# Bastille

This is my guide for getting Bastille BSD up-and-running.

First make sure that FreeBSD is up-to-date:

*NOTE* This takes a *long* time on a Raspberry PI. Only do this if you have a lot of time on your hands!

You may be smart to `tmux` first.

```sh
tmux
```

```sh
freebsd-update fetch install
```

```sh
reboot
```

After reboot, check again:

```sh
freebsd-update install
```

Verify your version:

```sh
freebsd-version
```

## Setup

First we need to make a backup of `pf.conf`, if you already setup pf before, otherwise you can skip this step.

```sh
mv /etc/pf.conf /etc/pf.conf.backup
```

And then

```sh
bastille setup
```

This will setup the loopback interface and create a `/etc/pf.conf`.

You need to manually add the following to `/etc/pf.conf`, at the bottom, in order to allow http, https and RDP:

```
pass in inet proto tcp from any to any port { 80, 443, 3389 } flags S/SA keep state
```

Then start it:

```sh
service pf start
```

The `bastille setup` will try to configure the wrong config file and complain. We need to fix the zfs stuff manually.

And change, assuming you created a zpool named `data`.

For example (WATCH OUT, BELOW COMMAND IS DANGEROUS):

```sh
zpool create -f data /dev/ada0
```

Change bastille.conf

```sh
nvim /usr/local/etc/bastille/bastille.conf
```

```
bastille_zfs_enable="YES"                                               
bastille_zfs_zpool="data"
```

And just in case, run the setup again:

```sh
bastille setup zfs
```

## Start

Ok, now start Bastille:

```sh
service bastille restart
```

Bootstrap:

```sh
bastille bootstrap 14.2-RELEASE update
```

## Create a container

Figure out your network card:

```sh
ifconfig
```

You don't want the loopback but your real card that connects to the internet. The KVM virtual machine has `vtnet0` and the Raspberry PI has `genet0`, the Lenovo Thinkcentre has `em0`.

```sh
# Lenovo Thinkcentre 
bastille create alcatraz 14.2-RELEASE 192.168.1.201 em0
```

If you want to have exlusive packages in the jail and not share the host packages, do this:

```sh
bastille pkg alcatraz bootstrap
bastille pkg alcatraz update
```

Alternatively, you can mount the package cache:

```sh
# Optional
bastille mount alcatraz /var/cache/pkg/ /var/cache/pkg/ nullfs rw 0 0
```

I like to install my favorites since I use them quite often:

```sh
bastille pkg alcatraz install -y tmux git neovim
```

Test it:

```sh
bastille pkg alcatraz install -y apache24
bastille sysrc alcatraz apache24_enable=YES
bastille service alcatraz apache24 start
```

Now go to the ip address with your browser on another machine:

http://192.168.1.201/

You should see "It works!"

Alternatively:

```sh
curl http://192.168.1.201/
```

You should see:

```html
<html><body><h1>It works!</h1></body></html>
```

Now destroy it:

```sh
bastille stop alcatraz
bastille destroy force alcatraz
```