Install NetBSD/i386 9.2 by CD.

Kernel (GENERIC)		YES
Kernel modules			YES
Base				YES
Configulation files (/etc)	YES
Compiler tools			YES
Games				NO
Manual pages			YES
Miscellaneous			YES
Recovery tools			YES
Test programs			NO
Text processiong tools		YES
X11 sets
	X11 base and clients	YES
	X11 programming		YES
	X11 configuration	NO
	X11 fonts		NO
	X11 servers		NO

Enable sshd		YES
Run ntpdate at boot	YES
Enable cgd		NO
Enable raidframe	NO

rm -rf /usr/share/man/cat?/*
cd /etc
cp -p group group.org
cp -p hosts hosts.org
cp -p shells shells.org
cp -p printcap printcap.org
cp -p rc.conf rc.conf.org
cp -p inetd.conf inetd.conf.org
cp -p sysctl.conf sysctl.conf.org
mv skel skel.org
mkdir skel
cd skel
mkdir -p Maildir/{new,cur,tmp,.Drafts,.Sent,.Trash}
chmod -R go-rwx Maildir
cat<<EOF>.cshrc
set	path=(/{usr/pkg/,,usr/}{,s}bin /usr/games)
set	filec
set	prompt='%m{!} %~ %# '
setenv	CFLAGS	'-O2 -pipe'
setenv	PAGER	less
EOF

mkdir /usr/home
ln -s /usr/home /home
useradd -m -s /bin/csh -d /home/USERNAME -c USERNAME USERNAME
#Add USERNAME to wheel in /etc/group.
passwd root
passwd USERNAME

#perl /usr/share/examples/ipf/mkfilters>/etc/ipf.conf
cat<<EOF>>/etc/ipf.conf
block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
#block in log quick from xxx.xxx.xxx.xxx/32 to any
pass out all keep state
block in log all
pass in from 192.168.0.0/24 to any keep state
pass in proto tcp from any to any port=ssh keep state
pass in proto tcp from any to any port=http keep state
pass in proto tcp from any to any port=https keep state
pass in proto tcp from any to any port=smtp keep state
pass in proto tcp from any to any port=smtps keep state
pass in proto tcp from any to any port=submission keep state
pass in proto tcp from any to any port=pop3 keep state
pass in proto tcp from any to any port=pop3s keep state
pass in proto tcp from any to any port=imap keep state
pass in proto tcp from any to any port=imaps keep state
EOF
cat<<EOF>/etc/exports
/usr	-alldirs	-network 192.168.0.0/24
EOF
cat<<EOF>>/etc/hosts
192.168.0.254	HOSTNAME.DOMAINNAME	HOSTNAME
EOF
cat<<EOF>/etc/resolv.conf
nameserver	220.220.248.1
EOF
cat<<EOF>>/etc/rc.conf
hostname=HOSTNAME.DOMAINNAME
defaultroute=123.45.67.89
rpcbind=YES
mountd=YES
nfs_server=YES
ipfilter=YES
ipmon=YES
EOF
#postsuper -d ALL

shutdown -r now
#ipf -D
#ipf -E
#ipf -Fa
#ipf -f /etc/ipf.conf
#ipfstat -io
#ipmon
#ipmon -n

cd /usr
cat pkgsrc-2021Q1.tar.bz2|gzip -d|tar -xf-
#cat<<EOF>/etc/mk.conf
#PKG_DEFAULT_OPTIONS+=-inet6
#EOF
cd /usr/pkgsrc/shells/tcsh
make install|&tee mk01.log
#pkg_add tcsh|&tee tcsh.log
#vi /etc/shells
#chsh USERNAME
cd /usr/pkgsrc/database/php-pdo_pgsql
make install|&tee mk01.log
#pkg_add php-pdo_pgsql|&tee php-pdo_pgsql.log
cd /usr/pkgsrc/database/postgresql12
make install|&tee mk01.log
#pkg_add postgresql12|&tee postgresql12.log
cd /usr/pkgsrc/www/ap-php
make install|&tee mk01.log
#pkg_add ap24-php73|&tee ap24-php56.log
cd /usr/pkgsrc/www/p5-CGI
make install|&tee mk01.log
#pkg_add p5-CGI|&tee p5-CGI.log
cd /usr/pkgsrc/net/p5-Socket6
make install|&tee mk01.log
#pkg_add p5-Socket6|&tee p5-Socket6.log
cd /usr/pkgsrc/security/p5-Net-SSLeay
make install|&tee mk01.log
#pkg_add p5-Net-SSLeay|&tee p5-Net-SSLeay.log
cd /usr/pkgsrc/net/samba
make install|&tee mk01.log
#pkg_add samba|&tee samba.log
cd /usr/pkgsrc/mail/dovecot2
make install|&tee mk01.log
#pkg_add dovecot2|&tee dovecot2.log
cd /usr/pkgsrc/mail/roundcube
make install|&tee mk01.log
#pkg_add roundcube|&tee roundcube.log
#pkg_info
cp /usr/pkg/share/examples/rc.d/* /etc/rc.d
cat<<EOF>>/etc/rc.conf
pgsql=YES
apache=YES
winbindd=YES
smbd=YES
samba=YES
nmbd=YES
dovecot=YES
EOF

cd /usr/pkg/etc/dovecot
cat<<EOF>>dovecot.conf
protocols = imap pop3
EOF
cat<<EOF>>conf.d/10-ssl.conf
ssl = yes
ssl_dh = </etc/dovecot/dh.pem
EOF
mkdir -p /etc/ssl/{private,certs}
chmod go-rwx /etc/ssl/private
vi dovecot-openssl.cnf
sh mkcert.sh
mkdir /etc/dovecot
openssl dhparam -out /etc/dovecot/dh.pem 4096

cd /etc/postfix
echo<<EOF>>main.cf
mynetworks = 127.0.0.0/8, 192.168.0.0/24, [::1]/128, xxx.xxx.xxx.xxx/16
relayhost = mmr.plala.or.jp
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_client_restrictions = permit_mynetworks reject_unknown_client_hostname check_client_access hash:/etc/postfix/reject_client
EOF
echo<<EOF>reject_client
example.com REJECT
EOF
/usr/sbin/postmap /etc/postfix/reject_client
#echo<<EOF>reject_sender
#penguin@example.com REJECT
#duck@example.com DISCARD
#example.net REJECT
#example.jp DISCARD
#EOF
#/usr/sbin/postmap /etc/postfix/reject_sender
echo<<EOF>>master.cf
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
EOF
postfix check
postfix reload

cat<<EOF>>/etc/mail/aliases
root:USERNAME
EOF
newaliases

cat<<EOF>>/usr/pkg/etc/httpd/httpd.conf
LoadModule socache_shmcb_module lib/httpd/mod_socache_shmcb.so
LoadModule ssl_module lib/httpd/mod_ssl.so
#LoadModule mpm_event_module lib/httpd/mod_mpm_event.so
LoadModule mpm_prefork_module lib/httpd/mod_mpm_prefork.so
LoadModule cgid_module lib/httpd/mod_cgid.so
LoadModule userdir_module lib/httpd/mod_userdir.so
LoadModule php7_module lib/httpd/mod_php7.so
ServerAdmin you@example.com
ServerName www.example.com:80
<FilesMatch \.php$>
	SetHandler application/x-httpd-php
</FilesMatch>
Include etc/httpd/httpd-userdir.conf
Include etc/httpd/httpd-ssl.conf
EOF
cat<<EOF>>/usr/pkg/etc/httpd/httpd-userdir.conf
<Directory "/home/*/public_html/cgi-bin/">
	Options ExecCGI
	SetHandler cgi-script
</Directory>
EOF
cat<<EOF>>/usr/pkg/etc/httpd/httpd-ssl.conf
ServerName www.example.com:443
ServerAdmin you@example.com
EOF
apachectl configtest
cd /usr/pkg/etc/httpd
#openssl genrsa -out server.key 3072
openssl ecparam -list_curves
openssl ecparam -genkey -name prime256v1 -out server.key
openssl req -new -key server.key -out server.csr
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
openssl ec -text -in server.key
openssl req -text -in server.csr
openssl x509 -text -in server.crt

vi /usr/pkg/etc/php.ini
#Add "date.timezone = Asia/Tokyo".
#maybe no need "extension=pgsql.so"
#For roundcube, add "upload_max_filesize=8M" and "post_max_size=8M".
#php --ini
#php -i

cat<<EOF>>/etc/inetd.conf
swat stream tcp nowait.400 root /usr/pkg/sbin/swat swat
EOF

cd /usr/pkg/etc/roundcube
cat<<EOF>>config.inc.php
$config['enable_installer'] = true;
$config['db_dsnw'] = 'pgsql://roundcube:pass@localhost/roundcubemail';
$config['default_host'] = 'mune.plala.jp';
$config['smtp_user'] = '';
$config['smtp_pass'] = '';
EOF
cat<<EOF>>/usr/pkg/etc/httpd/httpd.conf
<IfModule mod_alias.c>
        Alias /roundcube "/usr/pkg/share/roundcube/"
</IfModule>
<Directory "/usr/pkg/share/roundcube">
        AllowOverride All
        DirectoryIndex index.php
        Require all granted
</Directory>
<IfModule mod_alias.c>
        Alias /installer "/usr/pkg/share/roundcube/installer"
</IfModule>
<Directory "/usr/pkg/share/roundcube/installer">
        Require all granted
</Directory>
EOF
createuser -U pgsql -P roundcube
createdb -U pgsql -O roundcube roundcubemail
psql -U roundcube -f /usr/pkg/share/roundcube/SQL/postgres.initial.sql roundcubemail
https://mune.plala.jp/installer
https://mune.plala.jp/roundcube

shutdown -r now

http://localhost/
https://localhost/
http://localhost:901
#Add user USERNAME, change passwd.
#Change max protocol from NT1 to SMB2.

cat<<EOF>/etc/ntpdate
#!/bin/sh
host=`hostname`
echo "To: ${MAILTO:-root}"
echo "Subject: $host ntpdate"
echo ""
echo "/usr/sbin/ntpdate ntp1.plala.or.jp"
echo ""
/usr/sbin/ntpdate ntp1.plala.or.jp
EOF
crontab -e
45 3 * * 1 /bin/sh /etc/ntpdate 2>&1 | tee /var/log/ntpdate.out | sendmail -t

cd /
cat syssrc.tgz|gzip -d|tar -xf-
cd /usr/src/sys/arch/i386/conf
cp GENERIC_LAPTOP HOSTNAME
vi HOSTNAME
config HOSTNAME
cd ../compile/HOSTNAME
make clean depend all|&tee mk01.log
mv /netbsd /netbsd.org
mv netbsd /
shutdown -r now

#PPPoE and NAT and winny :p
cat<<EOF>>/etc/sysctl.conf
# Obey interface MTUs when calculating MSS
net.inet.tcp.mss_ifmtu=1
EOF
touch /etc/ipf.conf
#perl /usr/share/examples/ipg/mkfilters>/etc/ipf.conf
cat<<EOF>/etc/ipnat.conf
map pppoe0 192.168.0.0/24 -> 0/32 portmap tcp/udp 44000:49999 mssclamp 1408
map pppoe0 192.168.0.0/24 -> 0/32 mssclamp 1408
rdr pppoe0 0/0 port WINNYPORT -> 192.168.0.1 port WINNYPORT tcp
EOF
cat<<EOF>/etc/ifconfig.pppoe0
create
! /sbin/ifconfig NIC up
! /sbin/pppoectl -e NIC $int
! /sbin/pppoectl $int myauthproto=pap myauthname=000XX0000@PROVIDER.or.jp myauthsecret=PASSWORD
inet 0.0.0.0 0.0.0.1 netmask 0xffffffff
#! /sbin/route add default -iface 0.0.0.1
up
EOF
chmod go-rwx /etc/ifconfig.pppoe0
cat<<EOF>>/etc/rc.conf
ifwatchd=YES
ipfilter=YES
ipnat=YES
EOF
mkdir /etc/ppp
cat<<EOF>/etc/ppp/ip-up
#! /bin/sh
/sbin/route add default $5
EOF
cat<<EOF>/etc/ppp/ip-down
#! /bin/sh
/sbin/route delete default $5
EOF
chmod a+x /etc/ppp/ip-up /etc/ppp/ip-down
#ipnat -l
#ipnat -C
#ipnat -f /etc/ipnat.conf