Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mathstodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for maths people. We have LaTeX rendering in the web interface!

Administered by:

Server stats:

2.7K
active users

mathstodon.xyz: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#bastillebsd

0 posts0 participants0 posts today
Public
Lars E

Today I saw that since Bastille's last release at the end of January there have been 625(!) commits to the repo. Many bug fixes, new features, subcommands, doc updates (💜), ...
Big props to Victor for working tiredlessly on the project. github.com/BastilleBSD/bastill

Also, there have been some new videos on Bastille's Youtube channel: youtube.com/@BastilleBSD demonstration upcoming features in Bastille 0.14.

GitHubGitHub - BastilleBSD/bastille: Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD.Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD. - BastilleBSD/bastille
#FreeBSD#Jails#Bastille
Public
Paul Wilde 😺 (snac2 acct)
I was thoroughly impressed with #FreeBSD, #OpenZFS and #BastilleBSD the other day.
Had to move hardware for a server running about 10 jails.
Set up new hardware - FreeBSD install in just a few minutes and install with brief config of BastilleBSD (a couple of minutes more).
On old hardware, stop each jail, unmount dataset, zfs send | zfs recv the jail datasets.
New hardware, start jails - Bastille just recognised the datasets and was like "yeah, got it, no problem guv"

It #JustWorked !

Amazing. So happy.
Public
SReyCoyrehourcq

Toc-toc #freebsd guys ! I created a bridge0 and Vnet running tailscale into #bastillebsd jail. Bridge and Vnet are connected using epair. I read on forum that rules from #pf operate on epair and not bridge, so I need to skip bridge0 in #pf rules ? Bridge0 is 193.168.42.1 connected with re0. Another thing, I want to separate/isolate my local network (192.168.1.0) from jails vnet network 192.168.42.0/24. Actually when I ping a local network address like 193.168.1.80 from the tailscale jail with epair 192.168.42.2, ping works... Isolation between networks don't work by default, and I search the good pf rules to isolate 192.168.42.0 from local network ... Any help appreciated.

Public *
bubbleb74
I finally came around to give #BastilleBSD a try on a #FreeBSD test system but I struggle with the rdr rules. I always get the following error when starting the vnet jail:

stdin:2: syntax error
pfctl: Syntax error in config file: pf rules not loaded

Here my pf.conf

lo_if="lo1"
ext_if="vmx0"
jail_if="vmx0bridge"

#set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
set skip on $jail_if

table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
#nat on $ext_if from $jail_if:network to any -> ($ext_if)
#nat on $jail_if from $jail_if:network to any -> ($jail_if)
#nat on $lo_if from $jail_if:network to any -> ($lo_if)
rdr-anchor "rdr/*"

#block in all
pass out quick keep state
#antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep state
pass in on $ext_if inet proto icmp to ($ext_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $ext_if inet proto icmp to ($jail_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $jail_if inet proto icmp to $jail_if:network icmp-type { unreach, redir, timex, echoreq }

My BastilleBSD version is 0.13.20250126
Public
Stefano Marinelli

Working on FreeBSD is always a pleasure. When I need to make a change to a production jail, using BastilleBSD, I clone it in a flash, make the changes, and test them. If they work, I can promote that jail to production or discard the test one and apply the changes.

A way of working that, in my opinion, is both safe and efficient.

#FreeBSD#RunBSD#BastilleBSD
Public
Autolycus 🏴‍☠️

It looks like iocage has been abandoned and I've found Bastille to have some advantages over it.

I tried to look up a way to migrate my jails to Bastille but so far everything includes exporting them from one system to another. Anyone know if I can do this on one system?

It seems that I should, given that both programs just manage the jails, but iocage uses a json file instead of the normal jail config and I'm not exactly sure what it's doing.

#FreeBSD#BastilleBSD#iocage
Public
Justine Smithies
Another thing ticked off of my to do list that I kept putting off. I've always just used the Nginx Proxy Manager add on that comes with #HomeAssistant for my #HomeLab reverse proxy. But today I decided that I should move off onto my own hand configured reverse proxy in another #BastilleBSD jail. The only thing that briefly gave me issue was my Home Assistant but I've got that sorted just now and setup a cron job to renew the SSL certs and reload Nginx periodically. Everything is working as expected so far and I'm impressed. Don't know why I didn't do this sooner ?
#FreeBSD
SearchLive feeds
About