xref: /src/etc/defaults/rc.conf

#	$NetBSD: rc.conf,v 1.136 2016/01/07 11:51:07 roy Exp $
#
# /etc/defaults/rc.conf --
#	default configuration of /etc/rc.conf
#
# see rc.conf(5) for more information.
#
# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
# EDIT /etc/rc.conf INSTEAD.
#

#
# Use program=YES to enable program, NO to disable it. program_flags are
# passed to the program on the command line.
#

# Uncomment this if you want to use local paths in rc.
#
#export PATH=$PATH:/usr/pkg/sbin:/usr/pkg/bin:/usr/local/sbin:/usr/local/bin

# Uncomment the following to execute each /etc/rc.d script in
# the current shell rather than in a subshell.  This may be
# faster on very slow machines that have an expensive fork(2).
#	NOTE:	USE THIS AT YOUR OWN RISK; A ROGUE COMMAND
#		MAY INADVERTENTLY PREVENT BOOT TO MULTIUSER.
#
#rc_fast_and_loose=YES

# If rc_silent is true then /etc/rc will suppress most output to
# the console.  The default is taken from the AB_SILENT flag passed
# from the boot loader to the kernel in the boothowto(9) variable.
#
# rc_silent_cmd is executed once for each suppressed line of output.
# Useful values are ":" and "twiddle".
#
rc_silent=$( [ "$(( $(/sbin/sysctl -n kern.boothowto 2>/dev/null || echo 0) \
		    & 0x40000 ))" != 0 ] && echo true || echo false )
rc_silent_cmd=twiddle

# Additional flags to the rcorder(8) that's run by /etc/rc.
#
rc_rcorder_flags=""

# The directories searched for rc scripts.
# These directories must be part of the root file system.
rc_directories=/etc/rc.d 

# If this is set to NO, shutdown(8) will not run /etc/rc.shutdown.
#
do_rcshutdown=YES

# Additional flags to the rcorder(8) that's run by /etc/rc.shutdown.
#
rcshutdown_rcorder_flags=""

# If this is non-blank, use as the number of seconds to run a watchdog
# timer which will terminate /etc/rc.shutdown if the timeout expires.
#
rcshutdown_timeout=""


# Basic network configuration
#

# Fully Qualified Internet Domain Name (a.k.a. hostname, e.g. foo.baz.edu).
# If blank, use /etc/myname.
#
hostname=""

# If there's only one way out of your IPv4 network, set this to the hostname
# or the IPv4 address of the router that will get your packets off the LAN.
# If blank, use /etc/mygate.
#
defaultroute=""

# Same thing for IPv6.  If blank, use /etc/mygate6.
#
defaultroute6=""

# The NIS domain name (formerly known as Yellow Pages); not in any way
# related to Internet domain names.
# If blank, use /etc/defaultdomain.
#
domainname=""

# Filesystems to mount early in boot-up.
# Note that `/var' is needed in $critical_filesystems_local (or
# implied as part of `/') as certain services that need /var (such as
# dhclient) may be needed to get the network operational enough to mount
# the $critical_filesystems_remote.  Prepending "OPTIONAL:"  means it
# will not be an error if that file system is not present in fstab(5).
#
critical_filesystems_local="OPTIONAL:/var"
critical_filesystems_remote="OPTIONAL:/usr"

# Swap device controls.
#
no_swap=NO		# Set to YES if you have purposefully setup no swap
			# partitions and don't want to be warned about it.
swapoff=YES		# Remove block-type swap partitions upon shutdown
			# This defaults to yes, so that raids shutdown cleanly

# Concatenated disk driver.
#
ccd=YES

# RAIDframe driver (manually configured devices).
#
raidframe=YES

# Crypto file system.
#
cgd=YES

# Logical Volume Manager
#
lvm=NO

# One-time actions and programs on boot-up.
#
savecore=YES		savecore_flags="-z"
			savecore_dir="/var/crash"
resize_root=NO					# resize root to fill partition
per_user_tmp=NO					# per-user /tmp directories
per_user_tmp_dir="/private/tmp"			# real storage for /tmp
clear_tmp=YES					# clear /tmp after reboot
update_motd=YES					# updates /etc/motd
dmesg=YES		dmesg_flags=""		# write /var/run/dmesg.boot
accounting=NO					# uses /var/account/acct
newsyslog=NO		newsyslog_flags=""	# trim log files
quota=YES					# check and enable quotas
ldconfig=YES					# rebuild a.out ldconfig cache
sysdb=YES					# build system databases
rndctl=NO		rndctl_flags=""		# configure rndctl(8)
gpio=NO						# configure GPIO devices
modules=YES					# process /etc/modules.conf

# cope with other OSes using the real time clock at localtime on this
# machine (by adjusting kern.rtc_offset at boot)
rtclocaltime=NO

# NOTE: default coredump name now set in /etc/sysctl.conf

#
# File system check flags; default to preen mode, checking file systems
# that are listed in /etc/fstab in parallel as the fsck pass number
# permits. Fix minor faults automatically, and exit with non 0 only
# when major errors occur.
#
fsck_flags=-p

# Security setting.  If $securelevel is non-empty, the system securelevel
# is set to this value early in the boot sequence.  Otherwise the default
# action is taken (see init(8)).
#
securelevel=""					# securelevel to set to

# To set the IP address of an interface either use
#  ifconfig_xxN="IP-NO"
# where xxN is the interface.  If this variable is not set then
# contents of the file /etc/ifconfig.xxN is used.

# Networking startup.
#
# Wait up to 15 seconds for the tentative flag to clear from all addresses.
# Wait up to 5 seconds for the detached flag to clear from all addresses.
# Addresses are detached if there is no carrier, thus we have a small
# wait to see if we get a carrier.
# Even a wired interface may not recognise it has a carrier right away.
ifconfig_wait_dad_flags="-w 15 -W 5"

mdnsd=NO
npf=NO
ipfilter=NO		ipfilter_flags=""	# uses /etc/ipf.conf
ipnat=NO					# uses /etc/ipnat.conf
ipfs=NO			ipfs_flags=""		# save/load ipnat and ipf states
ipsec=NO					# uses /etc/ipsec.conf
ipmon=NO		ipmon_flags="-Dns"	# syslog ipfilter messages
pf=NO			pf_rules="/etc/pf.conf" pf_flags=""
pflogd=NO
ftp_proxy=NO
racoon=NO					# IKE daemon
auto_ifconfig=YES				# config all avail. interfaces
net_interfaces=""				# used only if above is NO
flushroutes=YES					# flush routes in netstart
dhcpcd=NO
			dhcpcd_flags="-qM"	# For ifconfig_XXX=dhcp.
dhclient=NO					# behave as a DHCP client
			dhclient_flags=""	# blank: config all interfaces
ntpdate=NO  		ntpdate_flags="-b -s"	# May need '-u' thru firewall
ppp=YES			ppp_peers=""		# /etc/ppp/peers to call
ip6mode=host					# host, autohost or router
ip6uniquelocal=NO				# IPv6 unique-local forwarding

# Special treatment for interfaces that need to be downed on
# shutdown (because they might cause unnecessary costs or block resources
# on the peer). All pppoe* interfaces are automatically included in this
# list, add others here manually.
#force_down_interfaces=""

ifwatchd=NO	# execute up/down scripts for in-kernel PPPoE interfaces
	ifwatchd_flags="-u /etc/ppp/ip-up -d /etc/ppp/ip-down pppoe0"

# ALTQ configuration/monitoring daemon
altqd=NO		altqd_flags=""

# Daemons required by servers.  These are not needed for strictly client use.
#

# inetd is used to start the IP-based services enabled in /etc/inetd.conf
#
inetd=YES		inetd_flags="-l"	# -l logs libwrap

# identd
#
identd=NO		identd_flags="-b -l -u nobody"

# rpcbind (formerly known as 'portmap') is used to look up RPC-based services.
#
rpcbind=NO		rpcbind_flags="-l"	# -l logs libwrap

# Commonly used daemons.
#
syslogd=YES		syslogd_flags="-s"	# -s "secure" unix domain only
cron=YES
named=NO		named_flags=""		# see below for named_chrootdir
timed=NO		timed_flags=""
ntpd=NO			ntpd_flags=""		# see below for ntpd_chrootdir
# The default setting for postfix here is YES, but gets re-examined by
# the rc.d/postfix startup script when it runs.  The script sets
# _rc_d_postfix to "check", and then causes all rc.conf settings to
# be re-evaluated.  If the value of $postfix after this is "check",
# the script then checks to see if /etc/mailer.conf selects the system
# postfix. If not, it does print a warning and does not start postfix 
# to avoid conflict with a different MTA.
postfix=${_rc_d_postfix:-YES}
lpd=NO			lpd_flags="-s"		# -s "secure" unix domain only
sshd=NO			sshd_flags=""
ssh_keygen_flags=""
ftpd=NO			ftpd_flags="-ll"
httpd=NO		httpd_flags=""
			httpd_wwwdir="/var/www"
			httpd_wwwuser="_httpd"

# To run the named(8) DNS server as an unprivileged user under a
# chroot(2) cage, uncomment the following after migrating the contents
# of /etc/namedb to /var/chroot/named/etc/namedb
#
#named_chrootdir="/var/chroot/named"

# To run the ntpd(8) NTP server as an unprivileged user under a
# chroot(2) cage, uncomment the following, after ensuring that:
#	- The kernel has "pseudo-device clockctl" compiled in
#	- /dev/clockctl is present
#
#ntpd_chrootdir="/var/chroot/ntpd"

# Routing daemons.
#
routed=NO		routed_flags="-q"
gated=NO
mrouted=NO		mrouted_flags=""
route6d=NO		route6d_flags=""
ldpd=NO

# Daemons used to boot other hosts over a network.
#
rarpd=NO		rarpd_flags="-a"
bootparamd=NO		bootparamd_flags=""
dhcpd=NO		dhcpd_flags="-q"
dhcrelay=NO		dhcrelay_flags=""
rbootd=NO		rbootd_flags=""
mopd=NO			mopd_flags="-a"
ndbootd=NO		ndbootd_flags="-s /tftpboot /tftpboot/bootyy"
rtadvd=NO		rtadvd_flags=""
isibootd=NO		isibootd_flags=""

# X11 daemons.
#
xfs=NO			xfs_flags=""		# X11 font server
xdm=NO			xdm_flags=""		# X11 display manager; needs
						# wscons=YES for local displays.

# Update fontconfig cache at boot
fccache=YES

# YP (NIS) daemons.
#
ypbind=NO		ypbind_flags=""
ypserv=NO		ypserv_flags="-d"
yppasswdd=NO		yppasswdd_flags=""

# NFS daemons and parameters.
#
mountd=NO		mountd_flags=""		# NFS mount requests daemon
nfs_client=NO					# enable client daemons
nfs_server=NO					# enable server daemons
			nfsd_flags=""
lockd=NO		lockd_flags=""
statd=NO		statd_flags=""
amd=NO			amd_flags="-l syslog -x error,noinfo,nostats"
			amd_dir=/amd			# mount dir

# Heimdal Kerberos 5 KDC (with Kerberos IV compatibility)
kdc=NO			kdc_flags="--detach"

# iSCSI target
iscsi_target=NO		iscsi_target_flags=""
# iSCSI kernel initiator
iscsid=NO

# WPA daemons.
hostapd=NO		hostapd_flags="-B /etc/hostapd.conf"
wpa_supplicant=NO	wpa_supplicant_flags="" # -i<if> -c<file>

# ISDN daemon
isdnd=NO		isdnd_flags=""

# Bluetooth configuration
bluetooth=NO
# and the following are used when bluetooth=YES
btconfig_devices=""                             # all
bthcid=YES              bthcid_flags=""
sdpd=YES                sdpd_flags=""

# Other daemons.
#
rwhod=NO		rwhod_flags="-u _rwhod"
devpubd=NO		devpubd_flags=""	# autocreate nodes for new devs
envsys=NO					# Set /etc/envsys.conf preferences

# Hardware daemons.
#
apmd=NO			apmd_flags=""		# APM power management daemon.
powerd=NO		powerd_flags=""		# power management daemon
screenblank=NO		screenblank_flags=""	# wscons and FBIO screenblanker

moused=NO					# serial mouse handler
			moused_flags="-p /dev/tty00"

wdogctl=NO					# watchdog timer control
#			wdogctl_flags="-k devicename"
irdaattach=NO					# attach serial lines to IrDA 
			irdaattach_flags="tty00"

# Configuration of "wscons" console driver virtual screens.
#
wscons=NO		wscons_flags=""		# setup wscons from wscons.conf

# Configuration of "wsmoused" console driver cut-n-paste support
#
wsmoused=NO		wsmoused_flags=""

# Configuration of "tpctl" touch panel calibration utility
#
tpctl=NO		tpctl_flags=""

# Mixer setting
#
mixerctl=NO		mixerctl_mixers=""	# "mixer0 mixer1" means saving
						# and restoring their settings

# Vi recovery notification.  Vi(1)'s -r option can recover files which were
# accidentally closed.  See vi(1) for more details.
# 
virecover=YES

# Veriexec signature loading.
#
veriexec=NO
veriexec_strict=0
veriexec_verbose=0
veriexec_flags="-k"

# Entropy load/save to/from /dev/random at startup/shutdown
#
random_seed=YES

# Creating / updating of man page index on boot
makemandb=YES

# blacklist daemon, needs npf
blacklistd=NO

# IPv6 address selection policy
ip6addrctl=NO
# ipv6_prefer, ipv4_prefer, auto
ip6addrctl_policy=auto
ip6addrctl_verbose=NO