
pass in from ${ip} to any
pass in from 127.0.0.1 to 127.0.0.1
block in
pass out all keep state" > /etc/pf.conf
echo ""
echo "Done. now exit, and run rc.file.builder.sh, then reboot"