HardenedBSD/release/tools/ec2-base.conf

#!/bin/sh

. ${WORLDDIR}/release/tools/ec2.conf

# Packages to install into the image we're creating.  In addition to packages
# present on all EC2 AMIs, we install:
# * ec2-scripts, which provides a range of EC2ification startup scripts,
# * firstboot-freebsd-update, to install security updates at first boot,
# * firstboot-pkgs, to install packages at first boot, and
# * isc-dhcp44-client, used for IPv6 network setup.
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ec2-scripts \
    firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client"

# Services to enable in rc.conf(5).
export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
    ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs \
    growfs sshd"

vm_extra_pre_umount() {
	# The AWS CLI tools are generally useful, and small enough that they
	# will download quickly; but users will often override this setting
	# via EC2 user-data.
	echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf

	# EC2 instances use DHCP to get their network configuration.  IPv6
	# requires accept_rtadv.
	echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf

	# Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold
	echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf
	echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf
	echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf

	# Provide a script which rtsold can use to launch DHCPv6
	mkdir -p ${DESTDIR}/usr/local/libexec
	cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF'
#!/bin/sh

/usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1
EOF
	chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M

	# Any EC2 ephemeral disks seen when the system first boots will
	# be "new" disks; there is no "previous boot" when they might have
	# been seen and used already.
	touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen

	# Configuration common to all EC2 AMIs
	ec2_common

	return 0
}