FreeBSD configuration
When reinstalling FreeBSD, for example in case of a new major version release, it's easy to overlook some common configuration.
This page lists files with necessary modifications to make it harder to forget anything important.
/compat/<jail>/etc/rc.conf
apache24_enable="YES" clear_tmp_enable="YES" postgresql_enable="YES" synapse_enable="YES" dumpdev="NO" moused_nondefault_enable="NO" sendmail_enable="NONE"
/etc/group
Desktop user should belong to the following groups:autologin nopasswdlogin pulse pulse-access pulse-rt realtime videoSuperuser-adjacent users should belong to the following groups:
kmem operator wheelautologin and nopasswdlogin may need to be created manually:
pw groupadd -g 998 -n autologin pw groupadd -g 999 -n nopasswdlogin
/etc/fstab
fdesc /dev/fd fdescfs rw 0 0 proc /proc procfs rw 0 0
/etc/fstab.<jail>
/usr/ports/distfiles /compat/<jail>/usr/ports/distfiles nullfs rw 0 0
/etc/jail.conf
allow.chflags;
allow.mount;
allow.raw_sockets;
allow.set_hostname;
allow.socket_af;
allow.sysvipc;
mount.devfs;
mount.fdescfs;
mount.procfs;
$parent="/compat";
<jail>
{
path = "$parent/$name";
mount.fstab = "/etc/fstab.$name";
host.hostname = "$name";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
ip4 = inherit;
ip6 = inherit;
interface = re0;
}
/etc/make.conf
CPUTYPE?=native
/etc/pf.conf
tablepersist anchor "f2b/*" block drop in log quick on re0 from to any
/etc/rc.conf
kld_list="amdtemp cuse fusefs nvidia-modeset smbfs snd_driver" keymap=fi ifconfig_re0="-rxcsum -txcsum -rxcsum6 -txcsum6 dhcp" ifconfig_re0_ipv6="inet6 accept_rtadv" clear_tmp_enable="YES" dbus_enable="YES" fail2ban_enable="YES" linux_enable="YES" linux_mounts_enable="YES" mixer_enable="YES" ntpd_enable="YES" pf_enable="YES" postgresql_enable="YES" samba_server_enable="YES" sshd_enable="YES" zfs_enable="YES" dumpdev"NO" moused_nondefault_enable="NO" powerd_flags="-a adaptive -n adaptive -p 500" powerd_enable="YES" sendmail_enable="NONE" jail_list="" jail_parallel_start="NO" jail_enable="YES" webcamd_0_flags="-N HD-Pro-Webcam-C920-vendor-0x046d" webcamd_enable="YES"
/etc/sysctl.conf.local
hw.snd.default_unit=0 kern.coredump=0 net.inet.ip.forwarding=1 net.inet6.ip6.accept_rtadv=1 net.inet6.ip6.forwarding=1 security.bsd.unprivileged_chroot=1 security.jail.allow_raw_sockets=1 vfs.usermount=1 hw.nvidia.registry.EnableGpuFirmware=1 hw.nvidia.registry.EnableResizableBar=1
/usr/local/etc/fail2ban/jail.d/local.conf
[DEFAULT] bantime = 7776000 fidtime = 3600 maxretry = 8 banaction = pf [sshd] enabled = true
/usr/local/etc/polkit-1/rules.d/99-xfce-session.rules
polkit.addRule(function (action, subject) {
if (action.id == "org.freedesktop.consolekit.system.restart" ||
action.id == "org.freedesktop.consolekit.system.stop"
&& subject.isInGroup("operator")) {
return polkit.Result.YES;
}
});
polkit.addRule(function (action, subject) {
if (action.id == "org.freedesktop.consolekit.system.suspend"
&& subject.isInGroup("operator")) {
return polkit.Result.YES;
}
});
/usr/local/etc/pulse/daemon.conf
default-sample-rate = 48000 default-fragments = 8 default-fragment-size-msec = 22 remixing-use-all-sink-channels = no
/usr/local/etc/pulse/default.pa
set-default-sink 1 set-default-source 13
/usr/local/etc/sudoers.d/operator
Defaults:%operator !lecture,timestamp_timeout=60,!tty_tickets %operator ALL=(ALL) ALL
deprecated
/etc/devfs.conf
perm devstat 0444
/etc/libmap32.conf
includedir /compat/freebsd32/usr/local/etc/libmap.d