Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-10 17:09:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Finish man pages

Browse Source
This commit is contained in:
tschettervictor
2025-12-06 23:19:19 -07:00
parent cb7e9811fc
commit b60af850c9
117 changed files with 3591 additions and 494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@@ -13,7 +13,8 @@ install:
@echo "BASTILLE_VERSION: ${BASTILLE_DEV_VERSION}"
@sed -i '' "s|BASTILLE_VERSION=.*|BASTILLE_VERSION=${BASTILLE_DEV_VERSION}|" usr/local/bin/bastille
@cp -Rv usr /
@gzip -f -n /usr/local/share/man/man1/bastille.1
@gzip -f -n /usr/local/share/man/man1/bastille*.1
@gzip -f -n /usr/local/share/man/man5/bastille*.5
@echo
@echo "This method is for testing & development."
@echo "Please report any issues to https://github.com/BastilleBSD/bastille/issues"
@@ -28,6 +29,7 @@ uninstall:
@echo
@echo "removing man page"
@rm -rvf /usr/local/share/man/man1/bastille*
@rm -rvf /usr/local/share/man/man5/bastille*
@echo
@echo "removing configuration file"
@rm -rvf /usr/local/etc/bastille/bastille.conf.sample

8
docs/chapters/subcommands/bootstrap.rst
View File

@@ -1,8 +1,6 @@
bootstrap
=========
Bootstrap a release or template(s).
The bootstrap sub-command is used to download and extract releases and templates
for use with Bastille containers. A valid release is needed before containers
can be created. Templates are optional but are managed in the same manner.
@@ -126,9 +124,11 @@ begin applying your template.
.. code-block:: shell
ishmael ~ # bastille bootstrap help
Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch]
Usage: bastille bootstrap [option(s)] RELEASE [update|ARCH]
TEMPLATE
Options:
-p | --pkgbase Bootstrap using pkgbase (15.0-RELEASE and above).
-p | --pkgbase Bootstrap using pkgbase (FreeBSD 15.0-RELEASE and above).
-u | --update Update the release after bootstrap.
-x | --debug Enable debug mode.

2
docs/chapters/subcommands/clone.rst
View File

@@ -1,8 +1,6 @@
clone
=====
Clone an existing jail.
Limitations
-----------

2
docs/chapters/subcommands/cmd.rst
View File

@@ -1,8 +1,6 @@
cmd
===
Execute command inside targeted jail(s).
.. code-block:: shell
ishmael ~ # bastille cmd folsom ps -auxw

4
docs/chapters/subcommands/config.rst
View File

@@ -1,8 +1,6 @@
config
======
Get, set, add or remove properties from targeted jail(s).
Getting a property that *is* defined in jail.conf:
.. code-block:: shell
@@ -43,4 +41,4 @@ The restart message will appear every time a property is removed.
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.

4
docs/chapters/subcommands/console.rst
View File

@@ -21,5 +21,5 @@ jail are limited to the jail.
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

13
docs/chapters/subcommands/convert.rst
View File

@@ -1,10 +1,6 @@
convert
=======
Convert a thin jail to a thick jail.
Convert a thick jail to a custom release.
Converting a thin jail to a thick jail requires only the TARGET arg.
.. code-block:: shell
@@ -28,10 +24,11 @@ flag.
.. code-block:: shell
ishmael ~ # bastille convert help
Usage: bastille convert [option(s)] TARGET [RELEASE]
Usage: bastille convert [option(s)] TARGET
TARGET RELEASE
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-y | --yes Do not prompt. Just convert.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/cp.rst
View File

@@ -1,8 +1,6 @@
cp
==
Copy files from host to jail(s).
.. code-block:: shell
ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf /etc/resolv.conf
@@ -28,5 +26,5 @@ Unless you see errors reported in the output the ``cp`` was successful.
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
-q | --quiet Suppress output.
-x | --debug Enable debug mode.

30
docs/chapters/subcommands/create.rst
View File

@@ -57,20 +57,20 @@ options. See the below help output.
Options:
-B | --bridge Enable VNET, and attach to a specified, already existing external bridge.
-C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).
-E | --empty Create an empty container, intended for custom jail builds (thin/thick/linux or unsupported).
-g | --gateway IP Specify a default router/gateway for the jail.
-B | --bridge Enable VNET. INTERFACE must be a bridge.
-C | --clone Create a clone jail (ZFS only).
-D | --dual Use dual (IPv4+6) networking (IP=[inherit|ip_hostname] only).
-E | --empty Create an empty jail.
-g | --gateway IP Specify a default router/gateway.
-L | --linux Create a Linux jail (experimental).
-M | --static-mac Generate a static MAC address for jail (VNET only).
-n | --nameserver IP,IP Specify nameserver(s) for the jail. Comma separated.
--no-validate Do not validate the release when creating the jail.
--no-boot Create jail with boot=off.
-P | --passthrough Enable VNET, and pass the specified interface into the jail.
-p | --priority VALUE Set priority value for jail.
-T | --thick Creates a thick container, they consume more space as they are self contained and independent.
-V | --vnet Enable VNET, and attach to an existing, physical interface.
-v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only).
-M | --static-mac Use a static/persistent MAC address (VNET only).
-n | --nameserver IP Specify nameserver(s) for the jail. Comma-separated.
--no-validate Do not validate the release name.
--no-boot Set boot=off.
-P | --passthrough Enable VNET. INTERFACE is used as-is.
-p | --priority VALUE Set priority value.
-T | --thick Create a thick jail.
-V | --vnet Enable VNET. INTERFACE must be a physical interface.
-v | --vlan VLANID Set VLAN ID (VNET only).
-x | --debug Enable debug mode.
-Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults.
-Z | --zfs-opts zfs,options Custom zfs options. Comma-separated.

15
docs/chapters/subcommands/destroy.rst
View File

@@ -1,8 +1,6 @@
destroy
=======
Destroy jails or releases.
Bastille will normally ask if you are sure you want to delete targeted jail(s).
Use the ``-y|--yes`` option to bypass this prompt.
@@ -21,12 +19,13 @@ option will retain the release cache (*.txz file), if you choose to keep it.
.. code-block:: shell
ishmael ~ # bastille destroy help
Usage: bastille destroy [option(s)] JAIL|RELEASE
Usage: bastille destroy [option(s)] JAIL
RELEASE
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-c | --no-cache Do no destroy cache when destroying a release.
-f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only).
-y | --yes Do no prompt. Just destroy.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-c | --no-cache Do not destroy cache when destroying a release (legacy releases).
-f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only).
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.

2
docs/chapters/subcommands/edit.rst
View File

@@ -1,8 +1,6 @@
edit
====
Edit jail config files.
.. code-block:: shell
ishmael ~ # bastille edit azkaban [FILE]

10
docs/chapters/subcommands/etcupdate.rst
View File

@@ -39,10 +39,12 @@ To show only the differences between the releases, use the ``diff`` command.
.. code-block:: shell
ishmael ~ # bastille etcupdate help
Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]
Usage: bastille etcupdate [option(s)] bootstrap RELEASE
TARGET update RELEASE
TARGET diff|resolve
Options:
-d | --dry-run Show output, but do not apply.
-f | --force Force a re-bootstrap of a RELEASE.
-x | --debug Enable debug mode.
-d | --dry-run Show output, but do not apply.
-f | --force Force a re-bootstrap of a RELEASE.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/export.rst
View File

@@ -22,15 +22,15 @@ Available options are:
.. code-block:: shell
ishmael ~ # bastille export help
Usage: bastille export [option(s)] TARGET PATH
Usage: bastille export [option(s)] TARGET [PATH]
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --live Export a running jail (ZFS only).
--gz Export to '.gz' compressed image (ZFS only).
--gz Export to a '.gz' compressed image (ZFS only).
--xz Export to a '.xz' compressed image (ZFS only).
--zst Export to a .zst compressed image (ZFS only).
--zst Export to a '.zst' compressed image (ZFS only).
--raw Export to an uncompressed RAW image (ZFS only).
--tgz Export to a '.tgz' compressed archive.
--txz Export to a '.txz' compressed archive.

4
docs/chapters/subcommands/htop.rst
View File

@@ -15,5 +15,5 @@ in the jail.
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/import.rst
View File

@@ -1,8 +1,6 @@
import
======
Import a jail backup image or archive.
.. code-block:: shell
ishmael ~ # bastille import /path/to/archive.file
@@ -19,8 +17,8 @@ To import to a specified release, specify it as the last argument.
Options:
-f | --force Force an archive import regardless if the checksum file does not match or missing.
-M | --static-mac Generate static MAC for jail when importing foreign jails like iocage.
-f | --force Force an archive import without validating checksum.
-M | --static-mac Use a static/persistent MAC address (VNET only) when importing foreign jails.
-v | --verbose Enable verbose mode (ZFS only).
-x | --debug Enable debug mode.

8
docs/chapters/subcommands/jcp.rst
View File

@@ -1,8 +1,6 @@
jcp
===
Copy files from jail to jail(s).
.. code-block:: shell
ishmael ~ # bastille jcp bastion /tmp/resolv.conf-cf ALL /etc/resolv.conf
@@ -22,9 +20,9 @@ Unless you see errors reported in the output the ``jcp`` was successful.
.. code-block:: shell
ishmael ~ # bastille jcp help
Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH
Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATH
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
-q | --quiet Suppress output.
-x | --debug Enable debug mode.

13
docs/chapters/subcommands/limits.rst
View File

@@ -4,8 +4,6 @@ limits
rctl
----
Set resourse limits for targeted jail(s).
To add a limit, use ``bastille limits TARGET add OPTION VALUE``.
To clear the limits from the system, use ``bastille limits TARGET clear``.
@@ -43,13 +41,16 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
.. code-block:: shell
ishmael ~ # bastille limits help
Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]
Usage: bastille limits [option(s)] TARGET add OPTION VALUE
TARGET remove OPTION"
TARGET clear|reset|stats"
TARGET list|show [active]"
Example: bastille limits TARGET add memoryuse 1G
Example: bastille limits TARGET add cpu 0,1,2
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (rctl only).
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (RCTL only).
-x | --debug Enable debug mode.

15
docs/chapters/subcommands/list.rst
View File

@@ -13,12 +13,13 @@ Use ``-p|--pretty`` to print in columns instead of rows.
.. code-block:: shell
ishmael ~ # bastille list help
Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]
[path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type]
Usage: bastille list [option(s)] [all|backup|export|import|ip|jail|limit]"
[log|path|port|priority|release|snapshot|state|template|type]"
Options:
-d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns. Must be used with -j|--json.
-u | --up List running jails only.
-x | --debug Enable debug mode.
-d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns. Must be used with -j|--json.
-u | --up List running jails only.
-x | --debug Enable debug mode.

8
docs/chapters/subcommands/migrate.rst
View File

@@ -14,16 +14,10 @@ port by supplying it as in ``user@host:port``.
ishmael ~ # bastille migrate help
Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT]
Examples:
bastille migrate attica migrate@192.168.10.100
bastille migrate attica migrate@192.168.1.10:20022
bastille migrate --keyfile id_rsa attica migrate@192.168.1.10
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-b | --backup Retain archives on remote system.
-b | --backup Keep archives on remote system.
-d | --destroy Destroy local jail after migration.
| --doas Use 'doas' instead of 'sudo'.
-k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh'

8
docs/chapters/subcommands/mount.rst
View File

@@ -1,8 +1,6 @@
mount
=====
To mount storage within the container use ``bastille mount``.
Syntax follows standard ``/etc/fstab`` format:
.. code-block:: shell
@@ -67,8 +65,8 @@ It is possible to do the same for the jail path, but again, not recommemded.
.. code-block:: shell
ishmael ~ # bastille mount help
Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]
Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [FS_TYPE OPTIONS DUMP PASS_NUMBER]
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

13
docs/chapters/subcommands/network.rst
View File

@@ -1,8 +1,6 @@
network
=======
Add or remove interfaces to existing jails.
You can only add an interface once to a jail, with two exceptions.
1. For classic jails, you can add an interface as many times as you want, but
@@ -36,15 +34,16 @@ network TARGET remove INTERFACE`` while both jails are stopped.
.. code-block:: shell
ishmael ~ # bastille network help
Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP]
Usage: bastille network [option(s)] TARGET add INTERFACE [IP]
TARGET remove INTERFACE
Options:
-a | --auto Start/stop jail(s) if required.
-B | --bridge Add a bridge VNET interface.
-M | --static-mac Generate a static MAC address for the interface (VNET only).
-B | --bridge Add a bridge interface.
-M | --static-mac Use a static/persistent MAC address (VNET only).
-n | --no-ip Create interface without an IP (VNET only).
-P | --passthrough Add a raw interface.
-V | --vnet Add a VNET interface.
-v | --vlan VLANID Assign VLAN ID to interface (VNET only).
-V | --vnet Add a physical interface.
-v | --vlan VLANID Assign VLANID to interface (VNET only).
-x | --debug Enable debug mode.

10
docs/chapters/subcommands/pkg.rst
View File

@@ -1,8 +1,6 @@
pkg
===
Manage binary packages inside jails.
.. code-block:: shell
ishmael ~ # bastille pkg folsom install vim-console git-lite zsh
@@ -111,7 +109,7 @@ you can fully leverage the pkg manager. This means, ``install``, ``update``,
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-H | --host Use the hosts 'pkg' instead of the jails.
-y | --yes Assume always yes for pkg. Do not prompt.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-H | --host Use host 'pkg' binary instead of jails.
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/rcp.rst
View File

@@ -1,8 +1,6 @@
rcp
===
This command allows copying files from jail to host.
.. code-block:: shell
ishmael ~ # bastille rcp bastion /test/testfile.txt /tmp/testfile.txt
@@ -18,5 +16,5 @@ Unless you see errors reported in the output the ``rcp`` was successful.
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
-q | --quiet Suppress output.
-x | --debug Enable debug mode.

11
docs/chapters/subcommands/rdr.rst
View File

@@ -75,12 +75,13 @@ Simply use the table name instead of an IP address or subnet.
.. code-block:: shell
# bastille rdr --help
Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )]
Usage: bastille rdr [option(s)] TARGET tcp|udp HOST_PORT JAIL_PORT [log LOG_OPTIONS]
TARGET clear|reset|list
Options:
-d | --destination IP Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
-i | --interface IF,IF Specify interface(s) to apply rule to. Comman separated.
-s | --source IP|table Limit rdr to a source IP or table.
-t | --type ipv4|ipv6 Specify IP type. Must be used if -s or -d are used. Defaults to both.
-d | --destination IP Limit rdr to a destination IP.
-i | --interface IF,IF Specify interface(s) to apply rule to. Comma-separated.
-s | --source IP|TABLE Limit rdr to a source IP or table.
-t | --type ipv4|ipv6 Specify IP type. Must be used if '-s' or '-d' are used. Defaults to both.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/rename.rst
View File

@@ -1,8 +1,6 @@
rename
======
Rename a jail.
.. code-block:: shell
ishmael ~ # bastille rename azkaban arkham
@@ -14,5 +12,5 @@ Rename a jail.
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

4
docs/chapters/subcommands/restart.rst
View File

@@ -1,8 +1,6 @@
restart
=======
Restart jail(s).
Bastille will attempt to stop, then start the targetted jail(s). If a jail is
not running, Bastille will still start it. To avoid this, run the restart
command with ``-i|--ignore`` to skip any stopped jail(s).
@@ -25,5 +23,5 @@ command with ``-i|--ignore`` to skip any stopped jail(s).
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-i | --ignore Ignore stopped jails (do not start if stopped).
-v | --verbose Print every action on jail restart.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/service.rst
View File

@@ -17,9 +17,9 @@ inside the jail(s).
.. code-block:: shell
ishmael ~ # bastille service help
Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS
Usage: bastille service [option(s)] TARGET SERVICE ARGS
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

15
docs/chapters/subcommands/setup.rst
View File

@@ -58,16 +58,9 @@ Running ``bastille setup`` without any options will attempt to auto-configure th
.. code-block:: shell
ishmael ~ # bastille setup -h
Usage: bastille setup [option(s)] [bridge]
[linux]
[loopback]
[netgraph]
[pf|firewall]
[shared]
[storage]
[vnet]
Usage: bastille setup [option(s)] [bridge|linux|loopback|netgraph|firewall|shared|storage|vnet]
Options:
Options:
-y | --yes Assume always yes on prompts.
-x | --debug Enable debug mode.
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.

10
docs/chapters/subcommands/start.rst
View File

@@ -1,8 +1,6 @@
start
=====
Start jail(s).
.. code-block:: shell
ishmael ~ # bastille start folsom
@@ -16,7 +14,7 @@ Start jail(s).
Options:
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-v | --verbose Print every action on jail start.
-x | --debug Enable debug mode.
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/stop.rst
View File

@@ -1,8 +1,6 @@
stop
====
Stop jail(s).
.. code-block:: shell
ishmael ~ # bastille stop folsom
@@ -16,5 +14,5 @@ Stop jail(s).
Options:
-v | --verbose Print every action on jail stop.
-x | --debug Enable debug mode.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.

4
docs/chapters/subcommands/sysrc.rst
View File

@@ -19,5 +19,5 @@ See ``man sysrc(8)`` for more info.
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

7
docs/chapters/subcommands/tags.rst
View File

@@ -1,8 +1,6 @@
tags
====
The ``tags`` sub-command adds, removes or lists arbitrary tags on your jail(s).
.. code-block:: shell
ishmael ~ # bastille tags help ## display tags help
@@ -14,8 +12,9 @@ The ``tags`` sub-command adds, removes or lists arbitrary tags on your jail(s).
.. code-block:: shell
ishmael ~ # bastille tags help
Usage: bastille tags [option(s)] TARGET [add|delete|list] [tag1,tag2]
Usage: bastille tags [option(s)] TARGET add|delete TAG1,TAG2
TARGET list [TAG]
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.

8
docs/chapters/subcommands/template.rst
View File

@@ -1,8 +1,6 @@
template
========
Run preconfigured template files inside targeted jail(s).
.. code-block:: shell
ishmael ~ # bastille template azkaban project/template
@@ -17,9 +15,9 @@ The TEMPLATE arg should be called with the ``project/template`` format.
.. code-block:: shell
ishmael ~ # bastille template help
Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE
Usage: bastille template [option(s)] TARGET|--convert TEMPLATE
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

7
docs/chapters/subcommands/top.rst
View File

@@ -1,9 +1,6 @@
top
===
This command runs ``top`` in the targeted jail.
.. image:: ../../images/top.png
:align: center
:alt: bastille top container
@@ -15,5 +12,5 @@ This command runs ``top`` in the targeted jail.
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/umount.rst
View File

@@ -1,8 +1,6 @@
umount
======
Unmount storage from jail(s).
.. code-block:: shell
ishmael ~ # bastille umount azkaban /media/foo
@@ -34,5 +32,5 @@ backslash \, and enclose the mount point in quotes "".
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.

6
docs/chapters/subcommands/update.rst
View File

@@ -48,6 +48,6 @@ will be updated just like the release shown above.
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force update a release.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force update a release (FreeBSD legacy releases).
-x | --debug Enable debug mode.

9
docs/chapters/subcommands/upgrade.rst
View File

@@ -8,10 +8,11 @@ upgraded normally.
.. code-block:: shell
ishmael ~ # bastille upgrade help
Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install
Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE
TARGET install
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force upgrade a jail.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force upgrade a release (FreeBSD legacy releases).
-x | --debug Enable debug mode.

2
docs/chapters/subcommands/verify.rst
View File

@@ -40,4 +40,4 @@ release or template .
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.

10
docs/chapters/subcommands/zfs.rst
View File

@@ -24,14 +24,14 @@ To destroy a snaphot however, you must supply a TAG. To destroy a snapshot, run
.. code-block:: shell
ishmael ~ # bastille zfs help
Usage: bastille zfs [option(s)] TARGET destroy|rollback|snapshot TAG"
Usage: bastille zfs [option(s)] TARGET snapshot|destroy|rollback [TAG]"
df|usage"
get|set key=value"
get|set KEY=VALUE"
jail pool/dataset /jail/path"
unjail pool/dataset"
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.

51
docs/chapters/usage.rst
View File

@@ -13,42 +13,43 @@ Usage
Available Commands:
bootstrap Bootstrap a release or template(s).
clone Clone an existing jail.
cmd Execute command inside targeted jail(s).
config Get, set, add or remove properties from targeted jail(s).
cmd Execute command(s) inside jail(s).
config Get, set, add or remove properties from jail(s).
console Console into a jail.
convert Convert thin jail to thick jail, or convert a jail to a custom release.
cp cp(1) files from host to targeted jail(s).
convert Convert a jail from thin to thick; convert a jail to a custom release.
cp Copy file(s)/directorie(s) from host to jail(s).
create Create a jail.
destroy Destroy a jail or release.
destroy Destroy jail(s) or release(s).
edit Edit jail configuration files (advanced).
etcupdate Update /etc for jail(s).
export Export a jail.
help Help about any command.
help Help for any command.
htop Interactive process viewer (requires htop).
import Import a jail.
jcp cp(1) files from a jail to jail(s).
limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1).
jcp Copy file(s)/directorie(s) from jail to jail(s).
limits Apply resources limits to jail(s). See rctl(8) and cpuset(1).
list List jails, releases, templates and more...
migrate Migrate targeted jail(s) to a remote system.
mount Mount a volume inside targeted jail(s).
network Add or remove interfaces from targeted jail(s).
pkg Manipulate binary packages within targeted jail(s). See pkg(8).
rcp cp(1) files from a jail to host.
migrate Migrate jail(s) to a remote system.
mount Mount file(s)/directorie(s) inside jail(s).
network Add or remove interface(s) from jail(s).
pkg Manage packages inside jail(s). See pkg(8).
rcp Copy file(s)/directorie(s) from jail to host.
rdr Redirect host port to jail port.
rename Rename a jail.
restart Restart a jail.
service Manage services within targeted jail(s).
setup Attempt to auto-configure network, firewall and storage and more...
start Start a stopped jail.
stop Stop a running jail.
sysrc Safely edit rc files within targeted jail(s).
tags Add or remove tags to targeted jail(s).
template Apply file templates to targeted jail(s).
top Display and update information about the top(1) cpu processes.
umount Unmount a volume from targeted jail(s).
update Update jail base -pX release.
upgrade Upgrade jail release to X.Y-RELEASE.
service Manage services within jail(s).
setup Auto-configure network, firewall, storage and more...
start Start stopped jail(s).
stop Stop running jail(s).
sysrc Edit rc files inside jail(s).
tags Add or remove tags to jail(s).
template Apply templates to jail(s).
top Process viewer. See top(1).
umount Unmount file(s)/directorie(s) from jail(s).
update Update a jail or release.
upgrade Upgrade a jail to new release.
verify Compare release against a "known good" index.
zfs Manage (get|set) ZFS attributes on targeted jail(s).
zfs Manage ZFS options/attributes for jail(s).
Use "bastille -v|--version" for version information.
Use "bastille command -h|--help" for more information about a command.

53
usr/local/bin/bastille
View File

@@ -73,47 +73,48 @@ Bastille is an open-source system for automating deployment and management of
containerized applications on FreeBSD.
Usage:
bastille [option(s)] command [option(s)] TARGET ARGS
bastille [option(s)] COMMAND [option(s)] TARGET ARGS
Available Commands:
bootstrap Bootstrap a release or template(s).
clone Clone an existing jail.
cmd Execute command inside targeted jail(s).
config Get, set, add or remove properties from targeted jail(s).
cmd Execute command(s) inside jail(s).
config Get, set, add or remove properties from jail(s).
console Console into a jail.
convert Convert thin jail to thick jail, or convert a jail to a custom release.
cp cp(1) files from host to targeted jail(s).
convert Convert a jail from thin to thick; convert a jail to a custom release.
cp Copy file(s)/directorie(s) from host to jail(s).
create Create a jail.
destroy Destroy a jail or release.
destroy Destroy jail(s) or release(s).
edit Edit jail configuration files (advanced).
etcupdate Update /etc for jail(s).
export Export a jail.
help Help about any command.
help Help for any command.
htop Interactive process viewer (requires htop).
import Import a jail.
jcp cp(1) files from a jail to jail(s).
limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1).
jcp Copy file(s)/directorie(s) from jail to jail(s).
limits Apply resources limits to jail(s). See rctl(8) and cpuset(1).
list List jails, releases, templates and more...
migrate Migrate targeted jail(s) to a remote system.
mount Mount a volume inside targeted jail(s).
network Add or remove interfaces from targeted jail(s).
pkg Manipulate binary packages within targeted jail(s). See pkg(8).
rcp cp(1) files from a jail to host.
migrate Migrate jail(s) to a remote system.
mount Mount file(s)/directorie(s) inside jail(s).
network Add or remove interface(s) from jail(s).
pkg Manage packages inside jail(s). See pkg(8).
rcp Copy file(s)/directorie(s) from jail to host.
rdr Redirect host port to jail port.
rename Rename a jail.
restart Restart a jail.
service Manage services within targeted jail(s).
setup Attempt to auto-configure network, firewall and storage and more...
start Start a stopped jail.
stop Stop a running jail.
sysrc Safely edit rc files within targeted jail(s).
tags Add or remove tags to targeted jail(s).
template Apply file templates to targeted jail(s).
top Display and update information about the top(1) cpu processes.
umount Unmount a volume from targeted jail(s).
update Update jail base -pX release.
upgrade Upgrade jail release to X.Y-RELEASE.
service Manage services within jail(s).
setup Auto-configure network, firewall, storage and more...
start Start stopped jail(s).
stop Stop running jail(s).
sysrc Edit rc files inside jail(s).
tags Add or remove tags to jail(s).
template Apply templates to jail(s).
top Process viewer. See top(1).
umount Unmount file(s)/directorie(s) from jail(s).
update Update a jail or release.
upgrade Upgrade a jail to new release.
verify Compare release against a "known good" index.
zfs Manage (get|set) ZFS attributes on targeted jail(s).
zfs Manage ZFS options/attributes for jail(s).
Use "bastille -v|--version" for version information.
Use "bastille command -h|--help" for more information about a command.

32
usr/local/share/bastille/bootstrap.sh
View File

@@ -33,13 +33,14 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille bootstrap [option(s)] RELEASE [update|arch]"
error_notify "Usage: bastille bootstrap [option(s)] RELEASE [ARCH]"
error_notify " TEMPLATE"
cat << EOF
Options:
-p | --pkgbase Bootstrap using pkgbase (15.0-RELEASE and above).
-p | --pkgbase Bootstrap using pkgbase (FreeBSD 15.0-RELEASE and above).
-u | --update Update the release after bootstrap.
-x | --debug Enable debug mode.
EOF
@@ -217,11 +218,11 @@ validate_release() {
# Validate OPTION
if [ -n "${OPTION}" ]; then
if [ -n "${OPT_ARCH}" ]; then
# Alternate RELEASE/ARCH fetch support
if [ "${OPTION}" = "--i386" ] || [ "${OPTION}" = "--32bit" ]; then
if [ "${OPT_ARCH}" = "--i386" ] || [ "${OPT_ARCH}" = "--32bit" ]; then
ARCH="i386"
RELEASE="${RELEASE}-${ARCH}"
RELEASE="${RELEASE}-${OPT_ARCH}"
fi
fi
}
@@ -506,12 +507,17 @@ bootstrap_template() {
# Handle options.
PKGBASE=0
OPT_UPDATE=0
ERRORS=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-u|--update)
OPT_UPDATE=1
shift
;;
-p|--pkgbase)
PKGBASE=1
shift
@@ -537,7 +543,7 @@ while [ "$#" -gt 0 ]; do
done
RELEASE="${1}"
OPTION="${2}"
OPT_ARCH="${2}"
NOCACHEDIR=""
HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }')
HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
@@ -583,9 +589,9 @@ else
fi
# Alternate RELEASE/ARCH fetch support(experimental)
if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" != "update" ]; then
if [ -n "${OPT_ARCH}" ] && [ "${OPT_ARCH}" != "${HW_MACHINE}" ] && [ "${OPT_ARCH}" != "update" ]; then
# Supported architectures
if [ "${OPTION}" = "--i386" ] || [ "${OPTION}" = "--32bit" ]; then
if [ "${OPT_ARCH}" = "--i386" ] || [ "${OPT_ARCH}" = "--32bit" ]; then
HW_MACHINE="i386"
HW_MACHINE_ARCH="i386"
else
@@ -725,12 +731,10 @@ esac
# Check for errors
if [ "${ERRORS}" -eq 0 ]; then
# Check for OPTION=update
case "${OPTION}" in
update)
bastille update "${RELEASE}"
;;
esac
# Check for OPT_UPDATE
if [ "${OPT_UPDATE}" -eq 1 ]; then
bastille update "${RELEASE}"
fi
# Success
info "\nBootstrap successful."

2
usr/local/share/bastille/config.sh
View File

@@ -40,7 +40,7 @@ usage() {
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/console.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

9
usr/local/share/bastille/convert.sh
View File

@@ -33,14 +33,15 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille convert [option(s)] TARGET [RELEASE]"
error_notify "Usage: bastille convert [option(s)] TARGET"
error_notify " TARGET RELEASE"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-y | --yes Do not prompt. Just convert.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/cp.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
EOF
exit 1

30
usr/local/share/bastille/create.sh
View File

@@ -40,23 +40,23 @@ usage() {
Options:
-B | --bridge Enable VNET, and attach to a specified, already existing bridge.
-C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).
-E | --empty Create an empty jail, intended for custom jail builds (thin/thick/linux or unsupported).
-g | --gateway IP Specify a default router/gateway for the jail.
-B | --bridge Enable VNET. INTERFACE must be a bridge.
-C | --clone Create a clone jail (ZFS only).
-D | --dual Use dual (IPv4+6) networking (IP=[inherit|ip_hostname] only).
-E | --empty Create an empty jail.
-g | --gateway IP Specify a default router/gateway.
-L | --linux Create a Linux jail (experimental).
-M | --static-mac Generate a static MAC address for jail (VNET only).
-n | --nameserver IP,IP Specify nameserver(s) for the jail. Comma separated.
--no-validate Do not validate the release when creating the jail.
--no-boot Create jail with boot=off.
-P | --passthrough Enable VNET, and pass the specified interface into the jail.
-p | --priority VALUE Set priority value for the jail.
-T | --thick Create a thick jail. This is an entirely self contained and independant jail.
-V | --vnet Enable VNET, and attach to an existing, physical interface.
-v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only).
-M | --static-mac Use a static/persistent MAC address (VNET only).
-n | --nameserver IP Specify nameserver(s) for the jail. Comma-separated.
--no-validate Do not validate the release name.
--no-boot Set boot=off.
-P | --passthrough Enable VNET. INTERFACE is used as-is.
-p | --priority VALUE Set priority value.
-T | --thick Create a thick jail.
-V | --vnet Enable VNET. INTERFACE must be a physical interface.
-v | --vlan VLANID Set VLAN ID (VNET only).
-x | --debug Enable debug mode.
-Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults.
-Z | --zfs-opts zfs,options Custom zfs options. Comma-separated.
EOF
exit 1

13
usr/local/share/bastille/destroy.sh
View File

@@ -33,16 +33,17 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille destroy [option(s)] JAIL|RELEASE"
error_notify "Usage: bastille destroy [option(s)] JAIL"
error_notify " RELEASE"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-c | --no-cache Do no destroy cache when destroying a release.
-f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only).
-y | --yes Do no prompt. Just destroy.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-c | --no-cache Do not destroy cache when destroying a release (legacy releases).
-f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only).
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.
EOF
exit 1

2
usr/local/share/bastille/edit.sh
View File

@@ -38,7 +38,7 @@ usage() {
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.
EOF
exit 1

10
usr/local/share/bastille/etcupdate.sh
View File

@@ -30,14 +30,16 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]"
error_notify "Usage: bastille etcupdate [option(s)] bootstrap RELEASE"
error_notify " TARGET update RELEASE"
error_notify " TARGET diff|resolve"
cat << EOF
Options:
-d | --dry-run Show output, but do not apply.
-f | --force Force a re-bootstrap of a RELEASE.
-x | --debug Enable debug mode.
-d | --dry-run Show output, but do not apply.
-f | --force Force a re-bootstrap of a RELEASE.
-x | --debug Enable debug mode.
EOF
exit 1

6
usr/local/share/bastille/export.sh
View File

@@ -37,16 +37,16 @@ usage() {
# Valid compress/options for ZFS systems are raw, .gz, .tgz, .txz and .xz
# Valid compress/options for non ZFS configured systems are .tgz and .txz
# If no compression option specified, user must redirect standard output
error_notify "Usage: bastille export [option(s)] TARGET PATH"
error_notify "Usage: bastille export [option(s)] TARGET [PATH]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --live Export a running jail (ZFS only).
--gz Export to '.gz' compressed image (ZFS only).
--gz Export to a '.gz' compressed image (ZFS only).
--xz Export to a '.xz' compressed image (ZFS only).
--zst Export to a .zst compressed image (ZFS only).
--zst Export to a '.zst' compressed image (ZFS only).
--raw Export to an uncompressed RAW image (ZFS only).
--tgz Export to a '.tgz' compressed archive.
--txz Export to a '.txz' compressed archive.

4
usr/local/share/bastille/htop.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/import.sh
View File

@@ -40,8 +40,8 @@ usage() {
Options:
-f | --force Force an archive import regardless if the checksum file does not match or missing.
-M | --static-mac Generate static MAC for jail when importing foreign jails like iocage.
-f | --force Force an archive import without validating checksum.
-M | --static-mac Use a static/persistent MAC address (VNET only) when importing foreign jails.
-v | --verbose Enable verbose mode (ZFS only).
-x | --debug Enable debug mode.

6
usr/local/share/bastille/jcp.sh
View File

@@ -33,13 +33,13 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH"
error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATH"
cat << EOF
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
EOF
exit 1

11
usr/local/share/bastille/limits.sh
View File

@@ -34,7 +34,10 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]"
error_notify "Usage: bastille limits [option(s)] TARGET add OPTION VALUE"
error_notify " TARGET remove OPTION"
error_notify " TARGET clear|reset|stats"
error_notify " TARGET list|show [active]"
cat << EOF
Example: bastille limits TARGET add memoryuse 1G
@@ -42,9 +45,9 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (rctl only).
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (RCTL only).
-x | --debug Enable debug mode.
EOF
exit 1

16
usr/local/share/bastille/list.sh
View File

@@ -33,16 +33,16 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]"
error_notify " [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type]"
error_notify "Usage: bastille list [option(s)] [all|backup|export|import|ip|jail|limit]"
error_notify " [log|path|port|priority|release|snapshot|state|template|type]"
cat << EOF
Options:
-d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns.
-u | --up List running jails only.
-x | --debug Enable debug mode.
-d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns.
-u | --up List running jails only.
-x | --debug Enable debug mode.
EOF
exit 1
@@ -786,7 +786,7 @@ if [ "$#" -eq 1 ]; then
fi
;;
release|releases)
list_release "${2}"
list_release "-p"
;;
snap|snapshot|snapshots)
list_snapshot

10
usr/local/share/bastille/migrate.sh
View File

@@ -36,19 +36,13 @@ usage() {
error_notify "Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT]"
cat << EOF
Examples:
bastille migrate attica migrate@192.168.10.100
bastille migrate attica migrate@192.168.1.10:20022
bastille migrate --keyfile id_rsa attica migrate@192.168.1.10
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-b | --backup Retain archives on remote system.
-b | --backup Keep archives on remote system.
-d | --destroy Destroy local jail after migration.
| --doas Use 'doas' instead of 'sudo'.
-k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh'
-k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh'.
-l | --live Migrate a running jail (ZFS only).
-p | --password Use password based authentication.
-x | --debug Enable debug mode.

6
usr/local/share/bastille/mount.sh
View File

@@ -33,13 +33,13 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]"
error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [FS_TYPE OPTIONS DUMP PASS_NUMBER]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

11
usr/local/share/bastille/network.sh
View File

@@ -34,18 +34,19 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_notify "Usage: bastille network [option(s)] TARGET remove|add INTERFACE [IP]"
error_notify "Usage: bastille network [option(s)] TARGET add INTERFACE [IP]"
error_notify " TARGET remove INTERFACE"
cat << EOF
Options:
-a | --auto Start/stop jail(s) if required.
-B | --bridge Add a bridge VNET interface.
-M | --static-mac Generate a static MAC address for the interface (VNET only).
-B | --bridge Add a bridge interface.
-M | --static-mac Use a static/persistent MAC address (VNET only).
-n | --no-ip Create interface without an IP (VNET only).
-P | --passthrough Add a raw interface.
-V | --vnet Add a VNET interface.
-v | --vlan VLANID Assign VLAN ID to interface (VNET only).
-V | --vnet Add a physical interface.
-v | --vlan VLANID Assign VLANID to interface (VNET only).
-x | --debug Enable debug mode.
EOF

8
usr/local/share/bastille/pkg.sh
View File

@@ -38,10 +38,10 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-H | --host Use the hosts 'pkg' instead of the jails.
-y | --yes Assume always yes for pkg command. Do not prompt.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-H | --host Use host 'pkg' binary instead of jails.
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/rcp.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
EOF
exit 1

11
usr/local/share/bastille/rdr.sh
View File

@@ -33,15 +33,16 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]"
error_notify "Usage: bastille rdr [option(s)] TARGET tcp|udp HOST_PORT JAIL_PORT [log LOG_OPTIONS]"
error_notify " TARGET clear|reset|list"
cat << EOF
Options:
-d | --destination IP Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
-i | --interface IF,IF Specify interface(s) to apply rule to. Comman separated.
-s | --source IP|table Limit rdr to a source IP or table.
-t | --type ipv4|ipv6 Specify IP type. Must be used if -s or -d are used. Defaults to both.
-d | --destination IP Limit rdr to a destination IP.
-i | --interface IF,IF Specify interface(s) to apply rule to. Comma-separated.
-s | --source IP|TABLE Limit rdr to a source IP or table.
-t | --type ipv4|ipv6 Specify IP type. Must be used if '-s' or '-d' are used. Defaults to both.
-x | --debug Enable debug mode.
EOF

4
usr/local/share/bastille/rename.sh
View File

@@ -35,8 +35,8 @@ usage() {
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

2
usr/local/share/bastille/restart.sh
View File

@@ -41,7 +41,7 @@ usage() {
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-i | --ignore Ignore stopped jails (do not start if stopped).
-v | --verbose Print every action on jail start.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.
EOF

6
usr/local/share/bastille/service.sh
View File

@@ -33,13 +33,13 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS"
error_notify "Usage: bastille service [option(s)] TARGET SERVICE ARGS"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

11
usr/local/share/bastille/setup.sh
View File

@@ -33,19 +33,12 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille setup [option(s)] [bridge]"
error_notify " [linux]"
error_notify " [loopback]"
error_notify " [netgraph]"
error_notify " [pf|firewall]"
error_notify " [shared]"
error_notify " [storage]"
error_notify " [vnet]"
error_notify "Usage: bastille setup [option(s)] [bridge|linux|loopback|netgraph|firewall|shared|storage|vnet]"
cat << EOF
Options:
-y | --yes Assume always yes on prompts.
-y | --yes Do not prompt. Assume always yes.
-x | --debug Enable debug mode.
EOF

8
usr/local/share/bastille/start.sh
View File

@@ -38,10 +38,10 @@ usage() {
Options:
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-v | --verbose Print every action on jail start.
-x | --debug Enable debug mode.
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/stop.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-v | --verbose Print every action on jail stop.
-x | --debug Enable debug mode.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/sysrc.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

5
usr/local/share/bastille/tags.sh
View File

@@ -34,12 +34,13 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille tags [option(s)] TARGET [add|delete|list] [tag1,tag2]"
error_notify "Usage: bastille tags [option(s)] TARGET add|delete TAG1,TAG2"
error_notify " TARGET list [TAG]"
cat << EOF
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.
EOF
exit 1

6
usr/local/share/bastille/template.sh
View File

@@ -33,13 +33,13 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE"
error_notify "Usage: bastille template [option(s)] TARGET|--convert TEMPLATE"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/top.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

4
usr/local/share/bastille/umount.sh
View File

@@ -38,8 +38,8 @@ usage() {
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1

6
usr/local/share/bastille/update.sh
View File

@@ -37,9 +37,9 @@ usage() {
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force update a release.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force update a release (FreeBSD legacy releases).
-x | --debug Enable debug mode.
EOF
exit 1

9
usr/local/share/bastille/upgrade.sh
View File

@@ -33,14 +33,15 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install"
error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE"
error_notify " TARGET install"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force upgrade a release.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force upgrade a release (FreeBSD legacy releases).
-x | --debug Enable debug mode.
EOF
exit 1

2
usr/local/share/bastille/verify.sh
View File

@@ -38,7 +38,7 @@ usage() {
Options:
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.
EOF
exit 1

11
usr/local/share/bastille/zfs.sh
View File

@@ -34,18 +34,17 @@
usage() {
error_notify "Usage: bastille zfs [option(s)] TARGET destroy|rollback [TAG]|snapshot [TAG]"
error_notify "Usage: bastille zfs [option(s)] TARGET snapshot|destroy|rollback [TAG]"
error_notify " df|usage"
error_notify " get|set key=value"
error_notify " get|set KEY=VALUE"
error_notify " jail pool/dataset /jail/path"
error_notify " unjail pool/dataset"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.
-a | --auto Auto mode. Start/stop jail(s) if required.
-v | --verbose Enable verbose mode.
-x | --debug Enable debug mode.
EOF
exit 1

53
usr/local/share/man/man1/bastille-bootstrap.1
View File

@@ -1,51 +1,59 @@
.Dd 2025/12/04
.Dd 2025/12/06
.Dt bastille-bootstrap 1
.Os
.Sh NAME
.Nm bastille bootstrap
.Nd bootstrap a release or template(s)
.Nd Bootstrap a release or template(s).
.Sh SYNOPSIS
.Nm
.Op Fl px
.Op Fl pux
.Ar RELEASE
.Op Cm update|arch
.Op ARCH
.Nm
.Op Fl x
.Ar TEMPLATE
.Sh DESCRIPTION
The
.Nm
will bootstrap a release to use when creating jails. It will
sub-command will bootstrap a release to use when creating jails. It will
also fetch and verify templates if a url is given as an arguement.
.Bl -tag -width Ds
.It bootstrap Oo Fl px Oc Ar RELEASE Op Cm update|ARCH
.It Sy bastille bootstrap Oo Fl pux Oc Ar RELEASE Op ARCH
.Bl -tag -width Ds
.It Fl p , Fl -pkgbase
Bootstrap a release using PkgBase package sets. By default Bastille
will use legacy distribution sets to bootstrap a release. For FreeBSD
version 16.x and above, PkgBase is the default.
Bootstrap using pkgbase (FreeBSD 15.0-RELEASE and above). Bastille uses
distribution sets by default, but this option enables the use of
package sets when bootstrapping FreeBSD release.
.It Fl u , Fl -update
Update the release after bootstrap.
.It Fl x , Fl -debug
Enable debug mode.
.It update
This will update the release using
.Nm bastille update RELEASE
after bootstrapping it.
.It ARCH
Specify an architecture when bootstrapping a release. This is usually
not needed, as Bastille detects this automatically for most
use cases.
.Pp
If
.Ar ARCH
is specified, it will be used to bootstrap, as
opposed to using the hosts arch.
.El
.It bootstrap Oo Fl x Oc Ar TEMPLATE
.It Sy bastille bootstrap Oo Fl x Oc Ar TEMPLATE
.Bl -tag -width Ds
.It Fl x , Fl -debug
Enable debug mode.
.Pp
.Ar TEMPLATE
should be a url containing either a single template, or multiple
templates.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Bootstrap 15.0-RELEASE:
.Nm bastille bootstrap 15.0-RELEASE
.Sy bastille bootstrap 15.0-RELEASE
.It Bootstrap official BastilleBSD templates:
.Nm bastille bootstrap https://github.com/BastilleBSD/templates
.Sy bastille bootstrap https://github.com/BastilleBSD/templates
.It Bootstrap 15.0-RELEASE using PkgBase:
.Nm bastille bootstrap -p 15.0-RELEASE
.Sy bastille bootstrap -p 15.0-RELEASE
.It Bootstrap 15.0-RELEASE using i386 as the arch:
.Sy bastille bootstrap 15.0-RELEASE --i386
.It Bootstrap the official BastilleBSD template collection:
.Sy bastille bootstrap https://github.com/BastilleBSD/templates
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-clone 1 ,
@@ -78,9 +86,10 @@ Enable debug mode.
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1 ,
.Xr bastille-zfs 1

22
usr/local/share/man/man1/bastille-clone.1
View File

@@ -1,30 +1,27 @@
.Dd 2025/12/04
.Dd 2025/12/06
.Dt bastille-clone 1
.Os
.Sh NAME
.Nm bastille clone
.Nd clone an existing jail
.Nd Clone an existing jail.
.Sh SYNOPSIS
.Nm
.Op Fl alx
.Ar TARGET NEW_NAME IP
.Sh DESCRIPTION
The
.Nm
will create an exact duplicate of the targeted jail, giving it
sub-command will create an exact duplicate of the targeted jail, giving it
the specified
.Ar NEW_NAME
and
.Ar IP address .
.Ss OPTIONS
.Ar IP
address.
.Bl -tag -width Ds
.It Fl a , Fl -auto
Instead of printing an error stating that the jail needs to be
stopped, this option will simply stop the jail (if running) before
proceeding to clone it. Cannot be used with
.Sy -l|--live .
Auto mode. Start/stop jail(s) if required. Cannot be used with [-l|--live].
.It Fl l , Fl -live
Attempt to clone a running jail (ZFS only). Cannot be used with
.Sy -a|--auto .
Clone a running jail (ZFS only). Cannot be used with [-a|--auto].
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
@@ -67,9 +64,10 @@ Enable debug mode.
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1 ,
.Xr bastille-zfs 1

18
usr/local/share/man/man1/bastille-cmd.1
View File

@@ -1,29 +1,30 @@
.Dd 2025/12/04
.Dd 2025/12/06
.Dt bastille-cmd 1
.Os
.Sh NAME
.Nm bastille cmd
.Nd execute commands inside targeted jail(s)
.Nd Execute command(s) inside jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl ax
.Ar TARGET COMMAND
.Sh DESCRIPTION
The
.Nm
will run the specified command inside targeted jail(s)
sub-command will run the specified
.Ar COMMAND
inside
.Ar TARGET .
.Ss OPTIONS
.Bl -tag -width Ds
.It Fl a , Fl -auto
Instead of printing an error stating that the jail needs to be
running, this option will simply start the jail (if stopped) before
proceeding to run the command inside it.
Auto mode. Start/stop jail(s) if required.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It List contents of /etc:
.Sy bastille cmd TARGET ls /etc
.El
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
@@ -56,9 +57,10 @@ Enable debug mode.
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1 ,
.Xr bastille-zfs 1

46
usr/local/share/man/man1/bastille-config.1
View File

@@ -1,9 +1,9 @@
.Dd 2025/12/04
.Dd 2025/12/06
.Dt bastille-config 1
.Os
.Sh NAME
.Nm bastille config
.Nd get, set, add or remove properties from targeted jail(s)
.Nd Get, set, add or remove properties from jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl x
@@ -15,25 +15,40 @@
.Cm get|remove
.Ar PROPERTY
.Sh DESCRIPTION
The
.Nm
can modify targeted jail(s) configuration and
sub-command will modify targeted jail(s) configuration and
get, set, add or remove properties.
.Ss ACTIONS
.Bl -tag -width Ds
.It Sy bastille config Oo Fl x Oc Sy set|add Ar PROPERTY Op VALUE
.Bl -tag -width Ds
.It Sy set
Set the value of the specified property from the jail configuration.
If the property is not set, it will be added and set. The VALUE part
is optional for some values. For example, allow.mlock does not need
a VALUE, but it won't do any harm to set it as 1 (enable).
If the property is not set, it will be added and set.
.It Sy add
Same as
.Sy set .
.It Sy get
Get the value of the specified property from the jail configuration.
.It Sy remove
Remove the specified property from the jail configuration.
.Ss OPTIONS
Same as set.
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
It is not always necesary to set a
.Ar VALUE
for a
.Ar PROPERTY .
For example, 'allow.mlock=1' is the same as 'allow.mlock'.
.It Sy bastille config Oo Fl x Oc Sy get|remove Ar PROPERTY
.Bl -tag -width Ds
.It Sy get
Get the value of the specified
.Ar PROPERTY
from the jail configuration. If a property is not present, 'not
enabled' will be shown. If the property has no value, but
is present, 'enabled' will be returned. Otherwise you will be
shown the value.
.It Sy remove
Remove the specified
.Ar PROPERTY
from the jail configuration.
.It Fl x , -debug
Enable debug mode.
.Sh EXAMPLES
@@ -76,9 +91,10 @@ Enable debug mode.
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1 ,
.Xr bastille-zfs 1

68
usr/local/share/man/man1/bastille-console.1 Normal file
View File

@@ -0,0 +1,68 @@
.Dd 2025/12/06
.Dt bastille-console 1
.Os
.Sh NAME
.Nm bastille console
.Nd Console into a jail.
.Sh SYNOPSIS
.Nm
.Op Fl ax
.Ar TARGET
.Op USER
.Sh DESCRIPTION
The
.Nm
sub-command will enter a jails shell. If a user is given, it
will enter as that user.
.Bl -tag -width Ds
.It Fl a , -auto
Auto mode. Start/stop jail(s) if required.
.It Fl x , -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Console into myjail:
.Sy bastille console myjail
.It Console into myjail as bob:
.Sy bastille console myjail bob
.It Console into a stopped jail as bob:
.Sy bastille console -a myjail bob
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

96
usr/local/share/man/man1/bastille-convert.1 Normal file
View File

@@ -0,0 +1,96 @@
.Dd 2025/12/06
.Dt bastille-convert 1
.Os
.Sh NAME
.Nm bastille convert
.Nd Convert a jail from thin to thick; convert a jail to a custom release.
.Sh SYNOPSIS
.Nm
.Op Fl ayx
.Ar TARGET
.Nm
.Op Fl ax
.Ar TARGET RELEASE
.Sh DESCRIPTION
The
.Nm
sub-command will convert a thin jail to a thick jail if only the
.Ar TARGET
argument is given. If a
.Ar TARGET
and
.Ar RELEASE
is specified, it will convert the jail
(must be a thick jail) into a custom release. The jail will remain intact,
and you will have a duplicate of it to use a a release base for
any new jails.
.Bl -tag -width Ds
.It Sy bastille convert Oo Fl ayx Oc Ar TARGET
.Bl -tag -width Ds
.It Fl a , -auto
Auto mode. Start/stop jail(s) if required.
.It Fl y , -yes
Do not prompt. Assume always yes.
.It Fl x , -debug
Enable debug mode.
.Pp
Converting a thin jail to a thick jail is not reversible. You will
be be prompted to accept this action if [-y|--yes] is not specified.
.El
.It Sy bastille convert Oo Fl ayx Oc Ar TARGET RELEASE
.Bl -tag -width Ds
.It Fl a , -auto
Auto mode. Start/stop jail(s) if requried.
.It Fl x , -debug
Enable debug mode.
.Pp
A release created by this method is stored in the releases directory, and
can be used to create jails with the '--no-validate' flag. See
.Xr bastille-create 1 .
.Sh EXAMPLES
.Bl -tag -width Ds
.It Convert myjail from thin to thick:
.Sy bastille convert myjail
.It Convert myjail from thin to thick (no prompts):
.Sy bastille convert -ay myjail
.It Create myrelease from myjail:
.Sy bastille convert myjail myrelease
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

69
usr/local/share/man/man1/bastille-cp.1 Normal file
View File

@@ -0,0 +1,69 @@
.Dd 2025/12/06
.Dt bastille-cp 1
.Os
.Sh NAME
.Nm bastille cp
.Nd Copy file(s)/directorie(s) from host to jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl qx
.Ar TARGET HOST_PATH JAIL_PATH
.Sh DESCRIPTION
The
.Nm
sub-command will copy
.Ar HOST_PATH
to
.Ar JAIL_PATH
inside
.Ar TARGET .
.Bl -tag -width Ds
.It Fl q , -quiet
Suppress output.
.It Fl x , -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Copy /etc/resolv.conf into myjail:
.Sy bastille cp myjail /etc/resolv.conf /etc/resolv.conf
.It Copy /etc into myjail quietly:
.Sy bastille cp -q myjail /etc /etc
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

164
usr/local/share/man/man1/bastille-create.1 Normal file
View File

@@ -0,0 +1,164 @@
.Dd 2025/12/06
.Dt bastille-create 1
.Os
.Sh NAME
.Nm bastille create
.Nd Create a jail.
.Sh SYNOPSIS
.Nm
.Op Fl BCDELMPTVvx
.Op Fl g Ar IP
.Op Fl n Ar IP,IP
.Op Fl p Ar VALUE
.Op Fl v Ar VALUE
.Op Fl Z Ar VALUE
.Op Fl -no-validate
.Op Fl -no-boot
.Ar NAME RELEASE IP Op INTERFACE
.Sh DESCRIPTION
The
.Nm
sub-command is used to create a jail with any of the given options. The
.Ar INTERFACE
value is only optional for classic/standard jails. For any type of VNET
jail, it is mandatory.
.Bl -tag -width Ds
.It Fl B , -bridge
Enable VNET.
.Ar INTERFACE
must be a bridge.
.Pp
This option is for use with manually created bridges.
.It Fl C , -clone
Create a clone jail (ZFS only).
.Pp
These are simply zfs clones of the release.
.It Fl D , -dual
Use dual (IPv4+6) networking (IP=[inherit|ip_hostname] only).
.Pp
This option is only supported for non-VNET jails.
.It Fl E , -empty
Create an empty jail.
.Pp
This option will only create the jail structure and config, but the root will be empty.
.It Fl g Ar IP , Fl -gateway Ar IP
Specify a default router/gateway.
.PP
Bastille normally detects your gateway from your host. Set
this option to override it.
.It Fl L , -linux
Create a Linux jail (experimental).
.It Fl M , -static-mac
Use a static/persistent MAC address (VNET only).
.It Fl n Ar IP,IP Fl -nameserver Ar IP,IP
Specify nameserver(s) for the jail. Comma-separated.
.It Fl -no-validate
Do not validate the release name.
.Pp
By default, Bastille will attempt to validate the release name against
a known index of official release names. Set this option to bypass that.
Useful in the case of an unknown release, or releases create using 'bastille
convert'. See
.Xr bastille-convert 1 .
.It Fl -no-boot
Set boot=off.
.Pp
By default, jails are created with 'boot=on' so as to start on system
startup.
.It Fl P , -passthrough
Enable VNET.
.Ar INTERFACE
is used as-is.
.Pp
This will pass the entire
.Ar INTERFACE
into the jail, which will make it unusable to the host until the jail
is stopped.
.It Fl p Ar VALUE , Fl -priority Ar VALUE
Set priority value.
.Pp
This controls the order in which jails
start and stop on system startup and shutdown. It also controls the
order in which any sub-command is executed when multiple jails are
tarteted.
.It Fl T , -thick
Create a thick jail.
.Pp
Thick jails are complete copies of the release.
.It Fl V , -vnet
Enable VNET.
.Ar INTERFACE
must be a physical interface.
.Pp
This option is for use with a physical interface. Bridging and epairs
are handled by the 'jib' script.
.It Fl v Ar VALUE , Fl -vlan Ar VALUE
Set VLAN ID (VNET only).
.Pp
This will configure the jail to use the specified
.Ar VALUE
as the VLAN ID.
.It Fl x , -debug
Enable debug mode.
.It Fl Z Ar VALUE , Fl -zfs-opts Ar VALUE,VALUE
Custom zfs options. Comma-separated.
.Pp
Comma separated list of ZFS options to create the jail with.
This overrides the defaults. See
.Xr bastille.conf 5 .
.Sh EXAMPLES
.Bl -tag -width Ds
.It Create a thick jail, with static MAC and priority 10:
.Sy bastille create -TM -p 10 myjail 15.0-RELEASE 10.23.23.1
.It Create a VNET jail attached to a manual bridge:
.Sy bastille create -B myjail 15.0-RELEASE DHCP mycustombridge
.It Create a Linux jail:
.Sy bastille create -L myjail bookworm 10.2.4.5
.It Create a VNET jail with boot=off and custom gateway:
.Sy bastille create -V --no-boot -g 10.1.1.1 myjail 15.0-RELEASE 10.1.1.4/24 vtnet0
.Pp
In the above examples, sometimes an
.Ar INTERFACE
is specified, and sometimes it is not.
It is ONLY optional for classic/standard jails. See the 'Networking' section
in
.Xr bastille.conf 5 .
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

89
usr/local/share/man/man1/bastille-destroy.1 Normal file
View File

@@ -0,0 +1,89 @@
.Dd 2025/12/06
.Dt bastille-destroy 1
.Os
.Sh NAME
.Nm bastille destroy
.Nd Destroy jail(s) or release(s).
.Sh SYNOPSIS
.Nm
.Op Fl ayx
.Ar JAIL
.Nm
.Op Fl cfx
.Ar RELEASE
.Sh DESCRIPTION
The
.Nm
sub-command is used to destroy jails or releases.
.Bl -tag -width Ds
.It Sy destroy Oo Fl ayx Oc Ar JAIL
.Bl -tag -width Ds
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl y , Fl -yes
Do no prompt. Assume always yes.
.Pp
By default Bastille will ask
if you are sure you want to destroy the jail. Set this option
to bypass these prompts.
.It Fl x , -debug
Enable debug mode.
.El
.It Sy destroy Oo Fl cfx Oc Ar RELEASE
.Bl -tag -width Ds
.It Fl c , Fl -no-cache
Do not destroy cache when destroying release (legacy releases).
.Pp
This does not apply
to PkgBase releases. Cache are the '.txz' dist files downloaded
during the 'bootstrap' phase.
.It Fl f , Fl -force
Force unmount any mounted datasets when destroying a jail or
release (ZFS only).
.Sh EXAMPLES
.Bl -tag -width Ds
.It Destroy 15.0-RELEASE:
.Sy bastille destroy 15.0-RELEASE
.It Destroy myjail forcibly, without prompts, and auto mode:
.Sy bastille destroy -afy myjail
.It Destroy myjail and yourjail:
.Sy bastille destroy 'myjail yourjail'
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

73
usr/local/share/man/man1/bastille-edit.1 Normal file
View File

@@ -0,0 +1,73 @@
.Dd 2025/12/05
.Dt bastille-edit 1
.Os
.Sh NAME
.Nm bastille edit
.Nd Edit jail configuration files (advanced).
.Sh SYNOPSIS
.Nm
.Op Fl x
.Ar TARGET
.Op FILE
.Sh DESCRIPTION
The
.Nm
sub-command allows editing
.Pa jail.conf ,
as well as any
configuration files inside the jails main directory structure.
.Bl -tag -width Ds
.It Fl x , Fl -debug
Enable debug mode.
.Pp
If no
.Ar FILE
is given, Bastille will edit
.Pa jail.conf .
.Sh EXAMPLES
.Bl -tag -width Ds
.It Edit jail.conf for myjail:
.Sy bastille edit TARGET
.It Edit fstab for myjail:
.Sy bastille edit myjail fstab
.It Edit setting.conf for myjail:
.Sy bastille edit myjail settings.conf
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

131
usr/local/share/man/man1/bastille-etcupdate.1 Normal file
View File

@@ -0,0 +1,131 @@
.Dd 2025/12/06
.Dt bastille-etcupdate 1
.Os
.Sh NAME
.Nm bastille etcupdate
.Nd Update /etc for jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl fx
.Sy bootstrap
.Ar RELEASE
.Nm
.Op Fl dx
.Ar TARGET
.Sy update
.Ar RELEASE
.Nm
.Op Fl x
.Ar TARGET
.Sy diff|resolve
.Sh DESCRIPTION
The
.Nm
sub-command will bootstrap a tarball from
.Ar RELEASE
which can then be used to update the contents of
.Pa /etc
inside jails after performing an upgrade.
.Bl -tag -width Ds
.It Sy bastille etcupdate Oo Fl fx Oc Sy bootstrap Ar RELEASE
.Bl -tag -width Ds
.It Sy bootstrap
Bootstrap the 'src' archives for
.Ar RELEASE ,
then create a tarball from it. The tarball makes it
much easier and faster to apply to jails.
.It Fl f , Fl -force
Force a re-bootstrap of a release.
.It Fl x , Fl -debug
Enable debug mode.
.El
.It Sy bastille etcupdate Oo Fl dx Oc Ar TARGET Sy update Ar RELEASE
.Bl -tag -width Ds
.It Sy update
Update the contents of
.Pa /etc
inside
.Ar TARGET ,
using
.Ar RELEASE
as the base.
.Ar RELEASE
must first be bootstrapped.
.It Fl d , Fl -dry-run
Show output, but do not apply.
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
The
.Ar RELEASE
specified here is the release you want to use as the base of
your
.Ar TARGET
/etc contents.
.It Sy bastille etcupdate Oo Fl x Oc Ar TARGET Sy diff|resolve
.Bl -tag -width Ds
.It Sy diff
Compare and show changes to
.Pa /etc
inside the
.Ar TARGET .
.It Sy resolve
Resolve any conflicts for
.Pa /etc
inside
.Ar TARGET .
Sometimes when performing the
.Nm
sub-command, it leaves
some conflicts between the old and new files. Use this option
to resolve these conflicts.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Bootstrap 15.0-RELEASE for use with etcupdate:
.Sy bastille etcupdate bootstrap 15.0-RELEASE
.It Update /etc for myjail to 15.0-RELEASE:
.Sy bastille etcupdate myjail 15.0-RELEASE
.It Resolve any conflicts left over for myjail:
.Sy bastille etcupdate myjail resolve
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

103
usr/local/share/man/man1/bastille-export.1 Normal file
View File

@@ -0,0 +1,103 @@
.Dd 2025/12/06
.Dt bastille-export 1
.Os
.Sh NAME
.Nm bastille export
.Nd Export a jail.
.Sh SYNOPSIS
.Nm
.Op Fl alvx
.Op Fl -gz
.Op Fl -xz
.Op Fl -zst
.Op Fl -raw
.Op Fl -tgz
.Op Fl -txz
.Op Fl -tzst
.Ar TARGET Op PATH
.Sh DESCRIPTION
The
.Nm
sub-command will export
.Ar TARGET
to an image (ZFS) or archive.
.Bl -tag -width Ds
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl l , Fl -live
Export a running jail (ZFS only).
.Pp
Normally jails must be stopped to export them. Set this option
to allow exporting a hot/running jail.
.It Fl -gz
Export to a '.gz' compressed image (ZFS only).
.It Fl -xz
Export to a '.xz' compressed image (ZFS only).
.It Fl -zst
Export to a '.zst' compressed image (ZFS only).
.It Fl -raw
Export a an uncompressed RAW image (ZFS only).
.It Fl -tgz
Export to a '.tgz' compressed archive.
.It Fl -txz
Export to a '.txz' compressed archive.
.It Fl -tzst
Export to a '.tzst' compressed archive.
.It Fl v , Fl -verbose
Enable verbose mode (ZFS only).
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
If no
.Ar PATH
is specified, the jail will be exported to the backups directory.
See
.Xr bastille.conf 5 .
.Sh EXAMPLES
.Bl -tag -width Ds
.It Export my jail as a '.tzst' archive:
.Sy bastille export --tzst myjail
.It Export myjail to $PWD as a '.gz' image:
.Sy bastille export --gz myjail $PWD
.It Export myjail (while running) as a '.xz' image:
.Sy bastille export -l --xz myjail
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

65
usr/local/share/man/man1/bastille-htop.1 Normal file
View File

@@ -0,0 +1,65 @@
.Dd 2025/12/06
.Dt bastille-htop 1
.Os
.Sh NAME
.Nm bastille htop
.Nd Interactive process viewer (requires htop).
.Sh SYNOPSIS
.Nm
.Op Fl ax
.Ar TARGET
.Sh DESCRIPTION
The
.Nm
sub-command will run htop in
.Ar TARGET .
.Bl -tag -width Ds
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Run htop in myjail:
.Sy bastille htop myjail
.It Run htop (start the jail if stopped) in myjail:
.Sy bastille htop -a myjail
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

91
usr/local/share/man/man1/bastille-import.1 Normal file
View File

@@ -0,0 +1,91 @@
.Dd 2025/12/06
.Dt bastille-import 1
.Os
.Sh NAME
.Nm bastille import
.Nd Import a jail.
.Sh SYNOPSIS
.Nm
.Op Fl fMvx
.Ar TARGET
.Op RELEASE
.Sh DESCRIPTION
The
.Nm
sub-command will attempt to import a jail from an image or archive.
Bastille supports importing jails from other jail managers such
as iocage, ezjail and qjail.
.Pp
For most foreign jail imports, Bastille will convert the config syntax
into Bastille readable format, but sometimes it might be necessary
to edit the
.Pa jail.conf
file manually.
.Bl -tag -width Ds
.It Fl f , Fl -force
Force an archive import without validation checksum.
.It Fl M , Fl -static-mac
Use a static/persistent MAC address (VNET only) when importing foreign jails.
.It Fl v , Fl -verbose
Enable verbose mode (ZFS only).
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
The
.Ar FILE
arguement should be the full filename, including the absolute path.
The only exception is if the archive is inside the backups directory.
See
.Xr bastille.conf 5 .
.Pp
If the
.Ar RELEASE
argument is specified, Bastille will import the jail using that release.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Import myjail_DATE.txz:
.Sy bastille import myjail_DATE.txz
.It Import myjail_DATE.gz under 15.0-RELEASE:
.Sy bastille import myjail_DATE.txz 15.0-RELEASE
.It Import myjail_DATE.gz under 15.0-RELEASE from non-default location:
.Sy bastille import /my/custom/folder/myjail_DATE.txz 15.0-RELEASE
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

63
usr/local/share/man/man1/bastille-jcp.1 Normal file
View File

@@ -0,0 +1,63 @@
.Dd 2025/12/06
.Dt bastille-jcp 1
.Os
.Sh NAME
.Nm bastille jcp
.Nd Copy file(s)/directorie(s) from jail to jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl qx
.Ar SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATH
.Sh DESCRIPTION
The
.Nm
sub-command will copy files and directories from a single
jail to any targeted jail(s).
.Bl -tag -width Ds
.It Fl q , Fl -quiet
Suppress output.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Copy /etc/resolv.conf from myjail to yourjail:
.Sy bastille jcp myjail /etc/resolv.conf yourjail /etc
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

138
usr/local/share/man/man1/bastille-limits.1 Normal file
View File

@@ -0,0 +1,138 @@
.Dd 2025/12/06
.Dt bastille-limits 1
.Os
.Sh NAME
.Nm bastille limits
.Nd Apply resource limits to jail(s). See
.Xr rctl 8
and
.Xr cpuset 1 .
.Sh SYNOPSIS
.Nm
.Op Fl alx
.Ar TARGET
.Sy add
.Ar OPTION VALUE
.Nm
.Op Fl ax
.Ar TARGET
.Sy remove
.Ar OPTION
.Nm
.Op Fl ax
.Ar TARGET
.Sy clear|reset|stats
.Nm
.Op Fl ax
.Ar TARGET
.Sy list|show
.Op active
.Sh DESCRIPTION
The
.Nm
sub-command allows adding and setting limits to jail(s).
.Bl -tag -width Ds
.It Sy bastille limits Oo Fl alx Oc Sy add Ar OPTION VALUE
.Bl -tag -width Ds
.It Sy add
Add the specified
.Ar OPTION
to the jail along with its
.Ar VALUE .
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl l , Fl -log
Enable logging for the specified rule (RCTL only).
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
The
.Ar OPTION
and
.Ar VALUE
shoud conform to RCTL specs. See
.Xr rctl 8 .
.It Sy bastille limits Oo Fl ax Oc Sy remove Ar OPTION
.Bl -tag -width Ds
.It Sy remove
Remove the specified
.Ar OPTION
from the jail.
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl x , Fl -debug
Enable debug mode.
.El
.It Sy bastille limits Oo Fl ax Oc Sy clear|reset|stats
.Bl -tag -width Ds
.It Sy clear
Clear limits from the system, but don't remove from jail configuration.
.It Sy reset
Clear limits from system, and remove from jail configuration.
.It Sy stats
Show limit stats (RCTL only).
.It Fl x , Fl -debug
Enable debug mode.
.El
.It Sy bastille limits Oo Fl ax Oc Sy list|show Op active
.Bl -tag -width Ds
.It Sy list
Show all configured limits on the system, active or not.
.Pp
If
.Ar active
is given as the last argument here, only active limits will
be shown.
.It Sy show
Same as list.
.It Fl x , Fl -debug
Enable debug mode.
.El
.Sh EXAMPLES
.Bl -tag -width Ds
.It Apply memoryuse limit of 4G to myjail:
.Sy bastille limits myjail set memoryuse 4G
.It Limit myjail to cpu 0 and 1:
.Sy bastille limits myjail set cpu 0,1
.It Remove all limits from myjail:
.Sy bastille limits -a myjail reset
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

111
usr/local/share/man/man1/bastille-list.1 Normal file
View File

@@ -0,0 +1,111 @@
.Dd 2025/12/06
.Dt bastille-list 1
.Os
.Sh NAME
.Nm bastille list
.Nd List jails, releases, templates and more...
.Sh SYNOPSIS
.Nm
.Op Fl djpux
.Oo all|backup|export|import|ip|jail
limit|log|path|port|priority|snapshot|state|template|type
.Oc
.Sh DESCRIPTION
The
.Nm
sub-command will list any of the above contents for you.
.Bl -tag -width Ds
.It Sy bastille list Oo Fl djpux Oc Oo all|backup|export|import|ip|jail
limit|log|path|port|priority|snapshot|state|template|type
.Oc
.It Sy all
Deprecated. List jails in old Bastille format.
.It Sy backup|export|import
List jail backups in the backups directory.
.It Sy ip
List only the IP addresses of jails.
.It Sy jail
Print all jail names.
.It Sy limit
List all limits for all jails.
.It Sy log
List Bastille logs.
.It Sy path
List only the paths of jails.
.It Sy port
List only the published ports of jails.
.It Sy priority
List only the priority of jails.
.It Sy snapshot
List snapshots for all jails.
.It Sy state
List only the states of jails. Up or Down.
.It Sy template
List all templates in the templates directory.
.It Sy type
List only the jail type of jails.
.It Fl d , Fl -down
List stopped jails only.
.It Fl j , Fl -json
List jails or sub-arg(s) in json format.
.It Fl p , Fl -pretty
Print JSON in columns.
.It Fl u , Fl -up
List running jails only.
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
By default, the
.Nm
sub-command will display a list of jails and some important info
if called without any arguments. Use a combination of the above
options and sub-args to achieve the desired outcome based on what
information you want to see.
.Sh EXAMPLES
.Bl -tag -width Ds
.It List default info:
.Sy bastille list
.It List all releases:
.Sy bastille list releases
.It List running jails by type in pretty json columns:
.Sy bastille list -jup type
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

92
usr/local/share/man/man1/bastille-migrate.1 Normal file
View File

@@ -0,0 +1,92 @@
.Dd 2025/12/06
.Dt bastille-migrate 1
.Os
.Sh NAME
.Nm bastille migrate
.Nd Migrate jail(s) to a remote system.
.Sh SYNOPSIS
.Nm
.Op Fl abdklpx
.Op Fl -doas
.Ar TARGET USER@HOST Ns Op :PORT
.Sh DESCRIPTION
The
.Nm
sub-command will migrate a jail to the specified remote host.
.Bl -tag -width Ds
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl b , Fl -backup
Keep archives on remote system.
.Pp
By default, the archives on the remote system are removed
after migration. Set this option to keep them.
.It Fl d , Fl -destroy
Destroy local jail after migration.
.It Fl -doas
Use 'doas' instead of 'sudo'.
.Pp
The default is sudo.
.It Fl k , Fl -keyfile
Specify an alternative private keyfile name. Must be
in '~/.ssh'.
.It Fl l , Fl -live
Migrate a running jail (ZFS only).
.It Fl p , Fl -password
Use password based authentication.
.Pp
The default is to use SSH keys.
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
If no
.Ar PORT
is specified, Bastille will use port 22.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Migrate myjail to a remote system:
.Sy bastille migrate myjail root@10.23.23.23
.It Migrate myjail, while destroying old jail, using port 2222:
.Sy bastille migrate -d myjail root@10.23.23.23:2222
.It Migrate myjail, destroy old, and start new on on remote system:
.Sy bastille migrate -adl myjail root@10.23.23.23
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

80
usr/local/share/man/man1/bastille-mount.1 Normal file
View File

@@ -0,0 +1,80 @@
.Dd 2025/12/06
.Dt bastille-mount 1
.Os
.Sh NAME
.Nm bastille mount
.Nd Mount file(s)/directorie(s) inside jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl ax
.Ar TARGET HOST_PATH JAIL_PATH Op FS_TYPE OPTIONS DUMP PASS_NUMBER
.Sh DESCRIPTION
The
.Nm
sub-command will mount the
.Ar HOST_PATH
inside a jail at
.Ar JAIL_PATH .
.Bl -tag -width Ds
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
By default
.Nm
will mount files read-only. To mount as read-write you
must specity all of the optional arguements. These include
.Ar FS_TYPE OPTIONS DUMP
and
.Ar PASS_NUMBER .
See
.Xr fstab 5 .
.Sh EXAMPLES
.Bl -tag -width Ds
.It Mount /usr/ports in myjail:
.Sy bastille mount myjail /usr/ports /usr/ports
.It Mount /usr/ports as read-write in myjail:
.Sy bastille mount myjail /usr/ports /usr/ports nullfs rw 0 0
.It Mount /etc/resolv.conf in myjail:
.Sy bastille mount myjail /etc/resolv.conf /etc/resolv.conf
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

106
usr/local/share/man/man1/bastille-network.1 Normal file
View File

@@ -0,0 +1,106 @@
.Dd 2025/12/06
.Dt bastille-network 1
.Os
.Sh NAME
.Nm bastille network
.Nd Add or remove interface(s) from jail(s).
.Sh SYNOPSIS
.Nm
.Op Fl aBMnPVvx
.Ar TARGET Sy add Ar INTERFACE Op IP
.Nm
.Op Fl ax
.Ar TARGET Sy remove Ar INTERFACE
.Sh DESCRIPTION
The
.Nm
sub-command can add or remove interfaces, as
well as set a VLAN ID for jails. Setting the VLAN
ID must be done during the 'add' phase.
.Bl -tag -width Ds
.It Sy bastille network Oo Fl aBMnPVvx Oc Ar TARGET Sy add Ar INTERFACE Op IP
.Bl -tag -width Ds
.It Sy add
Add the
.Ar INTERFACE
to the jail.
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl B , Fl -bridge
Add a bridge interface.
.It Fl M , Fl -static-mac
Use a static/persistent MAC address (VNET only).
.It Fl n , Fl -no-ip
Create interface without an IP (VNET only).
.It Fl P , Fl -passthrough
Add a raw interface.
.It Fl V , Fl -vnet
Add a physical interface.
.It Fl v Ar VLANID , Fl -vlan Ar VLANID
Assign
.Ar VLANID
to interface (VNET only).
.It Fl x , Fl -debug
Enable debug mode.
.El
.Pp
The
.Ar IP
is only optional when the '-n|--no-ip' is set.
.It Sy bastille network Oo Fl ax Oc Ar TARGET Sy remove Ar INTERFACE
.Bl -tag -width Ds
.It Sy remove
Remove the specifed
.Ar INTERFACE
from the jail.
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Add vtnet0 to myjail:
.Sy bastille network -aV myjail add vtnet0 DHCP
.It Add bridge0 to myjail with a static MAC:
.Sy bastille network -aBM myjail add bridge0 10.23.23.23/24
.It Remove em0 from myjail:
.Sy bastille network -a myjail remove em0
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

69
usr/local/share/man/man1/bastille-pkg.1 Normal file
View File

@@ -0,0 +1,69 @@
.Dd 2025/12/06
.Dt bastille-pkg 1
.Os
.Sh NAME
.Nm bastille pkg
.Nd Manage packages inside jail(s). See
.Xr pkg 8 .
.Sh SYNOPSIS
.Nm
.Op Fl aHyx
.Ar TARGET ARGS
.Sh DESCRIPTION
The
.Nm
sub-command allows package management inside jails.
.Bl -tag -width Ds
.It Fl a , Fl -auto
Auto mode. Start/stop jail(s) if required.
.It Fl H , Fl -host
Use host 'pkg' binary instead of jails.
.It Fl y , Fl -yes
Do not prompt. Assume always yes.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Install nginx inside myjail:
.Sy bastille pkg myjail install nginx
.It Install nginx inside myjail using the hosts 'pkg':
.Sy bastille pkg -H myjail install nginx
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

69
usr/local/share/man/man1/bastille-rcp.1 Normal file
View File

@@ -0,0 +1,69 @@
.Dd 2025/12/06
.Dt bastille-rcp 1
.Os
.Sh NAME
.Nm bastille rcp
.Nd Copy file(s)/directorie(s) from jail to host.
.Sh SYNOPSIS
.Nm
.Op Fl qx
.Ar TARGET JAIL_PATH HOST_PATH
.Sh DESCRIPTION
The
.Nm
sub-command will copy
.Ar JAIL_PATH
to
.Ar HOST_PATH
from inside
.Ar TARGET .
.Bl -tag -width Ds
.It Fl q , -quiet
Suppress output.
.It Fl x , -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Copy /etc/resolv.conf.custom to host:
.Sy bastille rcp myjail /etc/resolv.custom /jailstuff/etc
.It Copy /etc to host quietly:
.Sy bastille rcp -q myjail /etc /jailstuff/etc
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rdr 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

103
usr/local/share/man/man1/bastille-rdr.1 Normal file
View File

@@ -0,0 +1,103 @@
.Dd 2025/12/06
.Dt bastille-rdr 1
.Os
.Sh NAME
.Nm bastille rdr
.Nd Redirect host port to jail port.
.Sh SYNOPSIS
.Nm
.Op Fl x
.Op Fl d Ar IP
.Op Fl i Ar INTERFACE
.Op Fl s Ar IP|TABLE
.Op Fl t Ar ipv4|ipv6
.Ar TARGET Sy tcp|udp Ar HOST_PORT JAIL_PORT Op log LOG_OPTIONS
.Nm
.Op Fl x
.Ar TARGET Sy clear|reset|list
.Sh DESCRIPTION
The
.Nm
sub-command will redirect
.Ar HOST_PORT
to
.Ar JAIL_PORT .
.Bl -tag -width Ds
.It Sy bastille rdr Oo Fl x Oc Oo Fl d Ar IP Oc Oo Fl i Ar INTERFACE Oc Oo Fl s Ar IP|TABLE Oc Oo Fl t Ar ipv4|ipv6 Oc Sy add Ar tcp|udp HOST_PORT JAIL_PORT Op log LOG_OPTIONS
.Bl -tag -width Ds
.It Sy add
Add the rdr rule to the jail.
.It Fl d Ar IP , Fl -destination Ar IP
Limit rdr to a destination IP.
.It Fl i Ar INTERFACE , Fl -interface Ar INTERFACE
Specify interface(s) to apply rule to. Comma-separated.
.It Fl s Ar IP|TABLE , Fl -source Ar IP|TABLE
Limit rdr to a source IP or table.
.Pp
The table should exist in your 'pf.conf'.
.It Fl t Ar ipv4|ipv6 , Fl -type Ar ipv4|ipv6
Specify IP type. Must be used if '-s' or '-d' are used. Defaults to both.
.It Fl x , Fl -debug
Enable debug mode.
.El
.It Sy bastille rdr Oo Fl x Oc Sy clear|reset|list
.Bl -tag -width Ds
.It Sy clear
Clear the rules from the system, but don't remove from the jail
configuration.
.It Sy reset
Clear the rules from the system, and remove from the jail
configuration.
.It Sy list
List active rules.
.Ar INTERFACE
from the jail.
.It Fl x , Fl -debug
Enable debug mode.
.Sh EXAMPLES
.Bl -tag -width Ds
.It Forward port 80 from host to myjail:
.Sy bastille rdr myjail tcp 80 80
.It Forward port 80 from host to myjail on vtnet0:
.Sy bastille rdr -i vtnet0 myjail tcp 80 80
.It Forward port 80 from host to myjail, limiting to 200.200.200.200:
.Sy bastille rdr -s 200.200.200.200 myjail tcp 80 80
.Sh SEE ALSO
.Xr bastille.conf 5 ,
.Xr bastille-bootstrap 1 ,
.Xr bastille-clone 1 ,
.Xr bastille-cmd 1 ,
.Xr bastille-config 1 ,
.Xr bastille-console 1 ,
.Xr bastille-convert 1 ,
.Xr bastille-cp 1 ,
.Xr bastille-create 1 ,
.Xr bastille-destroy 1 ,
.Xr bastille-edit 1 ,
.Xr bastille-etcupdate 1 ,
.Xr bastille-export 1 ,
.Xr bastille-htop 1 ,
.Xr bastille-import 1 ,
.Xr bastille-jcp 1 ,
.Xr bastille-limits 1 ,
.Xr bastille-list 1 ,
.Xr bastille-migrate 1 ,
.Xr bastille-mount 1 ,
.Xr bastille-network 1 ,
.Xr bastille-pkg 1 ,
.Xr bastille-rcp 1 ,
.Xr bastille-rename 1 ,
.Xr bastille-restart 1 ,
.Xr bastille-service 1 ,
.Xr bastille-setup 1 ,
.Xr bastille-start 1 ,
.Xr bastille-stop 1 ,
.Xr bastille-sysrc 1 ,
.Xr bastille-tags 1 ,
.Xr bastille-template 1 ,
.Xr bastille-top 1 ,
.Xr bastille-umount 1 ,
.Xr bastille-update 1 ,
.Xr bastille-upgrade 1 ,
.Xr bastille-verify 1 ,
.Xr bastille-zfs 1

Some files were not shown because too many files have changed in this diff Show More