Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-11 09:29:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Trim trailing whitespace

Browse Source
This commit is contained in:
Michael Osipov
2025-09-23 18:51:04 +02:00
parent e3d0b74ef1
commit 82958fb7b7
53 changed files with 223 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/chapters/centralized-assets.rst
View File

@@ -36,7 +36,7 @@ access, simply use ``ro`` instead of ``rw`` as the option.
.. code-block:: shell
ishmael ~ # bastille mount "jail1 jail2" /my/host/directory /my/jail/directory nullfs rw 0 0
Cloning
-------
@@ -46,9 +46,9 @@ To clone your jail, use the following command.
.. code-block:: shell
ishmael ~ # bastille clone myjail mynewjail 10.0.0.3
This will create an exact duplicate of ``myjail`` at ``mynewjail``.
Custom Releases
---------------
@@ -61,14 +61,14 @@ process will not work with any other jail types.
.. code-block:: shell
ishmael ~ # bastille create -T myjail 14.2-RELEASE 10.0.0.1
Once the jail is up and running, configure it to your liking, then run the
following commmand to create a custom release based on your jail.
.. code-block:: shell
ishmael ~ # bastille convert myjail myrelease
Once this process completes, you will be able to run the following command to
create a jail based off your newly created release.

12
docs/chapters/gcp.rst
View File

@@ -22,7 +22,7 @@ Apply the below patch to set the correct MTU. You may need to ``cp
--- /usr/local/bin/jib 2022-07-31 03:27:04.163245000 +0000
+++ jib.fixed 2022-07-31 03:41:16.710401000 +0000
@@ -299,14 +299,14 @@
# Make sure the interface has been bridged
if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then
- new=$( ifconfig bridge create ) || return
@@ -31,12 +31,12 @@ Apply the below patch to set the correct MTU. You may need to ``cp
ifconfig $new name "$iface$bridge" || return
ifconfig "$iface$bridge" up || return
fi
# Create a new interface to the bridge
- new=$( ifconfig epair create ) || return
+ new=$( ifconfig epair create mtu 1460 ) || return
ifconfig "$iface$bridge" addm $new || return
# Rename the new interface
## Configure bridge interface
@@ -58,16 +58,16 @@ them through the external interface:
.. code-block:: text
ext_if="vtnet0"
bridge_if="vtnet0bridge"
set skip on lo
scrub in
# permissive NAT allows jail bridge and wireguard tunnels
nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
block in
pass out
pass in proto tcp to port {22}
pass in proto icmp icmp-type { echoreq }
pass in on $bridge_if

4
docs/chapters/gettingstarted.rst
View File

@@ -23,7 +23,7 @@ To see a list of available options and switches, see the ``setup`` subcommand.
.. code-block:: shell
ishmael ~ # bastille setup
Bootstrapping a Release
-----------------------
@@ -33,7 +33,7 @@ Then we need to bootstrap a release for bastille to use. We will use
.. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE
Creating a Jail
---------------

2
docs/chapters/migration.rst
View File

@@ -88,7 +88,7 @@ for remote systems you can use rsync:
rsync -avh /iocage/images/jailname_$(date +%F).* root@10.0.1.10:/usr/local/bastille/backups/
Import the iocage backup file (use zip file name)
.. code-block:: shell

6
docs/chapters/networking.rst
View File

@@ -1,7 +1,7 @@
Networking
==========
Bastille is very flexible with its networking options. Below are the supported
Bastille is very flexible with its networking options. Below are the supported
networking modes, how they work, and some tips on where you might want to use each
one.
@@ -153,7 +153,7 @@ you are free to use
<https://www.lifewire.com/what-is-a-private-ip-address-2625970>`_.
In this environment, we can create the container, give it a
unique private ip address within our local subnet, and attach
unique private ip address within our local subnet, and attach
its ip address to our primary interface.
.. code-block:: shell
@@ -210,7 +210,7 @@ Your server was assigned the following six section subnet:
The `vultr ipv6 subnet calculator
<https://www.vultr.com/resources/subnet-calculator-ipv6/?prefix_length=64&display=long&ipv6_address=2001%3Adb8%3Aacad%3Ae%3A%3A%2F64>`_
is helpful in making sense of that ipv6 address.
is helpful in making sense of that ipv6 address.
We could have also written that IPV6 address as 2001:19f0:6c01:114c:0:0

4
docs/chapters/subcommands/create.rst
View File

@@ -4,7 +4,7 @@ create
Create a jail uning any available bootstrapped release. To create a jail,
simply provide a name, bootstrapped release, and IP address.
The format is ``bastille create NAME RELEASE IP [INTERFACE]``
The format is ``bastille create NAME RELEASE IP [INTERFACE]``
Note that the ``interface`` is optional. Bastille will use the default interface
that is configured when running the setup command. See ``bastille setup -l`` or
@@ -56,7 +56,7 @@ options. See the below help output.
Usage: bastille create [option(s)] NAME RELEASE IP [INTERFACE]"
Options:
-B | --bridge Enable VNET, and attach to a specified, already existing external bridge.
-C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).

2
docs/chapters/subcommands/etcupdate.rst
View File

@@ -25,7 +25,7 @@ Next we can use the ``update`` command to apply the update to the jail.
The output will show you which files were added, updated, changed, deleted, or
have conflicts. To automatically resolve the conflicts, run the ``resolve``
command.
.. code-block:: shell
ishmael ~ # bastille etcupdate ishmael resolve

4
docs/chapters/subcommands/limits.rst
View File

@@ -44,7 +44,7 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
ishmael ~ # bastille limits help
Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]
Example: bastille limits TARGET add memoryuse 1G
Example: bastille limits TARGET add cpu 0,1,2
@@ -52,4 +52,4 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (rctl only).
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.

2
docs/chapters/subcommands/list.rst
View File

@@ -16,7 +16,7 @@ Use ``-p|--pretty`` to print in columns instead of rows.
Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]
[path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type]
Options:
-d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns. Must be used with -j|--json.

2
docs/chapters/subcommands/migrate.rst
View File

@@ -13,7 +13,7 @@ port by supplying it as in ``user@host:port``.
ishmael ~ # bastille migrate help
Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT]
Examples:
bastille migrate attica migrate@192.168.10.100

2
docs/chapters/subcommands/mount.rst
View File

@@ -63,7 +63,7 @@ It is possible to do the same for the jail path, but again, not recommemded.
ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0
[azkaban]:
Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0
.. code-block:: shell
ishmael ~ # bastille mount help

14
docs/chapters/subcommands/rdr.rst
View File

@@ -11,22 +11,22 @@ interfaces as this will include the jail interface - you should specify the
interface they run on in rc.conf (or other config files)
.. code-block:: shell
# bastille rdr dev1 tcp 2001 22
[jail1]:
IPv4 tcp/2001:22 on em0
# bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
# bastille rdr dev1 udp 2053 53
[jail1]:
IPv4 udp/2053:53 on em0
# bastille rdr dev1 list
rdr pass on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
rdr pass on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
# bastille rdr dev1 clear
nat cleared
@@ -44,7 +44,7 @@ The ``rdr`` command includes 4 additional options:
# bastille rdr -i vtnet0 dev1 udp 8000 80
[jail1]:
IPv4 tcp/8000:80 on vtnet0
# bastille rdr -s 192.168.0.1 dev1 tcp 8080 81
[jail1]:
IPv4 tcp/8080:81 on em0
@@ -75,7 +75,7 @@ Simply use the table name instead of an IP address or subnet.
# bastille rdr --help
Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )]
Options:
-d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.

2
docs/chapters/subcommands/template.rst
View File

@@ -18,7 +18,7 @@ The TEMPLATE arg should be called with the ``project/template`` format.
ishmael ~ # bastille template help
Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.

2
docs/chapters/subcommands/verify.rst
View File

@@ -23,7 +23,7 @@ release or template .
Detected Bastillefile hook.
[Bastillefile]:
CMD mkdir -p /usr/local/etc/pkg/repos
CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' >
CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' >
/usr/local/etc/pkg/repos/FreeBSD.conf
CONFIG set allow.mlock=1;
CONFIG set ip6=inherit;

4
docs/chapters/template.rst
View File

@@ -132,7 +132,7 @@ escape it. Escaping it will cause errors.
Bootstrapping Templates
-----------------------
The official templates for Bastille are all on Gthub, and mirror the directory
The official templates for Bastille are all on Gthub, and mirror the directory
structure of the ports tree. So, ``nginx`` is in the ``www`` directory in the
templates, just like it is in the FreeBSD ports tree. To bootstrap the
entire set of official predefined templates run the following command:
@@ -155,7 +155,7 @@ Creating Templates
Templates can be created and placed inside the templates directory in the
``project/template`` format. Alternatively you can run the ``bastille template``
command from a relative path, making sure it is still in the above format.
Template Examples
-----------------