From 326c03005e410967c0c300354c95d9c1da0bef1a Mon Sep 17 00:00:00 2001 From: Moni Ghaoui Date: Fri, 12 Dec 2025 22:33:47 +0100 Subject: [PATCH] Ah Bastille is not longer a service, apparently --- os/FreeBSD/Bastille/Bastille.md | 41 ++------------------- os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md | 6 ++- 2 files changed, 9 insertions(+), 38 deletions(-) diff --git a/os/FreeBSD/Bastille/Bastille.md b/os/FreeBSD/Bastille/Bastille.md index d22a5c8..001fbfc 100644 --- a/os/FreeBSD/Bastille/Bastille.md +++ b/os/FreeBSD/Bastille/Bastille.md @@ -60,45 +60,12 @@ Then start it: service pf start ``` -The `bastille setup` will try to configure the wrong config file and complain. We need to fix the zfs stuff manually. - -And change, assuming you created a zpool named `data`. - -For example (WATCH OUT, BELOW COMMAND IS DANGEROUS): - -```sh -zpool create -f data /dev/ada0 -``` - -Change bastille.conf - -```sh -nvim /usr/local/etc/bastille/bastille.conf -``` - -``` -bastille_zfs_enable="YES" -bastille_zfs_zpool="data" -``` - -And just in case, run the setup again: - -```sh -bastille setup zfs -``` - ## Start -Ok, now start Bastille: - -```sh -service bastille restart -``` - Bootstrap: ```sh -bastille bootstrap 14.2-RELEASE update +bastille bootstrap 14.3-RELEASE update ``` ## Create a container @@ -113,7 +80,7 @@ You don't want the loopback but your real card that connects to the internet. Th ```sh # Lenovo Thinkcentre -bastille create alcatraz 14.2-RELEASE 192.168.1.201 em0 +bastille create alcatraz 14.3-RELEASE 192.168.1.201 em0 ``` If you want to have exlusive packages in the jail and not share the host packages, do this: @@ -166,5 +133,5 @@ Now destroy it: ```sh bastille stop alcatraz -bastille destroy force alcatraz -``` \ No newline at end of file +bastille destroy --force --yes alcatraz +``` diff --git a/os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md b/os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md index d1c95b5..ab137de 100644 --- a/os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md +++ b/os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md @@ -21,7 +21,7 @@ pkg update Install my favorite packages ```sh -pkg install -y bash doas tmux htop neovim git ncdu tailscale aria2 +pkg install -y bash doas tmux htop neovim git ncdu tailscale aria2 bastille ``` For doas you need to copy the config file: @@ -71,6 +71,8 @@ Change this setting: KbdInteractiveAuthentication no ``` +If you're going to nvim: `%s/^#KbdInteractiveAuthentication \w\+/KbdInteractiveAuthentication no/g` + That should be it. The config file should have these settings, including the commented lines shown as below: ``` @@ -90,6 +92,8 @@ service sshd reload # PF +If you're going to use Bastille, the `pf.conf` is going to look different. Check out [Bastille](../FreeBSD/Bastille/Bastille.md). + Now we need to get the filewall going. ```sh