moni/stuff
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ah Bastille is not longer a service, apparently

Browse source
This commit is contained in:
Moni Ghaoui 2025-12-12 22:33:47 +01:00
parent 97dca92181
commit 326c03005e
2 changed files with 9 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
os/FreeBSD/Bastille/Bastille.md
View file

@ -60,45 +60,12 @@ Then start it:
service pf start service pf start
``` ```
The `bastille setup` will try to configure the wrong config file and complain. We need to fix the zfs stuff manually.
And change, assuming you created a zpool named `data`.
For example (WATCH OUT, BELOW COMMAND IS DANGEROUS):
```sh
zpool create -f data /dev/ada0
```
Change bastille.conf
```sh
nvim /usr/local/etc/bastille/bastille.conf
```
```
bastille_zfs_enable="YES"
bastille_zfs_zpool="data"
```
And just in case, run the setup again:
```sh
bastille setup zfs
```
## Start ## Start
Ok, now start Bastille:
```sh
service bastille restart
```
Bootstrap: Bootstrap:
```sh ```sh
bastille bootstrap 14.2-RELEASE update bastille bootstrap 14.3-RELEASE update
``` ```
## Create a container ## Create a container
@ -113,7 +80,7 @@ You don't want the loopback but your real card that connects to the internet. Th
```sh ```sh
# Lenovo Thinkcentre # Lenovo Thinkcentre
bastille create alcatraz 14.2-RELEASE 192.168.1.201 em0 bastille create alcatraz 14.3-RELEASE 192.168.1.201 em0
``` ```
If you want to have exlusive packages in the jail and not share the host packages, do this: If you want to have exlusive packages in the jail and not share the host packages, do this:
@ -166,5 +133,5 @@ Now destroy it:
```sh ```sh
bastille stop alcatraz bastille stop alcatraz
bastille destroy force alcatraz bastille destroy --force --yes alcatraz
``` ```

6
os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md
View file

@ -21,7 +21,7 @@ pkg update
Install my favorite packages Install my favorite packages
```sh ```sh
pkg install -y bash doas tmux htop neovim git ncdu tailscale aria2 pkg install -y bash doas tmux htop neovim git ncdu tailscale aria2 bastille
``` ```
For doas you need to copy the config file: For doas you need to copy the config file:
@ -71,6 +71,8 @@ Change this setting:
KbdInteractiveAuthentication no KbdInteractiveAuthentication no
``` ```
If you're going to nvim: `%s/^#KbdInteractiveAuthentication \w\+/KbdInteractiveAuthentication no/g`
That should be it. The config file should have these settings, including the commented lines shown as below: That should be it. The config file should have these settings, including the commented lines shown as below:
``` ```
@ -90,6 +92,8 @@ service sshd reload
# PF # PF
If you're going to use Bastille, the `pf.conf` is going to look different. Check out [Bastille](../FreeBSD/Bastille/Bastille.md).
Now we need to get the filewall going. Now we need to get the filewall going.
```sh ```sh