# ALIX 3D2 system configuration for Embedded Tor node # By MacLemon # Public Domain, do whatever you want with it # 2010/02/01 # The numbers in the name correspond to the git repository revision. NANO_NAME=Alix3D2-53-1b1c29f NANO_KERNEL=/usr/src/tools/tools/nanobsd/ALIXKERNEL-53-1b1c29f NANO_SRC=/usr/src NANO_IMAGES=2 NANO_BOOT0CFG="-o nopacket -s 1 -m 3" # nopacket seems to be required by tinyBIOS NANO_PMAKE="make -j 6" # To stop nanoBSD from outputting everything to serial console (when using VGA) # NANO_BOOTLOADER="boot/boot0" # Drive geometry # Log C/H/S 1007/32/63 (1 GB) # NANO_MEDIASIZE=2030112 # NANO_HEADS=32 # NANO_SECTS=63 # Log C/H/S 974/64/63 SanDisk ultra II 2GB NANO_MEDIASIZE=3928176 NANO_HEADS=64 # heads from the logic CHS information at boot time NANO_SECTS=63 # sects from the logic CHS information at boot time NANO_DRIVE=ad0 NANO_CODESIZE=0 NANO_CONFSIZE=2048 NANO_DATASIZE=262144 NANO_RAM_ETCSIZE=10240 NANO_RAM_TMPVARSIZE=20480 CONF_WORLD=' TARGET=i386 TARGET_ARCH=i386 TARGET_CPUTYPE=pentium-mmx WITHOUT_ACPI=yes WITHOUT_ATM=yes WITHOUT_BLUETOOTH=yes WITHOUT_CALENDAR=yes WITHOUT_DICT=yes WITHOUT_FORTRAN=yes WITHOUT_GCOV=yes WITHOUT_GPIB=yes WITHOUT_HTML=yes WITHOUT_I4B=yes WITHOUT_INFO=yes WITHOUT_IPFILTER=yes WITHOUT_IPX=yes WITHOUT_KERBEROS=yes WITHOUT_LPR=yes WITHOUT_NIS=yes WITHOUT_NLS=yes WITHOUT_NLS_CATALOGS=yes WITHOUT_PROFILE=yes WITHOUT_RCMDS=yes WITHOUT_RESCUE=yes WITHOUT_SHAREDOCS=yes WITHOUT_SYSCONS=yes WITHOUT_ZFS=yes BOOT_COMCONSOLE_SPEED=9600 ' cust_nobeastie() ( touch ${NANO_WORLDDIR}/boot/loader.conf echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf ) cust_loader_conf(){ # Shortens the boot delay to select the desired slice to 3s (default is 10s) # Speeds up the boot process by 7 seconds echo "autoboot_delay=\"3\"" >> ${NANO_WORLDDIR}/boot/loader.conf } cust_rc_conf(){ touch ${NANO_WORLDDIR}/etc/rc.conf # Fetch an IP from DHCP on vr0 (primary ethernet interface on ALIX) echo "ifconfig_vr0=\"DHCP\"" >> ${NANO_WORLDDIR}/etc/rc.conf # Set time via ntp, this cannot be done through tor, since ntp uses UDP echo "ntpdate_enable=\"YES\"" >> ${NANO_WORLDDIR}/etc/rc.conf echo "ntpdate_hosts=\"pool.ntp.org\"" >> ${NANO_WORLDDIR}/etc/rc.conf # Run tor at system start echo "tor_enable=\"YES\"" >> ${NANO_WORLDDIR}/etc/rc.conf # Set correct file permissions chmod 644 ${NANO_WORLDDIR}/etc/rc.conf } cust_add_packages(){ # Add packages to # /usr/src/tools/tools/nanobsd/packages # first clean this from last build # rm -r /usr/src/tools/tools/nanobsd/packages/* cp -r /usr/ports/security/tor /usr/src/tools/tools/nanobsd/packages/ } install_packages(){ mkdir -p ${NANO_WORLDDIR}/packages cp /usr/src/tools/tools/nanobsd/packages/* ${NANO_WORLDDIR}/packages chroot ${NANO_WORLDDIR} sh -c 'cd packages; pkg_add -v *;cd ..;' rm -rf ${NANO_WORLDDIR}/packages } cust_install_packages(){ PACKAGE_LIST=`ls ${CONF_ROOT}/packages/*` cd ${NANO_WORLDDIR} for p in ${PACKAGE_LIST} do cat ${p} | pkg_add -rvC . - done } customize_cmd cust_comconsole customize_cmd cust_install_files customize_cmd cust_nobeastie customize_cmd cust_rc_conf customize_cmd cust_loader_conf # customize_cmd cust_tor # customize_cmd cust_add_packages # customize_cmd cust_install_packages customize_cmd install_packages # Just for testing, we actually do not need this during normal operation ##### Be sure to change tha password for root if you enable SSH! ##### customize_cmd cust_allow_ssh_root #EOF