diff --git a/Makefile b/Makefile index c39d5026..af284f59 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,8 @@ install: @echo "BASTILLE_VERSION: ${BASTILLE_DEV_VERSION}" @sed -i '' "s|BASTILLE_VERSION=.*|BASTILLE_VERSION=${BASTILLE_DEV_VERSION}|" usr/local/bin/bastille @cp -Rv usr / - @gzip -f -n /usr/local/share/man/man1/bastille.1 + @gzip -f -n /usr/local/share/man/man1/bastille*.1 + @gzip -f -n /usr/local/share/man/man5/bastille*.5 @echo @echo "This method is for testing & development." @echo "Please report any issues to https://github.com/BastilleBSD/bastille/issues" @@ -28,6 +29,7 @@ uninstall: @echo @echo "removing man page" @rm -rvf /usr/local/share/man/man1/bastille* + @rm -rvf /usr/local/share/man/man5/bastille* @echo @echo "removing configuration file" @rm -rvf /usr/local/etc/bastille/bastille.conf.sample diff --git a/docs/chapters/subcommands/bootstrap.rst b/docs/chapters/subcommands/bootstrap.rst index 514e8d30..a85b41d7 100644 --- a/docs/chapters/subcommands/bootstrap.rst +++ b/docs/chapters/subcommands/bootstrap.rst @@ -1,8 +1,6 @@ bootstrap ========= -Bootstrap a release or template(s). - The bootstrap sub-command is used to download and extract releases and templates for use with Bastille containers. A valid release is needed before containers can be created. Templates are optional but are managed in the same manner. @@ -126,9 +124,11 @@ begin applying your template. .. code-block:: shell ishmael ~ # bastille bootstrap help - Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch] + Usage: bastille bootstrap [option(s)] RELEASE [update|ARCH] + TEMPLATE Options: - -p | --pkgbase Bootstrap using pkgbase (15.0-RELEASE and above). + -p | --pkgbase Bootstrap using pkgbase (FreeBSD 15.0-RELEASE and above). + -u | --update Update the release after bootstrap. -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/clone.rst b/docs/chapters/subcommands/clone.rst index 9348be76..31ec834b 100644 --- a/docs/chapters/subcommands/clone.rst +++ b/docs/chapters/subcommands/clone.rst @@ -1,8 +1,6 @@ clone ===== -Clone an existing jail. - Limitations ----------- diff --git a/docs/chapters/subcommands/cmd.rst b/docs/chapters/subcommands/cmd.rst index 26bf98b2..de4a3685 100644 --- a/docs/chapters/subcommands/cmd.rst +++ b/docs/chapters/subcommands/cmd.rst @@ -1,8 +1,6 @@ cmd === -Execute command inside targeted jail(s). - .. code-block:: shell ishmael ~ # bastille cmd folsom ps -auxw diff --git a/docs/chapters/subcommands/config.rst b/docs/chapters/subcommands/config.rst index aeb99335..31e2209f 100644 --- a/docs/chapters/subcommands/config.rst +++ b/docs/chapters/subcommands/config.rst @@ -1,8 +1,6 @@ config ====== -Get, set, add or remove properties from targeted jail(s). - Getting a property that *is* defined in jail.conf: .. code-block:: shell @@ -43,4 +41,4 @@ The restart message will appear every time a property is removed. Options: - -x | --debug Enable debug mode. \ No newline at end of file + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/console.rst b/docs/chapters/subcommands/console.rst index 6c0dd0e9..c8c2f4ff 100644 --- a/docs/chapters/subcommands/console.rst +++ b/docs/chapters/subcommands/console.rst @@ -21,5 +21,5 @@ jail are limited to the jail. Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/convert.rst b/docs/chapters/subcommands/convert.rst index 8d589c6c..bb0f0531 100644 --- a/docs/chapters/subcommands/convert.rst +++ b/docs/chapters/subcommands/convert.rst @@ -1,10 +1,6 @@ convert ======= -Convert a thin jail to a thick jail. - -Convert a thick jail to a custom release. - Converting a thin jail to a thick jail requires only the TARGET arg. .. code-block:: shell @@ -28,10 +24,11 @@ flag. .. code-block:: shell ishmael ~ # bastille convert help - Usage: bastille convert [option(s)] TARGET [RELEASE] + Usage: bastille convert [option(s)] TARGET + TARGET RELEASE Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -y | --yes Do not prompt. Just convert. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/cp.rst b/docs/chapters/subcommands/cp.rst index c69bbfd7..d223dd51 100644 --- a/docs/chapters/subcommands/cp.rst +++ b/docs/chapters/subcommands/cp.rst @@ -1,8 +1,6 @@ cp == -Copy files from host to jail(s). - .. code-block:: shell ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf /etc/resolv.conf @@ -28,5 +26,5 @@ Unless you see errors reported in the output the ``cp`` was successful. Options: - -q | --quiet Suppress output. - -x | --debug Enable debug mode. \ No newline at end of file + -q | --quiet Suppress output. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index 7d79302c..fb30e6f0 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -57,20 +57,20 @@ options. See the below help output. Options: - -B | --bridge Enable VNET, and attach to a specified, already existing external bridge. - -C | --clone Create a clone jail. - -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -E | --empty Create an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -g | --gateway IP Specify a default router/gateway for the jail. + -B | --bridge Enable VNET. INTERFACE must be a bridge. + -C | --clone Create a clone jail (ZFS only). + -D | --dual Use dual (IPv4+6) networking (IP=[inherit|ip_hostname] only). + -E | --empty Create an empty jail. + -g | --gateway IP Specify a default router/gateway. -L | --linux Create a Linux jail (experimental). - -M | --static-mac Generate a static MAC address for jail (VNET only). - -n | --nameserver IP,IP Specify nameserver(s) for the jail. Comma separated. - --no-validate Do not validate the release when creating the jail. - --no-boot Create jail with boot=off. - -P | --passthrough Enable VNET, and pass the specified interface into the jail. - -p | --priority VALUE Set priority value for jail. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enable VNET, and attach to an existing, physical interface. - -v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only). + -M | --static-mac Use a static/persistent MAC address (VNET only). + -n | --nameserver IP Specify nameserver(s) for the jail. Comma-separated. + --no-validate Do not validate the release name. + --no-boot Set boot=off. + -P | --passthrough Enable VNET. INTERFACE is used as-is. + -p | --priority VALUE Set priority value. + -T | --thick Create a thick jail. + -V | --vnet Enable VNET. INTERFACE must be a physical interface. + -v | --vlan VLANID Set VLAN ID (VNET only). -x | --debug Enable debug mode. - -Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -Z | --zfs-opts zfs,options Custom zfs options. Comma-separated. diff --git a/docs/chapters/subcommands/destroy.rst b/docs/chapters/subcommands/destroy.rst index 435b228b..7b9cd587 100644 --- a/docs/chapters/subcommands/destroy.rst +++ b/docs/chapters/subcommands/destroy.rst @@ -1,8 +1,6 @@ destroy ======= -Destroy jails or releases. - Bastille will normally ask if you are sure you want to delete targeted jail(s). Use the ``-y|--yes`` option to bypass this prompt. @@ -21,12 +19,13 @@ option will retain the release cache (*.txz file), if you choose to keep it. .. code-block:: shell ishmael ~ # bastille destroy help - Usage: bastille destroy [option(s)] JAIL|RELEASE + Usage: bastille destroy [option(s)] JAIL + RELEASE Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -c | --no-cache Do no destroy cache when destroying a release. - -f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only). - -y | --yes Do no prompt. Just destroy. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -c | --no-cache Do not destroy cache when destroying a release (legacy releases). + -f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only). + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/edit.rst b/docs/chapters/subcommands/edit.rst index de23948c..469a8c01 100644 --- a/docs/chapters/subcommands/edit.rst +++ b/docs/chapters/subcommands/edit.rst @@ -1,8 +1,6 @@ edit ==== -Edit jail config files. - .. code-block:: shell ishmael ~ # bastille edit azkaban [FILE] diff --git a/docs/chapters/subcommands/etcupdate.rst b/docs/chapters/subcommands/etcupdate.rst index cd9760bd..32132893 100644 --- a/docs/chapters/subcommands/etcupdate.rst +++ b/docs/chapters/subcommands/etcupdate.rst @@ -39,10 +39,12 @@ To show only the differences between the releases, use the ``diff`` command. .. code-block:: shell ishmael ~ # bastille etcupdate help - Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE] + Usage: bastille etcupdate [option(s)] bootstrap RELEASE + TARGET update RELEASE + TARGET diff|resolve Options: - -d | --dry-run Show output, but do not apply. - -f | --force Force a re-bootstrap of a RELEASE. - -x | --debug Enable debug mode. \ No newline at end of file + -d | --dry-run Show output, but do not apply. + -f | --force Force a re-bootstrap of a RELEASE. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/export.rst b/docs/chapters/subcommands/export.rst index abbbeac8..eaef9f2e 100644 --- a/docs/chapters/subcommands/export.rst +++ b/docs/chapters/subcommands/export.rst @@ -22,15 +22,15 @@ Available options are: .. code-block:: shell ishmael ~ # bastille export help - Usage: bastille export [option(s)] TARGET PATH + Usage: bastille export [option(s)] TARGET [PATH] Options: -a | --auto Auto mode. Start/stop jail(s) if required. -l | --live Export a running jail (ZFS only). - --gz Export to '.gz' compressed image (ZFS only). + --gz Export to a '.gz' compressed image (ZFS only). --xz Export to a '.xz' compressed image (ZFS only). - --zst Export to a .zst compressed image (ZFS only). + --zst Export to a '.zst' compressed image (ZFS only). --raw Export to an uncompressed RAW image (ZFS only). --tgz Export to a '.tgz' compressed archive. --txz Export to a '.txz' compressed archive. diff --git a/docs/chapters/subcommands/htop.rst b/docs/chapters/subcommands/htop.rst index 9f1c8185..8da02fc3 100644 --- a/docs/chapters/subcommands/htop.rst +++ b/docs/chapters/subcommands/htop.rst @@ -15,5 +15,5 @@ in the jail. Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/import.rst b/docs/chapters/subcommands/import.rst index cc2fa504..b177e05c 100644 --- a/docs/chapters/subcommands/import.rst +++ b/docs/chapters/subcommands/import.rst @@ -1,8 +1,6 @@ import ====== -Import a jail backup image or archive. - .. code-block:: shell ishmael ~ # bastille import /path/to/archive.file @@ -19,8 +17,8 @@ To import to a specified release, specify it as the last argument. Options: - -f | --force Force an archive import regardless if the checksum file does not match or missing. - -M | --static-mac Generate static MAC for jail when importing foreign jails like iocage. + -f | --force Force an archive import without validating checksum. + -M | --static-mac Use a static/persistent MAC address (VNET only) when importing foreign jails. -v | --verbose Enable verbose mode (ZFS only). -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/jcp.rst b/docs/chapters/subcommands/jcp.rst index 40a279c9..ed2d4253 100644 --- a/docs/chapters/subcommands/jcp.rst +++ b/docs/chapters/subcommands/jcp.rst @@ -1,8 +1,6 @@ jcp === -Copy files from jail to jail(s). - .. code-block:: shell ishmael ~ # bastille jcp bastion /tmp/resolv.conf-cf ALL /etc/resolv.conf @@ -22,9 +20,9 @@ Unless you see errors reported in the output the ``jcp`` was successful. .. code-block:: shell ishmael ~ # bastille jcp help - Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH + Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATH Options: - -q | --quiet Suppress output. - -x | --debug Enable debug mode. \ No newline at end of file + -q | --quiet Suppress output. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/limits.rst b/docs/chapters/subcommands/limits.rst index b4e0ddbe..4eb1319b 100644 --- a/docs/chapters/subcommands/limits.rst +++ b/docs/chapters/subcommands/limits.rst @@ -4,8 +4,6 @@ limits rctl ---- -Set resourse limits for targeted jail(s). - To add a limit, use ``bastille limits TARGET add OPTION VALUE``. To clear the limits from the system, use ``bastille limits TARGET clear``. @@ -43,13 +41,16 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``. .. code-block:: shell ishmael ~ # bastille limits help - Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE] + Usage: bastille limits [option(s)] TARGET add OPTION VALUE + TARGET remove OPTION" + TARGET clear|reset|stats" + TARGET list|show [active]" Example: bastille limits TARGET add memoryuse 1G Example: bastille limits TARGET add cpu 0,1,2 Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -l | --log Enable logging for the specified rule (rctl only). - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -l | --log Enable logging for the specified rule (RCTL only). + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/list.rst b/docs/chapters/subcommands/list.rst index 560a9fe7..e04fd58d 100644 --- a/docs/chapters/subcommands/list.rst +++ b/docs/chapters/subcommands/list.rst @@ -13,12 +13,13 @@ Use ``-p|--pretty`` to print in columns instead of rows. .. code-block:: shell ishmael ~ # bastille list help - Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)] - [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type] + Usage: bastille list [option(s)] [all|backup|export|import|ip|jail|limit]" + [log|path|port|priority|release|snapshot|state|template|type]" + Options: - -d | --down List stopped jails only. - -j | --json List jails or sub-arg(s) in json format. - -p | --pretty Print JSON in columns. Must be used with -j|--json. - -u | --up List running jails only. - -x | --debug Enable debug mode. + -d | --down List stopped jails only. + -j | --json List jails or sub-arg(s) in json format. + -p | --pretty Print JSON in columns. Must be used with -j|--json. + -u | --up List running jails only. + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/migrate.rst b/docs/chapters/subcommands/migrate.rst index f38e8bd3..c48c0f42 100644 --- a/docs/chapters/subcommands/migrate.rst +++ b/docs/chapters/subcommands/migrate.rst @@ -14,16 +14,10 @@ port by supplying it as in ``user@host:port``. ishmael ~ # bastille migrate help Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT] - Examples: - - bastille migrate attica migrate@192.168.10.100 - bastille migrate attica migrate@192.168.1.10:20022 - bastille migrate --keyfile id_rsa attica migrate@192.168.1.10 - Options: -a | --auto Auto mode. Start/stop jail(s) if required. - -b | --backup Retain archives on remote system. + -b | --backup Keep archives on remote system. -d | --destroy Destroy local jail after migration. | --doas Use 'doas' instead of 'sudo'. -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh' diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index 2120fd27..93dc701a 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -1,8 +1,6 @@ mount ===== -To mount storage within the container use ``bastille mount``. - Syntax follows standard ``/etc/fstab`` format: .. code-block:: shell @@ -67,8 +65,8 @@ It is possible to do the same for the jail path, but again, not recommemded. .. code-block:: shell ishmael ~ # bastille mount help - Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number] + Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [FS_TYPE OPTIONS DUMP PASS_NUMBER] Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/network.rst b/docs/chapters/subcommands/network.rst index 316a7822..520d9c20 100644 --- a/docs/chapters/subcommands/network.rst +++ b/docs/chapters/subcommands/network.rst @@ -1,8 +1,6 @@ network ======= -Add or remove interfaces to existing jails. - You can only add an interface once to a jail, with two exceptions. 1. For classic jails, you can add an interface as many times as you want, but @@ -36,15 +34,16 @@ network TARGET remove INTERFACE`` while both jails are stopped. .. code-block:: shell ishmael ~ # bastille network help - Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP] + Usage: bastille network [option(s)] TARGET add INTERFACE [IP] + TARGET remove INTERFACE Options: -a | --auto Start/stop jail(s) if required. - -B | --bridge Add a bridge VNET interface. - -M | --static-mac Generate a static MAC address for the interface (VNET only). + -B | --bridge Add a bridge interface. + -M | --static-mac Use a static/persistent MAC address (VNET only). -n | --no-ip Create interface without an IP (VNET only). -P | --passthrough Add a raw interface. - -V | --vnet Add a VNET interface. - -v | --vlan VLANID Assign VLAN ID to interface (VNET only). + -V | --vnet Add a physical interface. + -v | --vlan VLANID Assign VLANID to interface (VNET only). -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/pkg.rst b/docs/chapters/subcommands/pkg.rst index bc13dfae..ec6fb1f6 100644 --- a/docs/chapters/subcommands/pkg.rst +++ b/docs/chapters/subcommands/pkg.rst @@ -1,8 +1,6 @@ pkg === -Manage binary packages inside jails. - .. code-block:: shell ishmael ~ # bastille pkg folsom install vim-console git-lite zsh @@ -111,7 +109,7 @@ you can fully leverage the pkg manager. This means, ``install``, ``update``, Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -H | --host Use the hosts 'pkg' instead of the jails. - -y | --yes Assume always yes for pkg. Do not prompt. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -H | --host Use host 'pkg' binary instead of jails. + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/rcp.rst b/docs/chapters/subcommands/rcp.rst index 90bec0d5..665c5a44 100644 --- a/docs/chapters/subcommands/rcp.rst +++ b/docs/chapters/subcommands/rcp.rst @@ -1,8 +1,6 @@ rcp === -This command allows copying files from jail to host. - .. code-block:: shell ishmael ~ # bastille rcp bastion /test/testfile.txt /tmp/testfile.txt @@ -18,5 +16,5 @@ Unless you see errors reported in the output the ``rcp`` was successful. Options: - -q | --quiet Suppress output. - -x | --debug Enable debug mode. \ No newline at end of file + -q | --quiet Suppress output. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/rdr.rst b/docs/chapters/subcommands/rdr.rst index 0f78df00..884e47d1 100644 --- a/docs/chapters/subcommands/rdr.rst +++ b/docs/chapters/subcommands/rdr.rst @@ -75,12 +75,13 @@ Simply use the table name instead of an IP address or subnet. .. code-block:: shell # bastille rdr --help - Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )] + Usage: bastille rdr [option(s)] TARGET tcp|udp HOST_PORT JAIL_PORT [log LOG_OPTIONS] + TARGET clear|reset|list Options: - -d | --destination IP Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. - -i | --interface IF,IF Specify interface(s) to apply rule to. Comman separated. - -s | --source IP|table Limit rdr to a source IP or table. - -t | --type ipv4|ipv6 Specify IP type. Must be used if -s or -d are used. Defaults to both. + -d | --destination IP Limit rdr to a destination IP. + -i | --interface IF,IF Specify interface(s) to apply rule to. Comma-separated. + -s | --source IP|TABLE Limit rdr to a source IP or table. + -t | --type ipv4|ipv6 Specify IP type. Must be used if '-s' or '-d' are used. Defaults to both. -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/rename.rst b/docs/chapters/subcommands/rename.rst index 3827c47e..401194bd 100644 --- a/docs/chapters/subcommands/rename.rst +++ b/docs/chapters/subcommands/rename.rst @@ -1,8 +1,6 @@ rename ====== -Rename a jail. - .. code-block:: shell ishmael ~ # bastille rename azkaban arkham @@ -14,5 +12,5 @@ Rename a jail. Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/restart.rst b/docs/chapters/subcommands/restart.rst index 9079779c..0a834aa1 100644 --- a/docs/chapters/subcommands/restart.rst +++ b/docs/chapters/subcommands/restart.rst @@ -1,8 +1,6 @@ restart ======= -Restart jail(s). - Bastille will attempt to stop, then start the targetted jail(s). If a jail is not running, Bastille will still start it. To avoid this, run the restart command with ``-i|--ignore`` to skip any stopped jail(s). @@ -25,5 +23,5 @@ command with ``-i|--ignore`` to skip any stopped jail(s). -b | --boot Respect jail boot setting. -d | --delay VALUE Time (seconds) to wait after starting each jail. -i | --ignore Ignore stopped jails (do not start if stopped). - -v | --verbose Print every action on jail restart. + -v | --verbose Enable verbose mode. -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/service.rst b/docs/chapters/subcommands/service.rst index ef89d6ce..dfcdbd34 100644 --- a/docs/chapters/subcommands/service.rst +++ b/docs/chapters/subcommands/service.rst @@ -17,9 +17,9 @@ inside the jail(s). .. code-block:: shell ishmael ~ # bastille service help - Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS + Usage: bastille service [option(s)] TARGET SERVICE ARGS Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/setup.rst b/docs/chapters/subcommands/setup.rst index 70922333..70ef7c23 100644 --- a/docs/chapters/subcommands/setup.rst +++ b/docs/chapters/subcommands/setup.rst @@ -58,16 +58,9 @@ Running ``bastille setup`` without any options will attempt to auto-configure th .. code-block:: shell ishmael ~ # bastille setup -h - Usage: bastille setup [option(s)] [bridge] - [linux] - [loopback] - [netgraph] - [pf|firewall] - [shared] - [storage] - [vnet] + Usage: bastille setup [option(s)] [bridge|linux|loopback|netgraph|firewall|shared|storage|vnet] - Options: + Options: - -y | --yes Assume always yes on prompts. - -x | --debug Enable debug mode. + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/start.rst b/docs/chapters/subcommands/start.rst index 0d4d3c97..5d337c23 100644 --- a/docs/chapters/subcommands/start.rst +++ b/docs/chapters/subcommands/start.rst @@ -1,8 +1,6 @@ start ===== -Start jail(s). - .. code-block:: shell ishmael ~ # bastille start folsom @@ -16,7 +14,7 @@ Start jail(s). Options: - -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after starting each jail. - -v | --verbose Print every action on jail start. - -x | --debug Enable debug mode. \ No newline at end of file + -b | --boot Respect jail boot setting. + -d | --delay VALUE Time (seconds) to wait after starting each jail. + -v | --verbose Enable verbose mode. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/stop.rst b/docs/chapters/subcommands/stop.rst index 299bb15e..44c5efc6 100644 --- a/docs/chapters/subcommands/stop.rst +++ b/docs/chapters/subcommands/stop.rst @@ -1,8 +1,6 @@ stop ==== -Stop jail(s). - .. code-block:: shell ishmael ~ # bastille stop folsom @@ -16,5 +14,5 @@ Stop jail(s). Options: - -v | --verbose Print every action on jail stop. - -x | --debug Enable debug mode. \ No newline at end of file + -v | --verbose Enable verbose mode. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/sysrc.rst b/docs/chapters/subcommands/sysrc.rst index 333ddd4f..c998ed0b 100644 --- a/docs/chapters/subcommands/sysrc.rst +++ b/docs/chapters/subcommands/sysrc.rst @@ -19,5 +19,5 @@ See ``man sysrc(8)`` for more info. Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/tags.rst b/docs/chapters/subcommands/tags.rst index 6c816fdf..03c24487 100644 --- a/docs/chapters/subcommands/tags.rst +++ b/docs/chapters/subcommands/tags.rst @@ -1,8 +1,6 @@ tags ==== -The ``tags`` sub-command adds, removes or lists arbitrary tags on your jail(s). - .. code-block:: shell ishmael ~ # bastille tags help ## display tags help @@ -14,8 +12,9 @@ The ``tags`` sub-command adds, removes or lists arbitrary tags on your jail(s). .. code-block:: shell ishmael ~ # bastille tags help - Usage: bastille tags [option(s)] TARGET [add|delete|list] [tag1,tag2] + Usage: bastille tags [option(s)] TARGET add|delete TAG1,TAG2 + TARGET list [TAG] Options: - -x | --debug Enable debug mode. \ No newline at end of file + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/template.rst b/docs/chapters/subcommands/template.rst index 507e8694..f50ce5ea 100644 --- a/docs/chapters/subcommands/template.rst +++ b/docs/chapters/subcommands/template.rst @@ -1,8 +1,6 @@ template ======== -Run preconfigured template files inside targeted jail(s). - .. code-block:: shell ishmael ~ # bastille template azkaban project/template @@ -17,9 +15,9 @@ The TEMPLATE arg should be called with the ``project/template`` format. .. code-block:: shell ishmael ~ # bastille template help - Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE + Usage: bastille template [option(s)] TARGET|--convert TEMPLATE Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/top.rst b/docs/chapters/subcommands/top.rst index 831feaee..dc157c1f 100644 --- a/docs/chapters/subcommands/top.rst +++ b/docs/chapters/subcommands/top.rst @@ -1,9 +1,6 @@ top === -This command runs ``top`` in the targeted jail. - - .. image:: ../../images/top.png :align: center :alt: bastille top container @@ -15,5 +12,5 @@ This command runs ``top`` in the targeted jail. Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/umount.rst b/docs/chapters/subcommands/umount.rst index 3b25a246..e6323091 100644 --- a/docs/chapters/subcommands/umount.rst +++ b/docs/chapters/subcommands/umount.rst @@ -1,8 +1,6 @@ umount ====== -Unmount storage from jail(s). - .. code-block:: shell ishmael ~ # bastille umount azkaban /media/foo @@ -34,5 +32,5 @@ backslash \, and enclose the mount point in quotes "". Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/update.rst b/docs/chapters/subcommands/update.rst index 3edb7759..cba643d2 100644 --- a/docs/chapters/subcommands/update.rst +++ b/docs/chapters/subcommands/update.rst @@ -48,6 +48,6 @@ will be updated just like the release shown above. Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -f | --force Force update a release. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -f | --force Force update a release (FreeBSD legacy releases). + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/upgrade.rst b/docs/chapters/subcommands/upgrade.rst index 077a772c..b58cbfaf 100644 --- a/docs/chapters/subcommands/upgrade.rst +++ b/docs/chapters/subcommands/upgrade.rst @@ -8,10 +8,11 @@ upgraded normally. .. code-block:: shell ishmael ~ # bastille upgrade help - Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install + Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE + TARGET install Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -f | --force Force upgrade a jail. - -x | --debug Enable debug mode. \ No newline at end of file + -a | --auto Auto mode. Start/stop jail(s) if required. + -f | --force Force upgrade a release (FreeBSD legacy releases). + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/verify.rst b/docs/chapters/subcommands/verify.rst index 25501147..bc9baf90 100644 --- a/docs/chapters/subcommands/verify.rst +++ b/docs/chapters/subcommands/verify.rst @@ -40,4 +40,4 @@ release or template . Options: - -x | --debug Enable debug mode. \ No newline at end of file + -x | --debug Enable debug mode. \ No newline at end of file diff --git a/docs/chapters/subcommands/zfs.rst b/docs/chapters/subcommands/zfs.rst index f0726c71..79b5b35e 100644 --- a/docs/chapters/subcommands/zfs.rst +++ b/docs/chapters/subcommands/zfs.rst @@ -24,14 +24,14 @@ To destroy a snaphot however, you must supply a TAG. To destroy a snapshot, run .. code-block:: shell ishmael ~ # bastille zfs help - Usage: bastille zfs [option(s)] TARGET destroy|rollback|snapshot TAG" + Usage: bastille zfs [option(s)] TARGET snapshot|destroy|rollback [TAG]" df|usage" - get|set key=value" + get|set KEY=VALUE" jail pool/dataset /jail/path" unjail pool/dataset" Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -v | --verbose Enable verbose mode. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -v | --verbose Enable verbose mode. + -x | --debug Enable debug mode. diff --git a/docs/chapters/usage.rst b/docs/chapters/usage.rst index c7230032..2221de3e 100644 --- a/docs/chapters/usage.rst +++ b/docs/chapters/usage.rst @@ -13,42 +13,43 @@ Usage Available Commands: bootstrap Bootstrap a release or template(s). clone Clone an existing jail. - cmd Execute command inside targeted jail(s). - config Get, set, add or remove properties from targeted jail(s). + cmd Execute command(s) inside jail(s). + config Get, set, add or remove properties from jail(s). console Console into a jail. - convert Convert thin jail to thick jail, or convert a jail to a custom release. - cp cp(1) files from host to targeted jail(s). + convert Convert a jail from thin to thick; convert a jail to a custom release. + cp Copy file(s)/directorie(s) from host to jail(s). create Create a jail. - destroy Destroy a jail or release. + destroy Destroy jail(s) or release(s). edit Edit jail configuration files (advanced). + etcupdate Update /etc for jail(s). export Export a jail. - help Help about any command. + help Help for any command. htop Interactive process viewer (requires htop). import Import a jail. - jcp cp(1) files from a jail to jail(s). - limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1). + jcp Copy file(s)/directorie(s) from jail to jail(s). + limits Apply resources limits to jail(s). See rctl(8) and cpuset(1). list List jails, releases, templates and more... - migrate Migrate targeted jail(s) to a remote system. - mount Mount a volume inside targeted jail(s). - network Add or remove interfaces from targeted jail(s). - pkg Manipulate binary packages within targeted jail(s). See pkg(8). - rcp cp(1) files from a jail to host. + migrate Migrate jail(s) to a remote system. + mount Mount file(s)/directorie(s) inside jail(s). + network Add or remove interface(s) from jail(s). + pkg Manage packages inside jail(s). See pkg(8). + rcp Copy file(s)/directorie(s) from jail to host. rdr Redirect host port to jail port. rename Rename a jail. restart Restart a jail. - service Manage services within targeted jail(s). - setup Attempt to auto-configure network, firewall and storage and more... - start Start a stopped jail. - stop Stop a running jail. - sysrc Safely edit rc files within targeted jail(s). - tags Add or remove tags to targeted jail(s). - template Apply file templates to targeted jail(s). - top Display and update information about the top(1) cpu processes. - umount Unmount a volume from targeted jail(s). - update Update jail base -pX release. - upgrade Upgrade jail release to X.Y-RELEASE. + service Manage services within jail(s). + setup Auto-configure network, firewall, storage and more... + start Start stopped jail(s). + stop Stop running jail(s). + sysrc Edit rc files inside jail(s). + tags Add or remove tags to jail(s). + template Apply templates to jail(s). + top Process viewer. See top(1). + umount Unmount file(s)/directorie(s) from jail(s). + update Update a jail or release. + upgrade Upgrade a jail to new release. verify Compare release against a "known good" index. - zfs Manage (get|set) ZFS attributes on targeted jail(s). + zfs Manage ZFS options/attributes for jail(s). Use "bastille -v|--version" for version information. Use "bastille command -h|--help" for more information about a command. diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index f8d261ba..4bea13cb 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -73,47 +73,48 @@ Bastille is an open-source system for automating deployment and management of containerized applications on FreeBSD. Usage: - bastille [option(s)] command [option(s)] TARGET ARGS + bastille [option(s)] COMMAND [option(s)] TARGET ARGS Available Commands: bootstrap Bootstrap a release or template(s). clone Clone an existing jail. - cmd Execute command inside targeted jail(s). - config Get, set, add or remove properties from targeted jail(s). + cmd Execute command(s) inside jail(s). + config Get, set, add or remove properties from jail(s). console Console into a jail. - convert Convert thin jail to thick jail, or convert a jail to a custom release. - cp cp(1) files from host to targeted jail(s). + convert Convert a jail from thin to thick; convert a jail to a custom release. + cp Copy file(s)/directorie(s) from host to jail(s). create Create a jail. - destroy Destroy a jail or release. + destroy Destroy jail(s) or release(s). edit Edit jail configuration files (advanced). + etcupdate Update /etc for jail(s). export Export a jail. - help Help about any command. + help Help for any command. htop Interactive process viewer (requires htop). import Import a jail. - jcp cp(1) files from a jail to jail(s). - limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1). + jcp Copy file(s)/directorie(s) from jail to jail(s). + limits Apply resources limits to jail(s). See rctl(8) and cpuset(1). list List jails, releases, templates and more... - migrate Migrate targeted jail(s) to a remote system. - mount Mount a volume inside targeted jail(s). - network Add or remove interfaces from targeted jail(s). - pkg Manipulate binary packages within targeted jail(s). See pkg(8). - rcp cp(1) files from a jail to host. + migrate Migrate jail(s) to a remote system. + mount Mount file(s)/directorie(s) inside jail(s). + network Add or remove interface(s) from jail(s). + pkg Manage packages inside jail(s). See pkg(8). + rcp Copy file(s)/directorie(s) from jail to host. rdr Redirect host port to jail port. rename Rename a jail. restart Restart a jail. - service Manage services within targeted jail(s). - setup Attempt to auto-configure network, firewall and storage and more... - start Start a stopped jail. - stop Stop a running jail. - sysrc Safely edit rc files within targeted jail(s). - tags Add or remove tags to targeted jail(s). - template Apply file templates to targeted jail(s). - top Display and update information about the top(1) cpu processes. - umount Unmount a volume from targeted jail(s). - update Update jail base -pX release. - upgrade Upgrade jail release to X.Y-RELEASE. + service Manage services within jail(s). + setup Auto-configure network, firewall, storage and more... + start Start stopped jail(s). + stop Stop running jail(s). + sysrc Edit rc files inside jail(s). + tags Add or remove tags to jail(s). + template Apply templates to jail(s). + top Process viewer. See top(1). + umount Unmount file(s)/directorie(s) from jail(s). + update Update a jail or release. + upgrade Upgrade a jail to new release. verify Compare release against a "known good" index. - zfs Manage (get|set) ZFS attributes on targeted jail(s). + zfs Manage ZFS options/attributes for jail(s). Use "bastille -v|--version" for version information. Use "bastille command -h|--help" for more information about a command. diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 6bcac5a5..8269b37a 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -33,13 +33,14 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille bootstrap [option(s)] RELEASE [update|arch]" + error_notify "Usage: bastille bootstrap [option(s)] RELEASE [ARCH]" error_notify " TEMPLATE" cat << EOF Options: - -p | --pkgbase Bootstrap using pkgbase (15.0-RELEASE and above). + -p | --pkgbase Bootstrap using pkgbase (FreeBSD 15.0-RELEASE and above). + -u | --update Update the release after bootstrap. -x | --debug Enable debug mode. EOF @@ -217,11 +218,11 @@ validate_release() { # Validate OPTION - if [ -n "${OPTION}" ]; then + if [ -n "${OPT_ARCH}" ]; then # Alternate RELEASE/ARCH fetch support - if [ "${OPTION}" = "--i386" ] || [ "${OPTION}" = "--32bit" ]; then + if [ "${OPT_ARCH}" = "--i386" ] || [ "${OPT_ARCH}" = "--32bit" ]; then ARCH="i386" - RELEASE="${RELEASE}-${ARCH}" + RELEASE="${RELEASE}-${OPT_ARCH}" fi fi } @@ -506,12 +507,17 @@ bootstrap_template() { # Handle options. PKGBASE=0 +OPT_UPDATE=0 ERRORS=0 while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage ;; + -u|--update) + OPT_UPDATE=1 + shift + ;; -p|--pkgbase) PKGBASE=1 shift @@ -537,7 +543,7 @@ while [ "$#" -gt 0 ]; do done RELEASE="${1}" -OPTION="${2}" +OPT_ARCH="${2}" NOCACHEDIR="" HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') @@ -583,9 +589,9 @@ else fi # Alternate RELEASE/ARCH fetch support(experimental) -if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" != "update" ]; then +if [ -n "${OPT_ARCH}" ] && [ "${OPT_ARCH}" != "${HW_MACHINE}" ] && [ "${OPT_ARCH}" != "update" ]; then # Supported architectures - if [ "${OPTION}" = "--i386" ] || [ "${OPTION}" = "--32bit" ]; then + if [ "${OPT_ARCH}" = "--i386" ] || [ "${OPT_ARCH}" = "--32bit" ]; then HW_MACHINE="i386" HW_MACHINE_ARCH="i386" else @@ -725,12 +731,10 @@ esac # Check for errors if [ "${ERRORS}" -eq 0 ]; then - # Check for OPTION=update - case "${OPTION}" in - update) - bastille update "${RELEASE}" - ;; - esac + # Check for OPT_UPDATE + if [ "${OPT_UPDATE}" -eq 1 ]; then + bastille update "${RELEASE}" + fi # Success info "\nBootstrap successful." diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 5e27cffe..966a22c9 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -40,7 +40,7 @@ usage() { Options: - -x | --debug Enable debug mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 43bbbf8a..15d01ba4 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -38,8 +38,8 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index d96fd88a..f8a91b86 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -33,14 +33,15 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille convert [option(s)] TARGET [RELEASE]" + error_notify "Usage: bastille convert [option(s)] TARGET" + error_notify " TARGET RELEASE" cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -y | --yes Do not prompt. Just convert. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 5aa724dd..88e19b30 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -38,8 +38,8 @@ usage() { Options: - -q | --quiet Suppress output. - -x | --debug Enable debug mode. + -q | --quiet Suppress output. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 109ed91e..748ad6ac 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -40,23 +40,23 @@ usage() { Options: - -B | --bridge Enable VNET, and attach to a specified, already existing bridge. - -C | --clone Create a clone jail. - -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -E | --empty Create an empty jail, intended for custom jail builds (thin/thick/linux or unsupported). - -g | --gateway IP Specify a default router/gateway for the jail. + -B | --bridge Enable VNET. INTERFACE must be a bridge. + -C | --clone Create a clone jail (ZFS only). + -D | --dual Use dual (IPv4+6) networking (IP=[inherit|ip_hostname] only). + -E | --empty Create an empty jail. + -g | --gateway IP Specify a default router/gateway. -L | --linux Create a Linux jail (experimental). - -M | --static-mac Generate a static MAC address for jail (VNET only). - -n | --nameserver IP,IP Specify nameserver(s) for the jail. Comma separated. - --no-validate Do not validate the release when creating the jail. - --no-boot Create jail with boot=off. - -P | --passthrough Enable VNET, and pass the specified interface into the jail. - -p | --priority VALUE Set priority value for the jail. - -T | --thick Create a thick jail. This is an entirely self contained and independant jail. - -V | --vnet Enable VNET, and attach to an existing, physical interface. - -v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only). + -M | --static-mac Use a static/persistent MAC address (VNET only). + -n | --nameserver IP Specify nameserver(s) for the jail. Comma-separated. + --no-validate Do not validate the release name. + --no-boot Set boot=off. + -P | --passthrough Enable VNET. INTERFACE is used as-is. + -p | --priority VALUE Set priority value. + -T | --thick Create a thick jail. + -V | --vnet Enable VNET. INTERFACE must be a physical interface. + -v | --vlan VLANID Set VLAN ID (VNET only). -x | --debug Enable debug mode. - -Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -Z | --zfs-opts zfs,options Custom zfs options. Comma-separated. EOF exit 1 diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index a2f32031..c6a977dd 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -33,16 +33,17 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille destroy [option(s)] JAIL|RELEASE" + error_notify "Usage: bastille destroy [option(s)] JAIL" + error_notify " RELEASE" cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -c | --no-cache Do no destroy cache when destroying a release. - -f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only). - -y | --yes Do no prompt. Just destroy. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -c | --no-cache Do not destroy cache when destroying a release (legacy releases). + -f | --force Force unmount any mounted datasets when destroying a jail or release (ZFS only). + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 83dfcc11..f3ffb430 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -38,7 +38,7 @@ usage() { Options: - -x | --debug Enable debug mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index fb5b50df..f92c1041 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -30,14 +30,16 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]" + error_notify "Usage: bastille etcupdate [option(s)] bootstrap RELEASE" + error_notify " TARGET update RELEASE" + error_notify " TARGET diff|resolve" cat << EOF Options: - -d | --dry-run Show output, but do not apply. - -f | --force Force a re-bootstrap of a RELEASE. - -x | --debug Enable debug mode. + -d | --dry-run Show output, but do not apply. + -f | --force Force a re-bootstrap of a RELEASE. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 614f8cf8..bcf43d78 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -37,16 +37,16 @@ usage() { # Valid compress/options for ZFS systems are raw, .gz, .tgz, .txz and .xz # Valid compress/options for non ZFS configured systems are .tgz and .txz # If no compression option specified, user must redirect standard output - error_notify "Usage: bastille export [option(s)] TARGET PATH" + error_notify "Usage: bastille export [option(s)] TARGET [PATH]" cat << EOF Options: -a | --auto Auto mode. Start/stop jail(s) if required. -l | --live Export a running jail (ZFS only). - --gz Export to '.gz' compressed image (ZFS only). + --gz Export to a '.gz' compressed image (ZFS only). --xz Export to a '.xz' compressed image (ZFS only). - --zst Export to a .zst compressed image (ZFS only). + --zst Export to a '.zst' compressed image (ZFS only). --raw Export to an uncompressed RAW image (ZFS only). --tgz Export to a '.tgz' compressed archive. --txz Export to a '.txz' compressed archive. diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 8626468a..adb5f811 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -38,8 +38,8 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 95ff5d76..c4846a48 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -40,8 +40,8 @@ usage() { Options: - -f | --force Force an archive import regardless if the checksum file does not match or missing. - -M | --static-mac Generate static MAC for jail when importing foreign jails like iocage. + -f | --force Force an archive import without validating checksum. + -M | --static-mac Use a static/persistent MAC address (VNET only) when importing foreign jails. -v | --verbose Enable verbose mode (ZFS only). -x | --debug Enable debug mode. diff --git a/usr/local/share/bastille/jcp.sh b/usr/local/share/bastille/jcp.sh index fb7a2370..77247bd1 100644 --- a/usr/local/share/bastille/jcp.sh +++ b/usr/local/share/bastille/jcp.sh @@ -33,13 +33,13 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH" + error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATH" cat << EOF Options: - -q | --quiet Suppress output. - -x | --debug Enable debug mode. + -q | --quiet Suppress output. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 9d2e7121..83a020cb 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -34,7 +34,10 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]" + error_notify "Usage: bastille limits [option(s)] TARGET add OPTION VALUE" + error_notify " TARGET remove OPTION" + error_notify " TARGET clear|reset|stats" + error_notify " TARGET list|show [active]" cat << EOF Example: bastille limits TARGET add memoryuse 1G @@ -42,9 +45,9 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -l | --log Enable logging for the specified rule (rctl only). - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -l | --log Enable logging for the specified rule (RCTL only). + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index c9024df6..ab5bef88 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -33,16 +33,16 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]" - error_notify " [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type]" + error_notify "Usage: bastille list [option(s)] [all|backup|export|import|ip|jail|limit]" + error_notify " [log|path|port|priority|release|snapshot|state|template|type]" cat << EOF Options: - -d | --down List stopped jails only. - -j | --json List jails or sub-arg(s) in json format. - -p | --pretty Print JSON in columns. - -u | --up List running jails only. - -x | --debug Enable debug mode. + -d | --down List stopped jails only. + -j | --json List jails or sub-arg(s) in json format. + -p | --pretty Print JSON in columns. + -u | --up List running jails only. + -x | --debug Enable debug mode. EOF exit 1 @@ -786,7 +786,7 @@ if [ "$#" -eq 1 ]; then fi ;; release|releases) - list_release "${2}" + list_release "-p" ;; snap|snapshot|snapshots) list_snapshot diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index e324555c..59417427 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -36,19 +36,13 @@ usage() { error_notify "Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT]" cat << EOF - Examples: - - bastille migrate attica migrate@192.168.10.100 - bastille migrate attica migrate@192.168.1.10:20022 - bastille migrate --keyfile id_rsa attica migrate@192.168.1.10 - Options: -a | --auto Auto mode. Start/stop jail(s) if required. - -b | --backup Retain archives on remote system. + -b | --backup Keep archives on remote system. -d | --destroy Destroy local jail after migration. | --doas Use 'doas' instead of 'sudo'. - -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh' + -k | --keyfile Specify an alternative private keyfile name. Must be in '~/.ssh'. -l | --live Migrate a running jail (ZFS only). -p | --password Use password based authentication. -x | --debug Enable debug mode. diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 9870d08d..4aa5fe7b 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -33,13 +33,13 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" + error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [FS_TYPE OPTIONS DUMP PASS_NUMBER]" cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/network.sh b/usr/local/share/bastille/network.sh index 0161e58c..73db036e 100644 --- a/usr/local/share/bastille/network.sh +++ b/usr/local/share/bastille/network.sh @@ -34,18 +34,19 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_notify "Usage: bastille network [option(s)] TARGET remove|add INTERFACE [IP]" + error_notify "Usage: bastille network [option(s)] TARGET add INTERFACE [IP]" + error_notify " TARGET remove INTERFACE" cat << EOF Options: -a | --auto Start/stop jail(s) if required. - -B | --bridge Add a bridge VNET interface. - -M | --static-mac Generate a static MAC address for the interface (VNET only). + -B | --bridge Add a bridge interface. + -M | --static-mac Use a static/persistent MAC address (VNET only). -n | --no-ip Create interface without an IP (VNET only). -P | --passthrough Add a raw interface. - -V | --vnet Add a VNET interface. - -v | --vlan VLANID Assign VLAN ID to interface (VNET only). + -V | --vnet Add a physical interface. + -v | --vlan VLANID Assign VLANID to interface (VNET only). -x | --debug Enable debug mode. EOF diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 09dfe8a0..a767b688 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -38,10 +38,10 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -H | --host Use the hosts 'pkg' instead of the jails. - -y | --yes Assume always yes for pkg command. Do not prompt. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -H | --host Use host 'pkg' binary instead of jails. + -y | --yes Do not prompt. Assume always yes. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/rcp.sh b/usr/local/share/bastille/rcp.sh index 1a9eba3a..5e461656 100644 --- a/usr/local/share/bastille/rcp.sh +++ b/usr/local/share/bastille/rcp.sh @@ -38,8 +38,8 @@ usage() { Options: - -q | --quiet Suppress output. - -x | --debug Enable debug mode. + -q | --quiet Suppress output. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 44557e8f..5254819c 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -33,15 +33,16 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]" + error_notify "Usage: bastille rdr [option(s)] TARGET tcp|udp HOST_PORT JAIL_PORT [log LOG_OPTIONS]" + error_notify " TARGET clear|reset|list" cat << EOF Options: - -d | --destination IP Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. - -i | --interface IF,IF Specify interface(s) to apply rule to. Comman separated. - -s | --source IP|table Limit rdr to a source IP or table. - -t | --type ipv4|ipv6 Specify IP type. Must be used if -s or -d are used. Defaults to both. + -d | --destination IP Limit rdr to a destination IP. + -i | --interface IF,IF Specify interface(s) to apply rule to. Comma-separated. + -s | --source IP|TABLE Limit rdr to a source IP or table. + -t | --type ipv4|ipv6 Specify IP type. Must be used if '-s' or '-d' are used. Defaults to both. -x | --debug Enable debug mode. EOF diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index 094179d9..154a7c22 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -35,8 +35,8 @@ usage() { cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 771a092a..7a6727fc 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -41,7 +41,7 @@ usage() { -b | --boot Respect jail boot setting. -d | --delay VALUE Time (seconds) to wait after starting each jail. -i | --ignore Ignore stopped jails (do not start if stopped). - -v | --verbose Print every action on jail start. + -v | --verbose Enable verbose mode. -x | --debug Enable debug mode. EOF diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index ee1c9632..5f7742a3 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -33,13 +33,13 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS" + error_notify "Usage: bastille service [option(s)] TARGET SERVICE ARGS" cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index 03dda2cb..277704bb 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -33,19 +33,12 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille setup [option(s)] [bridge]" - error_notify " [linux]" - error_notify " [loopback]" - error_notify " [netgraph]" - error_notify " [pf|firewall]" - error_notify " [shared]" - error_notify " [storage]" - error_notify " [vnet]" + error_notify "Usage: bastille setup [option(s)] [bridge|linux|loopback|netgraph|firewall|shared|storage|vnet]" cat << EOF Options: - -y | --yes Assume always yes on prompts. + -y | --yes Do not prompt. Assume always yes. -x | --debug Enable debug mode. EOF diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index cee7f5a9..decbdec5 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -38,10 +38,10 @@ usage() { Options: - -b | --boot Respect jail boot setting. - -d | --delay VALUE Time (seconds) to wait after starting each jail. - -v | --verbose Print every action on jail start. - -x | --debug Enable debug mode. + -b | --boot Respect jail boot setting. + -d | --delay VALUE Time (seconds) to wait after starting each jail. + -v | --verbose Enable verbose mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index e6b26580..7447716e 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -38,8 +38,8 @@ usage() { Options: - -v | --verbose Print every action on jail stop. - -x | --debug Enable debug mode. + -v | --verbose Enable verbose mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index da7e0f74..4d1e1a26 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -38,8 +38,8 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 7c6423d8..32f22577 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -34,12 +34,13 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille tags [option(s)] TARGET [add|delete|list] [tag1,tag2]" + error_notify "Usage: bastille tags [option(s)] TARGET add|delete TAG1,TAG2" + error_notify " TARGET list [TAG]" cat << EOF Options: - -x | --debug Enable debug mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 6f796c43..426a7026 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -33,13 +33,13 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE" + error_notify "Usage: bastille template [option(s)] TARGET|--convert TEMPLATE" cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 65879c88..1745e0fa 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -38,8 +38,8 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 4cd7ec1e..87ef4e42 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -38,8 +38,8 @@ usage() { Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 14d4dbb4..fd5a5f5a 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -37,9 +37,9 @@ usage() { cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -f | --force Force update a release. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -f | --force Force update a release (FreeBSD legacy releases). + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index 3916ba5b..a79bdbca 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -33,14 +33,15 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install" + error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE" + error_notify " TARGET install" cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -f | --force Force upgrade a release. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -f | --force Force upgrade a release (FreeBSD legacy releases). + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index c8d34daf..10cb2294 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -38,7 +38,7 @@ usage() { Options: - -x | --debug Enable debug mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 5b7a63c1..1c6a0624 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -34,18 +34,17 @@ usage() { - error_notify "Usage: bastille zfs [option(s)] TARGET destroy|rollback [TAG]|snapshot [TAG]" + error_notify "Usage: bastille zfs [option(s)] TARGET snapshot|destroy|rollback [TAG]" error_notify " df|usage" - error_notify " get|set key=value" + error_notify " get|set KEY=VALUE" error_notify " jail pool/dataset /jail/path" error_notify " unjail pool/dataset" - cat << EOF Options: - -a | --auto Auto mode. Start/stop jail(s) if required. - -v | --verbose Enable verbose mode. - -x | --debug Enable debug mode. + -a | --auto Auto mode. Start/stop jail(s) if required. + -v | --verbose Enable verbose mode. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/man/man1/bastille-bootstrap.1 b/usr/local/share/man/man1/bastille-bootstrap.1 index 27152e9c..8d2a80ef 100644 --- a/usr/local/share/man/man1/bastille-bootstrap.1 +++ b/usr/local/share/man/man1/bastille-bootstrap.1 @@ -1,51 +1,59 @@ -.Dd 2025/12/04 +.Dd 2025/12/06 .Dt bastille-bootstrap 1 .Os .Sh NAME .Nm bastille bootstrap -.Nd bootstrap a release or template(s) +.Nd Bootstrap a release or template(s). .Sh SYNOPSIS .Nm -.Op Fl px +.Op Fl pux .Ar RELEASE -.Op Cm update|arch +.Op ARCH .Nm .Op Fl x .Ar TEMPLATE .Sh DESCRIPTION +The .Nm -will bootstrap a release to use when creating jails. It will +sub-command will bootstrap a release to use when creating jails. It will also fetch and verify templates if a url is given as an arguement. .Bl -tag -width Ds -.It bootstrap Oo Fl px Oc Ar RELEASE Op Cm update|ARCH +.It Sy bastille bootstrap Oo Fl pux Oc Ar RELEASE Op ARCH .Bl -tag -width Ds .It Fl p , Fl -pkgbase -Bootstrap a release using PkgBase package sets. By default Bastille -will use legacy distribution sets to bootstrap a release. For FreeBSD -version 16.x and above, PkgBase is the default. +Bootstrap using pkgbase (FreeBSD 15.0-RELEASE and above). Bastille uses +distribution sets by default, but this option enables the use of +package sets when bootstrapping FreeBSD release. +.It Fl u , Fl -update +Update the release after bootstrap. .It Fl x , Fl -debug Enable debug mode. -.It update -This will update the release using -.Nm bastille update RELEASE -after bootstrapping it. -.It ARCH -Specify an architecture when bootstrapping a release. This is usually -not needed, as Bastille detects this automatically for most -use cases. +.Pp +If +.Ar ARCH +is specified, it will be used to bootstrap, as +opposed to using the hosts arch. .El -.It bootstrap Oo Fl x Oc Ar TEMPLATE +.It Sy bastille bootstrap Oo Fl x Oc Ar TEMPLATE .Bl -tag -width Ds .It Fl x , Fl -debug Enable debug mode. +.Pp +.Ar TEMPLATE +should be a url containing either a single template, or multiple +templates. .Sh EXAMPLES .Bl -tag -width Ds .It Bootstrap 15.0-RELEASE: -.Nm bastille bootstrap 15.0-RELEASE +.Sy bastille bootstrap 15.0-RELEASE .It Bootstrap official BastilleBSD templates: -.Nm bastille bootstrap https://github.com/BastilleBSD/templates +.Sy bastille bootstrap https://github.com/BastilleBSD/templates .It Bootstrap 15.0-RELEASE using PkgBase: -.Nm bastille bootstrap -p 15.0-RELEASE +.Sy bastille bootstrap -p 15.0-RELEASE +.It Bootstrap 15.0-RELEASE using i386 as the arch: +.Sy bastille bootstrap 15.0-RELEASE --i386 +.It Bootstrap the official BastilleBSD template collection: +.Sy bastille bootstrap https://github.com/BastilleBSD/templates .Sh SEE ALSO .Xr bastille.conf 5 , .Xr bastille-clone 1 , @@ -78,9 +86,10 @@ Enable debug mode. .Xr bastille-stop 1 , .Xr bastille-sysrc 1 , .Xr bastille-tags 1 , +.Xr bastille-template 1 , .Xr bastille-top 1 , .Xr bastille-umount 1 , .Xr bastille-update 1 , .Xr bastille-upgrade 1 , .Xr bastille-verify 1 , -.Xr bastille-zfs 1 , \ No newline at end of file +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-clone.1 b/usr/local/share/man/man1/bastille-clone.1 index 1cfb1fdf..e6f62f1b 100644 --- a/usr/local/share/man/man1/bastille-clone.1 +++ b/usr/local/share/man/man1/bastille-clone.1 @@ -1,30 +1,27 @@ -.Dd 2025/12/04 +.Dd 2025/12/06 .Dt bastille-clone 1 .Os .Sh NAME .Nm bastille clone -.Nd clone an existing jail +.Nd Clone an existing jail. .Sh SYNOPSIS .Nm .Op Fl alx .Ar TARGET NEW_NAME IP .Sh DESCRIPTION +The .Nm -will create an exact duplicate of the targeted jail, giving it +sub-command will create an exact duplicate of the targeted jail, giving it the specified .Ar NEW_NAME and -.Ar IP address . -.Ss OPTIONS +.Ar IP +address. .Bl -tag -width Ds .It Fl a , Fl -auto -Instead of printing an error stating that the jail needs to be -stopped, this option will simply stop the jail (if running) before -proceeding to clone it. Cannot be used with -.Sy -l|--live . +Auto mode. Start/stop jail(s) if required. Cannot be used with [-l|--live]. .It Fl l , Fl -live -Attempt to clone a running jail (ZFS only). Cannot be used with -.Sy -a|--auto . +Clone a running jail (ZFS only). Cannot be used with [-a|--auto]. .It Fl x , Fl -debug Enable debug mode. .Sh EXAMPLES @@ -67,9 +64,10 @@ Enable debug mode. .Xr bastille-stop 1 , .Xr bastille-sysrc 1 , .Xr bastille-tags 1 , +.Xr bastille-template 1 , .Xr bastille-top 1 , .Xr bastille-umount 1 , .Xr bastille-update 1 , .Xr bastille-upgrade 1 , .Xr bastille-verify 1 , -.Xr bastille-zfs 1 , \ No newline at end of file +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-cmd.1 b/usr/local/share/man/man1/bastille-cmd.1 index fe6e854f..d0461b13 100644 --- a/usr/local/share/man/man1/bastille-cmd.1 +++ b/usr/local/share/man/man1/bastille-cmd.1 @@ -1,29 +1,30 @@ -.Dd 2025/12/04 +.Dd 2025/12/06 .Dt bastille-cmd 1 .Os .Sh NAME .Nm bastille cmd -.Nd execute commands inside targeted jail(s) +.Nd Execute command(s) inside jail(s). .Sh SYNOPSIS .Nm .Op Fl ax .Ar TARGET COMMAND .Sh DESCRIPTION +The .Nm -will run the specified command inside targeted jail(s) +sub-command will run the specified +.Ar COMMAND +inside +.Ar TARGET . .Ss OPTIONS .Bl -tag -width Ds .It Fl a , Fl -auto -Instead of printing an error stating that the jail needs to be -running, this option will simply start the jail (if stopped) before -proceeding to run the command inside it. +Auto mode. Start/stop jail(s) if required. .It Fl x , Fl -debug Enable debug mode. .Sh EXAMPLES .Bl -tag -width Ds .It List contents of /etc: .Sy bastille cmd TARGET ls /etc -.El .Sh SEE ALSO .Xr bastille.conf 5 , .Xr bastille-bootstrap 1 , @@ -56,9 +57,10 @@ Enable debug mode. .Xr bastille-stop 1 , .Xr bastille-sysrc 1 , .Xr bastille-tags 1 , +.Xr bastille-template 1 , .Xr bastille-top 1 , .Xr bastille-umount 1 , .Xr bastille-update 1 , .Xr bastille-upgrade 1 , .Xr bastille-verify 1 , -.Xr bastille-zfs 1 , \ No newline at end of file +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-config.1 b/usr/local/share/man/man1/bastille-config.1 index bca7725d..f0d18589 100644 --- a/usr/local/share/man/man1/bastille-config.1 +++ b/usr/local/share/man/man1/bastille-config.1 @@ -1,9 +1,9 @@ -.Dd 2025/12/04 +.Dd 2025/12/06 .Dt bastille-config 1 .Os .Sh NAME .Nm bastille config -.Nd get, set, add or remove properties from targeted jail(s) +.Nd Get, set, add or remove properties from jail(s). .Sh SYNOPSIS .Nm .Op Fl x @@ -15,25 +15,40 @@ .Cm get|remove .Ar PROPERTY .Sh DESCRIPTION +The .Nm -can modify targeted jail(s) configuration and +sub-command will modify targeted jail(s) configuration and get, set, add or remove properties. -.Ss ACTIONS +.Bl -tag -width Ds +.It Sy bastille config Oo Fl x Oc Sy set|add Ar PROPERTY Op VALUE .Bl -tag -width Ds .It Sy set Set the value of the specified property from the jail configuration. -If the property is not set, it will be added and set. The VALUE part -is optional for some values. For example, allow.mlock does not need -a VALUE, but it won't do any harm to set it as 1 (enable). +If the property is not set, it will be added and set. .It Sy add -Same as -.Sy set . -.It Sy get -Get the value of the specified property from the jail configuration. -.It Sy remove -Remove the specified property from the jail configuration. -.Ss OPTIONS +Same as set. +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +It is not always necesary to set a +.Ar VALUE +for a +.Ar PROPERTY . +For example, 'allow.mlock=1' is the same as 'allow.mlock'. +.It Sy bastille config Oo Fl x Oc Sy get|remove Ar PROPERTY .Bl -tag -width Ds +.It Sy get +Get the value of the specified +.Ar PROPERTY +from the jail configuration. If a property is not present, 'not +enabled' will be shown. If the property has no value, but +is present, 'enabled' will be returned. Otherwise you will be +shown the value. +.It Sy remove +Remove the specified +.Ar PROPERTY +from the jail configuration. .It Fl x , -debug Enable debug mode. .Sh EXAMPLES @@ -76,9 +91,10 @@ Enable debug mode. .Xr bastille-stop 1 , .Xr bastille-sysrc 1 , .Xr bastille-tags 1 , +.Xr bastille-template 1 , .Xr bastille-top 1 , .Xr bastille-umount 1 , .Xr bastille-update 1 , .Xr bastille-upgrade 1 , .Xr bastille-verify 1 , -.Xr bastille-zfs 1 , \ No newline at end of file +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-console.1 b/usr/local/share/man/man1/bastille-console.1 new file mode 100644 index 00000000..749b70f2 --- /dev/null +++ b/usr/local/share/man/man1/bastille-console.1 @@ -0,0 +1,68 @@ +.Dd 2025/12/06 +.Dt bastille-console 1 +.Os +.Sh NAME +.Nm bastille console +.Nd Console into a jail. +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET +.Op USER +.Sh DESCRIPTION +The +.Nm +sub-command will enter a jails shell. If a user is given, it +will enter as that user. +.Bl -tag -width Ds +.It Fl a , -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Console into myjail: +.Sy bastille console myjail +.It Console into myjail as bob: +.Sy bastille console myjail bob +.It Console into a stopped jail as bob: +.Sy bastille console -a myjail bob +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-convert.1 b/usr/local/share/man/man1/bastille-convert.1 new file mode 100644 index 00000000..83832144 --- /dev/null +++ b/usr/local/share/man/man1/bastille-convert.1 @@ -0,0 +1,96 @@ +.Dd 2025/12/06 +.Dt bastille-convert 1 +.Os +.Sh NAME +.Nm bastille convert +.Nd Convert a jail from thin to thick; convert a jail to a custom release. +.Sh SYNOPSIS +.Nm +.Op Fl ayx +.Ar TARGET +.Nm +.Op Fl ax +.Ar TARGET RELEASE +.Sh DESCRIPTION +The +.Nm +sub-command will convert a thin jail to a thick jail if only the +.Ar TARGET +argument is given. If a +.Ar TARGET +and +.Ar RELEASE +is specified, it will convert the jail +(must be a thick jail) into a custom release. The jail will remain intact, +and you will have a duplicate of it to use a a release base for +any new jails. +.Bl -tag -width Ds +.It Sy bastille convert Oo Fl ayx Oc Ar TARGET +.Bl -tag -width Ds +.It Fl a , -auto +Auto mode. Start/stop jail(s) if required. +.It Fl y , -yes +Do not prompt. Assume always yes. +.It Fl x , -debug +Enable debug mode. +.Pp +Converting a thin jail to a thick jail is not reversible. You will +be be prompted to accept this action if [-y|--yes] is not specified. +.El +.It Sy bastille convert Oo Fl ayx Oc Ar TARGET RELEASE +.Bl -tag -width Ds +.It Fl a , -auto +Auto mode. Start/stop jail(s) if requried. +.It Fl x , -debug +Enable debug mode. +.Pp +A release created by this method is stored in the releases directory, and +can be used to create jails with the '--no-validate' flag. See +.Xr bastille-create 1 . +.Sh EXAMPLES +.Bl -tag -width Ds +.It Convert myjail from thin to thick: +.Sy bastille convert myjail +.It Convert myjail from thin to thick (no prompts): +.Sy bastille convert -ay myjail +.It Create myrelease from myjail: +.Sy bastille convert myjail myrelease +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-cp.1 b/usr/local/share/man/man1/bastille-cp.1 new file mode 100644 index 00000000..fc7f5afa --- /dev/null +++ b/usr/local/share/man/man1/bastille-cp.1 @@ -0,0 +1,69 @@ +.Dd 2025/12/06 +.Dt bastille-cp 1 +.Os +.Sh NAME +.Nm bastille cp +.Nd Copy file(s)/directorie(s) from host to jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl qx +.Ar TARGET HOST_PATH JAIL_PATH +.Sh DESCRIPTION +The +.Nm +sub-command will copy +.Ar HOST_PATH +to +.Ar JAIL_PATH +inside +.Ar TARGET . +.Bl -tag -width Ds +.It Fl q , -quiet +Suppress output. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Copy /etc/resolv.conf into myjail: +.Sy bastille cp myjail /etc/resolv.conf /etc/resolv.conf +.It Copy /etc into myjail quietly: +.Sy bastille cp -q myjail /etc /etc +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-create.1 b/usr/local/share/man/man1/bastille-create.1 new file mode 100644 index 00000000..dfae56f1 --- /dev/null +++ b/usr/local/share/man/man1/bastille-create.1 @@ -0,0 +1,164 @@ +.Dd 2025/12/06 +.Dt bastille-create 1 +.Os +.Sh NAME +.Nm bastille create +.Nd Create a jail. +.Sh SYNOPSIS +.Nm +.Op Fl BCDELMPTVvx +.Op Fl g Ar IP +.Op Fl n Ar IP,IP +.Op Fl p Ar VALUE +.Op Fl v Ar VALUE +.Op Fl Z Ar VALUE +.Op Fl -no-validate +.Op Fl -no-boot +.Ar NAME RELEASE IP Op INTERFACE +.Sh DESCRIPTION +The +.Nm +sub-command is used to create a jail with any of the given options. The +.Ar INTERFACE +value is only optional for classic/standard jails. For any type of VNET +jail, it is mandatory. +.Bl -tag -width Ds +.It Fl B , -bridge +Enable VNET. +.Ar INTERFACE +must be a bridge. +.Pp +This option is for use with manually created bridges. +.It Fl C , -clone +Create a clone jail (ZFS only). +.Pp +These are simply zfs clones of the release. +.It Fl D , -dual +Use dual (IPv4+6) networking (IP=[inherit|ip_hostname] only). +.Pp +This option is only supported for non-VNET jails. +.It Fl E , -empty +Create an empty jail. +.Pp +This option will only create the jail structure and config, but the root will be empty. +.It Fl g Ar IP , Fl -gateway Ar IP +Specify a default router/gateway. +.PP +Bastille normally detects your gateway from your host. Set +this option to override it. +.It Fl L , -linux +Create a Linux jail (experimental). +.It Fl M , -static-mac +Use a static/persistent MAC address (VNET only). +.It Fl n Ar IP,IP Fl -nameserver Ar IP,IP +Specify nameserver(s) for the jail. Comma-separated. +.It Fl -no-validate +Do not validate the release name. +.Pp +By default, Bastille will attempt to validate the release name against +a known index of official release names. Set this option to bypass that. +Useful in the case of an unknown release, or releases create using 'bastille +convert'. See +.Xr bastille-convert 1 . +.It Fl -no-boot +Set boot=off. +.Pp +By default, jails are created with 'boot=on' so as to start on system +startup. +.It Fl P , -passthrough +Enable VNET. +.Ar INTERFACE +is used as-is. +.Pp +This will pass the entire +.Ar INTERFACE +into the jail, which will make it unusable to the host until the jail +is stopped. +.It Fl p Ar VALUE , Fl -priority Ar VALUE +Set priority value. +.Pp +This controls the order in which jails +start and stop on system startup and shutdown. It also controls the +order in which any sub-command is executed when multiple jails are +tarteted. +.It Fl T , -thick +Create a thick jail. +.Pp +Thick jails are complete copies of the release. +.It Fl V , -vnet +Enable VNET. +.Ar INTERFACE +must be a physical interface. +.Pp +This option is for use with a physical interface. Bridging and epairs +are handled by the 'jib' script. +.It Fl v Ar VALUE , Fl -vlan Ar VALUE +Set VLAN ID (VNET only). +.Pp +This will configure the jail to use the specified +.Ar VALUE +as the VLAN ID. +.It Fl x , -debug +Enable debug mode. +.It Fl Z Ar VALUE , Fl -zfs-opts Ar VALUE,VALUE +Custom zfs options. Comma-separated. +.Pp +Comma separated list of ZFS options to create the jail with. +This overrides the defaults. See +.Xr bastille.conf 5 . +.Sh EXAMPLES +.Bl -tag -width Ds +.It Create a thick jail, with static MAC and priority 10: +.Sy bastille create -TM -p 10 myjail 15.0-RELEASE 10.23.23.1 +.It Create a VNET jail attached to a manual bridge: +.Sy bastille create -B myjail 15.0-RELEASE DHCP mycustombridge +.It Create a Linux jail: +.Sy bastille create -L myjail bookworm 10.2.4.5 +.It Create a VNET jail with boot=off and custom gateway: +.Sy bastille create -V --no-boot -g 10.1.1.1 myjail 15.0-RELEASE 10.1.1.4/24 vtnet0 +.Pp +In the above examples, sometimes an +.Ar INTERFACE +is specified, and sometimes it is not. +It is ONLY optional for classic/standard jails. See the 'Networking' section +in +.Xr bastille.conf 5 . +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-destroy.1 b/usr/local/share/man/man1/bastille-destroy.1 new file mode 100644 index 00000000..adffbc7c --- /dev/null +++ b/usr/local/share/man/man1/bastille-destroy.1 @@ -0,0 +1,89 @@ +.Dd 2025/12/06 +.Dt bastille-destroy 1 +.Os +.Sh NAME +.Nm bastille destroy +.Nd Destroy jail(s) or release(s). +.Sh SYNOPSIS +.Nm +.Op Fl ayx +.Ar JAIL +.Nm +.Op Fl cfx +.Ar RELEASE +.Sh DESCRIPTION +The +.Nm +sub-command is used to destroy jails or releases. +.Bl -tag -width Ds +.It Sy destroy Oo Fl ayx Oc Ar JAIL +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl y , Fl -yes +Do no prompt. Assume always yes. +.Pp +By default Bastille will ask +if you are sure you want to destroy the jail. Set this option +to bypass these prompts. +.It Fl x , -debug +Enable debug mode. +.El +.It Sy destroy Oo Fl cfx Oc Ar RELEASE +.Bl -tag -width Ds +.It Fl c , Fl -no-cache +Do not destroy cache when destroying release (legacy releases). +.Pp +This does not apply +to PkgBase releases. Cache are the '.txz' dist files downloaded +during the 'bootstrap' phase. +.It Fl f , Fl -force +Force unmount any mounted datasets when destroying a jail or +release (ZFS only). +.Sh EXAMPLES +.Bl -tag -width Ds +.It Destroy 15.0-RELEASE: +.Sy bastille destroy 15.0-RELEASE +.It Destroy myjail forcibly, without prompts, and auto mode: +.Sy bastille destroy -afy myjail +.It Destroy myjail and yourjail: +.Sy bastille destroy 'myjail yourjail' +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-edit.1 b/usr/local/share/man/man1/bastille-edit.1 new file mode 100644 index 00000000..52177ea3 --- /dev/null +++ b/usr/local/share/man/man1/bastille-edit.1 @@ -0,0 +1,73 @@ +.Dd 2025/12/05 +.Dt bastille-edit 1 +.Os +.Sh NAME +.Nm bastille edit +.Nd Edit jail configuration files (advanced). +.Sh SYNOPSIS +.Nm +.Op Fl x +.Ar TARGET +.Op FILE +.Sh DESCRIPTION +The +.Nm +sub-command allows editing +.Pa jail.conf , +as well as any +configuration files inside the jails main directory structure. +.Bl -tag -width Ds +.It Fl x , Fl -debug +Enable debug mode. +.Pp +If no +.Ar FILE +is given, Bastille will edit +.Pa jail.conf . +.Sh EXAMPLES +.Bl -tag -width Ds +.It Edit jail.conf for myjail: +.Sy bastille edit TARGET +.It Edit fstab for myjail: +.Sy bastille edit myjail fstab +.It Edit setting.conf for myjail: +.Sy bastille edit myjail settings.conf +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-etcupdate.1 b/usr/local/share/man/man1/bastille-etcupdate.1 new file mode 100644 index 00000000..f3332d51 --- /dev/null +++ b/usr/local/share/man/man1/bastille-etcupdate.1 @@ -0,0 +1,131 @@ +.Dd 2025/12/06 +.Dt bastille-etcupdate 1 +.Os +.Sh NAME +.Nm bastille etcupdate +.Nd Update /etc for jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl fx +.Sy bootstrap +.Ar RELEASE +.Nm +.Op Fl dx +.Ar TARGET +.Sy update +.Ar RELEASE +.Nm +.Op Fl x +.Ar TARGET +.Sy diff|resolve +.Sh DESCRIPTION +The +.Nm +sub-command will bootstrap a tarball from +.Ar RELEASE +which can then be used to update the contents of +.Pa /etc +inside jails after performing an upgrade. +.Bl -tag -width Ds +.It Sy bastille etcupdate Oo Fl fx Oc Sy bootstrap Ar RELEASE +.Bl -tag -width Ds +.It Sy bootstrap +Bootstrap the 'src' archives for +.Ar RELEASE , +then create a tarball from it. The tarball makes it +much easier and faster to apply to jails. +.It Fl f , Fl -force +Force a re-bootstrap of a release. +.It Fl x , Fl -debug +Enable debug mode. +.El +.It Sy bastille etcupdate Oo Fl dx Oc Ar TARGET Sy update Ar RELEASE +.Bl -tag -width Ds +.It Sy update +Update the contents of +.Pa /etc +inside +.Ar TARGET , +using +.Ar RELEASE +as the base. +.Ar RELEASE +must first be bootstrapped. +.It Fl d , Fl -dry-run +Show output, but do not apply. +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +The +.Ar RELEASE +specified here is the release you want to use as the base of +your +.Ar TARGET +/etc contents. +.It Sy bastille etcupdate Oo Fl x Oc Ar TARGET Sy diff|resolve +.Bl -tag -width Ds +.It Sy diff +Compare and show changes to +.Pa /etc +inside the +.Ar TARGET . +.It Sy resolve +Resolve any conflicts for +.Pa /etc +inside +.Ar TARGET . +Sometimes when performing the +.Nm +sub-command, it leaves +some conflicts between the old and new files. Use this option +to resolve these conflicts. +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Bootstrap 15.0-RELEASE for use with etcupdate: +.Sy bastille etcupdate bootstrap 15.0-RELEASE +.It Update /etc for myjail to 15.0-RELEASE: +.Sy bastille etcupdate myjail 15.0-RELEASE +.It Resolve any conflicts left over for myjail: +.Sy bastille etcupdate myjail resolve +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-export.1 b/usr/local/share/man/man1/bastille-export.1 new file mode 100644 index 00000000..3fd7262f --- /dev/null +++ b/usr/local/share/man/man1/bastille-export.1 @@ -0,0 +1,103 @@ +.Dd 2025/12/06 +.Dt bastille-export 1 +.Os +.Sh NAME +.Nm bastille export +.Nd Export a jail. +.Sh SYNOPSIS +.Nm +.Op Fl alvx +.Op Fl -gz +.Op Fl -xz +.Op Fl -zst +.Op Fl -raw +.Op Fl -tgz +.Op Fl -txz +.Op Fl -tzst +.Ar TARGET Op PATH +.Sh DESCRIPTION +The +.Nm +sub-command will export +.Ar TARGET +to an image (ZFS) or archive. +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl l , Fl -live +Export a running jail (ZFS only). +.Pp +Normally jails must be stopped to export them. Set this option +to allow exporting a hot/running jail. +.It Fl -gz +Export to a '.gz' compressed image (ZFS only). +.It Fl -xz +Export to a '.xz' compressed image (ZFS only). +.It Fl -zst +Export to a '.zst' compressed image (ZFS only). +.It Fl -raw +Export a an uncompressed RAW image (ZFS only). +.It Fl -tgz +Export to a '.tgz' compressed archive. +.It Fl -txz +Export to a '.txz' compressed archive. +.It Fl -tzst +Export to a '.tzst' compressed archive. +.It Fl v , Fl -verbose +Enable verbose mode (ZFS only). +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +If no +.Ar PATH +is specified, the jail will be exported to the backups directory. +See +.Xr bastille.conf 5 . +.Sh EXAMPLES +.Bl -tag -width Ds +.It Export my jail as a '.tzst' archive: +.Sy bastille export --tzst myjail +.It Export myjail to $PWD as a '.gz' image: +.Sy bastille export --gz myjail $PWD +.It Export myjail (while running) as a '.xz' image: +.Sy bastille export -l --xz myjail +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-htop.1 b/usr/local/share/man/man1/bastille-htop.1 new file mode 100644 index 00000000..807387b0 --- /dev/null +++ b/usr/local/share/man/man1/bastille-htop.1 @@ -0,0 +1,65 @@ +.Dd 2025/12/06 +.Dt bastille-htop 1 +.Os +.Sh NAME +.Nm bastille htop +.Nd Interactive process viewer (requires htop). +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET +.Sh DESCRIPTION +The +.Nm +sub-command will run htop in +.Ar TARGET . +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Run htop in myjail: +.Sy bastille htop myjail +.It Run htop (start the jail if stopped) in myjail: +.Sy bastille htop -a myjail +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-import.1 b/usr/local/share/man/man1/bastille-import.1 new file mode 100644 index 00000000..5a2eb1ff --- /dev/null +++ b/usr/local/share/man/man1/bastille-import.1 @@ -0,0 +1,91 @@ +.Dd 2025/12/06 +.Dt bastille-import 1 +.Os +.Sh NAME +.Nm bastille import +.Nd Import a jail. +.Sh SYNOPSIS +.Nm +.Op Fl fMvx +.Ar TARGET +.Op RELEASE +.Sh DESCRIPTION +The +.Nm +sub-command will attempt to import a jail from an image or archive. +Bastille supports importing jails from other jail managers such +as iocage, ezjail and qjail. +.Pp +For most foreign jail imports, Bastille will convert the config syntax +into Bastille readable format, but sometimes it might be necessary +to edit the +.Pa jail.conf +file manually. +.Bl -tag -width Ds +.It Fl f , Fl -force +Force an archive import without validation checksum. +.It Fl M , Fl -static-mac +Use a static/persistent MAC address (VNET only) when importing foreign jails. +.It Fl v , Fl -verbose +Enable verbose mode (ZFS only). +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +The +.Ar FILE +arguement should be the full filename, including the absolute path. +The only exception is if the archive is inside the backups directory. +See +.Xr bastille.conf 5 . +.Pp +If the +.Ar RELEASE +argument is specified, Bastille will import the jail using that release. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Import myjail_DATE.txz: +.Sy bastille import myjail_DATE.txz +.It Import myjail_DATE.gz under 15.0-RELEASE: +.Sy bastille import myjail_DATE.txz 15.0-RELEASE +.It Import myjail_DATE.gz under 15.0-RELEASE from non-default location: +.Sy bastille import /my/custom/folder/myjail_DATE.txz 15.0-RELEASE +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-jcp.1 b/usr/local/share/man/man1/bastille-jcp.1 new file mode 100644 index 00000000..9a246382 --- /dev/null +++ b/usr/local/share/man/man1/bastille-jcp.1 @@ -0,0 +1,63 @@ +.Dd 2025/12/06 +.Dt bastille-jcp 1 +.Os +.Sh NAME +.Nm bastille jcp +.Nd Copy file(s)/directorie(s) from jail to jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl qx +.Ar SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATH +.Sh DESCRIPTION +The +.Nm +sub-command will copy files and directories from a single +jail to any targeted jail(s). +.Bl -tag -width Ds +.It Fl q , Fl -quiet +Suppress output. +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Copy /etc/resolv.conf from myjail to yourjail: +.Sy bastille jcp myjail /etc/resolv.conf yourjail /etc +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-limits.1 b/usr/local/share/man/man1/bastille-limits.1 new file mode 100644 index 00000000..2f148c59 --- /dev/null +++ b/usr/local/share/man/man1/bastille-limits.1 @@ -0,0 +1,138 @@ +.Dd 2025/12/06 +.Dt bastille-limits 1 +.Os +.Sh NAME +.Nm bastille limits +.Nd Apply resource limits to jail(s). See +.Xr rctl 8 +and +.Xr cpuset 1 . +.Sh SYNOPSIS +.Nm +.Op Fl alx +.Ar TARGET +.Sy add +.Ar OPTION VALUE +.Nm +.Op Fl ax +.Ar TARGET +.Sy remove +.Ar OPTION +.Nm +.Op Fl ax +.Ar TARGET +.Sy clear|reset|stats +.Nm +.Op Fl ax +.Ar TARGET +.Sy list|show +.Op active +.Sh DESCRIPTION +The +.Nm +sub-command allows adding and setting limits to jail(s). +.Bl -tag -width Ds +.It Sy bastille limits Oo Fl alx Oc Sy add Ar OPTION VALUE +.Bl -tag -width Ds +.It Sy add +Add the specified +.Ar OPTION +to the jail along with its +.Ar VALUE . +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl l , Fl -log +Enable logging for the specified rule (RCTL only). +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +The +.Ar OPTION +and +.Ar VALUE +shoud conform to RCTL specs. See +.Xr rctl 8 . +.It Sy bastille limits Oo Fl ax Oc Sy remove Ar OPTION +.Bl -tag -width Ds +.It Sy remove +Remove the specified +.Ar OPTION +from the jail. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , Fl -debug +Enable debug mode. +.El +.It Sy bastille limits Oo Fl ax Oc Sy clear|reset|stats +.Bl -tag -width Ds +.It Sy clear +Clear limits from the system, but don't remove from jail configuration. +.It Sy reset +Clear limits from system, and remove from jail configuration. +.It Sy stats +Show limit stats (RCTL only). +.It Fl x , Fl -debug +Enable debug mode. +.El +.It Sy bastille limits Oo Fl ax Oc Sy list|show Op active +.Bl -tag -width Ds +.It Sy list +Show all configured limits on the system, active or not. +.Pp +If +.Ar active +is given as the last argument here, only active limits will +be shown. +.It Sy show +Same as list. +.It Fl x , Fl -debug +Enable debug mode. +.El +.Sh EXAMPLES +.Bl -tag -width Ds +.It Apply memoryuse limit of 4G to myjail: +.Sy bastille limits myjail set memoryuse 4G +.It Limit myjail to cpu 0 and 1: +.Sy bastille limits myjail set cpu 0,1 +.It Remove all limits from myjail: +.Sy bastille limits -a myjail reset +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-list.1 b/usr/local/share/man/man1/bastille-list.1 new file mode 100644 index 00000000..82d1fa44 --- /dev/null +++ b/usr/local/share/man/man1/bastille-list.1 @@ -0,0 +1,111 @@ +.Dd 2025/12/06 +.Dt bastille-list 1 +.Os +.Sh NAME +.Nm bastille list +.Nd List jails, releases, templates and more... +.Sh SYNOPSIS +.Nm +.Op Fl djpux +.Oo all|backup|export|import|ip|jail +limit|log|path|port|priority|snapshot|state|template|type +.Oc +.Sh DESCRIPTION +The +.Nm +sub-command will list any of the above contents for you. +.Bl -tag -width Ds +.It Sy bastille list Oo Fl djpux Oc Oo all|backup|export|import|ip|jail +limit|log|path|port|priority|snapshot|state|template|type +.Oc +.It Sy all +Deprecated. List jails in old Bastille format. +.It Sy backup|export|import +List jail backups in the backups directory. +.It Sy ip +List only the IP addresses of jails. +.It Sy jail +Print all jail names. +.It Sy limit +List all limits for all jails. +.It Sy log +List Bastille logs. +.It Sy path +List only the paths of jails. +.It Sy port +List only the published ports of jails. +.It Sy priority +List only the priority of jails. +.It Sy snapshot +List snapshots for all jails. +.It Sy state +List only the states of jails. Up or Down. +.It Sy template +List all templates in the templates directory. +.It Sy type +List only the jail type of jails. +.It Fl d , Fl -down +List stopped jails only. +.It Fl j , Fl -json +List jails or sub-arg(s) in json format. +.It Fl p , Fl -pretty +Print JSON in columns. +.It Fl u , Fl -up +List running jails only. +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +By default, the +.Nm +sub-command will display a list of jails and some important info +if called without any arguments. Use a combination of the above +options and sub-args to achieve the desired outcome based on what +information you want to see. +.Sh EXAMPLES +.Bl -tag -width Ds +.It List default info: +.Sy bastille list +.It List all releases: +.Sy bastille list releases +.It List running jails by type in pretty json columns: +.Sy bastille list -jup type +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-migrate.1 b/usr/local/share/man/man1/bastille-migrate.1 new file mode 100644 index 00000000..83132ce5 --- /dev/null +++ b/usr/local/share/man/man1/bastille-migrate.1 @@ -0,0 +1,92 @@ +.Dd 2025/12/06 +.Dt bastille-migrate 1 +.Os +.Sh NAME +.Nm bastille migrate +.Nd Migrate jail(s) to a remote system. +.Sh SYNOPSIS +.Nm +.Op Fl abdklpx +.Op Fl -doas +.Ar TARGET USER@HOST Ns Op :PORT +.Sh DESCRIPTION +The +.Nm +sub-command will migrate a jail to the specified remote host. +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl b , Fl -backup +Keep archives on remote system. +.Pp +By default, the archives on the remote system are removed +after migration. Set this option to keep them. +.It Fl d , Fl -destroy +Destroy local jail after migration. +.It Fl -doas +Use 'doas' instead of 'sudo'. +.Pp +The default is sudo. +.It Fl k , Fl -keyfile +Specify an alternative private keyfile name. Must be +in '~/.ssh'. +.It Fl l , Fl -live +Migrate a running jail (ZFS only). +.It Fl p , Fl -password +Use password based authentication. +.Pp +The default is to use SSH keys. +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +If no +.Ar PORT +is specified, Bastille will use port 22. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Migrate myjail to a remote system: +.Sy bastille migrate myjail root@10.23.23.23 +.It Migrate myjail, while destroying old jail, using port 2222: +.Sy bastille migrate -d myjail root@10.23.23.23:2222 +.It Migrate myjail, destroy old, and start new on on remote system: +.Sy bastille migrate -adl myjail root@10.23.23.23 +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-mount.1 b/usr/local/share/man/man1/bastille-mount.1 new file mode 100644 index 00000000..50b09028 --- /dev/null +++ b/usr/local/share/man/man1/bastille-mount.1 @@ -0,0 +1,80 @@ +.Dd 2025/12/06 +.Dt bastille-mount 1 +.Os +.Sh NAME +.Nm bastille mount +.Nd Mount file(s)/directorie(s) inside jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET HOST_PATH JAIL_PATH Op FS_TYPE OPTIONS DUMP PASS_NUMBER +.Sh DESCRIPTION +The +.Nm +sub-command will mount the +.Ar HOST_PATH +inside a jail at +.Ar JAIL_PATH . +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +By default +.Nm +will mount files read-only. To mount as read-write you +must specity all of the optional arguements. These include +.Ar FS_TYPE OPTIONS DUMP +and +.Ar PASS_NUMBER . +See +.Xr fstab 5 . +.Sh EXAMPLES +.Bl -tag -width Ds +.It Mount /usr/ports in myjail: +.Sy bastille mount myjail /usr/ports /usr/ports +.It Mount /usr/ports as read-write in myjail: +.Sy bastille mount myjail /usr/ports /usr/ports nullfs rw 0 0 +.It Mount /etc/resolv.conf in myjail: +.Sy bastille mount myjail /etc/resolv.conf /etc/resolv.conf +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-network.1 b/usr/local/share/man/man1/bastille-network.1 new file mode 100644 index 00000000..2424847d --- /dev/null +++ b/usr/local/share/man/man1/bastille-network.1 @@ -0,0 +1,106 @@ +.Dd 2025/12/06 +.Dt bastille-network 1 +.Os +.Sh NAME +.Nm bastille network +.Nd Add or remove interface(s) from jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl aBMnPVvx +.Ar TARGET Sy add Ar INTERFACE Op IP +.Nm +.Op Fl ax +.Ar TARGET Sy remove Ar INTERFACE +.Sh DESCRIPTION +The +.Nm +sub-command can add or remove interfaces, as +well as set a VLAN ID for jails. Setting the VLAN +ID must be done during the 'add' phase. +.Bl -tag -width Ds +.It Sy bastille network Oo Fl aBMnPVvx Oc Ar TARGET Sy add Ar INTERFACE Op IP +.Bl -tag -width Ds +.It Sy add +Add the +.Ar INTERFACE +to the jail. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl B , Fl -bridge +Add a bridge interface. +.It Fl M , Fl -static-mac +Use a static/persistent MAC address (VNET only). +.It Fl n , Fl -no-ip +Create interface without an IP (VNET only). +.It Fl P , Fl -passthrough +Add a raw interface. +.It Fl V , Fl -vnet +Add a physical interface. +.It Fl v Ar VLANID , Fl -vlan Ar VLANID +Assign +.Ar VLANID +to interface (VNET only). +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +The +.Ar IP +is only optional when the '-n|--no-ip' is set. +.It Sy bastille network Oo Fl ax Oc Ar TARGET Sy remove Ar INTERFACE +.Bl -tag -width Ds +.It Sy remove +Remove the specifed +.Ar INTERFACE +from the jail. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Add vtnet0 to myjail: +.Sy bastille network -aV myjail add vtnet0 DHCP +.It Add bridge0 to myjail with a static MAC: +.Sy bastille network -aBM myjail add bridge0 10.23.23.23/24 +.It Remove em0 from myjail: +.Sy bastille network -a myjail remove em0 +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-pkg.1 b/usr/local/share/man/man1/bastille-pkg.1 new file mode 100644 index 00000000..bda6c129 --- /dev/null +++ b/usr/local/share/man/man1/bastille-pkg.1 @@ -0,0 +1,69 @@ +.Dd 2025/12/06 +.Dt bastille-pkg 1 +.Os +.Sh NAME +.Nm bastille pkg +.Nd Manage packages inside jail(s). See +.Xr pkg 8 . +.Sh SYNOPSIS +.Nm +.Op Fl aHyx +.Ar TARGET ARGS +.Sh DESCRIPTION +The +.Nm +sub-command allows package management inside jails. +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl H , Fl -host +Use host 'pkg' binary instead of jails. +.It Fl y , Fl -yes +Do not prompt. Assume always yes. +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Install nginx inside myjail: +.Sy bastille pkg myjail install nginx +.It Install nginx inside myjail using the hosts 'pkg': +.Sy bastille pkg -H myjail install nginx +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-rcp.1 b/usr/local/share/man/man1/bastille-rcp.1 new file mode 100644 index 00000000..7cc898f4 --- /dev/null +++ b/usr/local/share/man/man1/bastille-rcp.1 @@ -0,0 +1,69 @@ +.Dd 2025/12/06 +.Dt bastille-rcp 1 +.Os +.Sh NAME +.Nm bastille rcp +.Nd Copy file(s)/directorie(s) from jail to host. +.Sh SYNOPSIS +.Nm +.Op Fl qx +.Ar TARGET JAIL_PATH HOST_PATH +.Sh DESCRIPTION +The +.Nm +sub-command will copy +.Ar JAIL_PATH +to +.Ar HOST_PATH +from inside +.Ar TARGET . +.Bl -tag -width Ds +.It Fl q , -quiet +Suppress output. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Copy /etc/resolv.conf.custom to host: +.Sy bastille rcp myjail /etc/resolv.custom /jailstuff/etc +.It Copy /etc to host quietly: +.Sy bastille rcp -q myjail /etc /jailstuff/etc +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-rdr.1 b/usr/local/share/man/man1/bastille-rdr.1 new file mode 100644 index 00000000..c7f61c99 --- /dev/null +++ b/usr/local/share/man/man1/bastille-rdr.1 @@ -0,0 +1,103 @@ +.Dd 2025/12/06 +.Dt bastille-rdr 1 +.Os +.Sh NAME +.Nm bastille rdr +.Nd Redirect host port to jail port. +.Sh SYNOPSIS +.Nm +.Op Fl x +.Op Fl d Ar IP +.Op Fl i Ar INTERFACE +.Op Fl s Ar IP|TABLE +.Op Fl t Ar ipv4|ipv6 +.Ar TARGET Sy tcp|udp Ar HOST_PORT JAIL_PORT Op log LOG_OPTIONS +.Nm +.Op Fl x +.Ar TARGET Sy clear|reset|list +.Sh DESCRIPTION +The +.Nm +sub-command will redirect +.Ar HOST_PORT +to +.Ar JAIL_PORT . +.Bl -tag -width Ds +.It Sy bastille rdr Oo Fl x Oc Oo Fl d Ar IP Oc Oo Fl i Ar INTERFACE Oc Oo Fl s Ar IP|TABLE Oc Oo Fl t Ar ipv4|ipv6 Oc Sy add Ar tcp|udp HOST_PORT JAIL_PORT Op log LOG_OPTIONS +.Bl -tag -width Ds +.It Sy add +Add the rdr rule to the jail. +.It Fl d Ar IP , Fl -destination Ar IP +Limit rdr to a destination IP. +.It Fl i Ar INTERFACE , Fl -interface Ar INTERFACE +Specify interface(s) to apply rule to. Comma-separated. +.It Fl s Ar IP|TABLE , Fl -source Ar IP|TABLE +Limit rdr to a source IP or table. +.Pp +The table should exist in your 'pf.conf'. +.It Fl t Ar ipv4|ipv6 , Fl -type Ar ipv4|ipv6 +Specify IP type. Must be used if '-s' or '-d' are used. Defaults to both. +.It Fl x , Fl -debug +Enable debug mode. +.El +.It Sy bastille rdr Oo Fl x Oc Sy clear|reset|list +.Bl -tag -width Ds +.It Sy clear +Clear the rules from the system, but don't remove from the jail +configuration. +.It Sy reset +Clear the rules from the system, and remove from the jail +configuration. +.It Sy list +List active rules. +.Ar INTERFACE +from the jail. +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Forward port 80 from host to myjail: +.Sy bastille rdr myjail tcp 80 80 +.It Forward port 80 from host to myjail on vtnet0: +.Sy bastille rdr -i vtnet0 myjail tcp 80 80 +.It Forward port 80 from host to myjail, limiting to 200.200.200.200: +.Sy bastille rdr -s 200.200.200.200 myjail tcp 80 80 +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-rename.1 b/usr/local/share/man/man1/bastille-rename.1 new file mode 100644 index 00000000..680e987f --- /dev/null +++ b/usr/local/share/man/man1/bastille-rename.1 @@ -0,0 +1,65 @@ +.Dd 2025/12/06 +.Dt bastille-rename 1 +.Os +.Sh NAME +.Nm bastille rename +.Nd Rename a jail. +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET NEW_NAME +.Sh DESCRIPTION +The +.Nm +sub-command will rename +.Ar TARGET +to +.Ar NEW_NAME . +.Bl -tag -width Ds +.It Fl a , -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Rename myjail to your jail: +.Sy bastille rename myjail yourjail +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-restart.1 b/usr/local/share/man/man1/bastille-restart.1 new file mode 100644 index 00000000..67f50336 --- /dev/null +++ b/usr/local/share/man/man1/bastille-restart.1 @@ -0,0 +1,74 @@ +.Dd 2025/12/06 +.Dt bastille-restart 1 +.Os +.Sh NAME +.Nm bastille restart +.Nd Restart a jail. +.Sh SYNOPSIS +.Nm +.Op Fl bivx +.Op Fl d Ar VALUE +.Ar TARGET +.Sh DESCRIPTION +The +.Nm +sub-command will restart +.Ar TARGET . +.Bl -tag -width Ds +.It Fl b , -boot +Respect jail boot setting. +.It Fl d Ar VALUE , Fl -delay Ar VALUE +Time (seconds) to wait after starting each jail. +.It Fl i , Fl -ignore +Ignore stopped jails (do not start if stopped). +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Restart all jails, ignoring stopped jail: +.Sy bastille restart -i all +.It Restart all jails, but only if boot=on: +.Sy bastille restart -b all +.It Restart all jails with a 5 second delay between each one: +.Sy bastille restart -d 5 all +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-service.1 b/usr/local/share/man/man1/bastille-service.1 new file mode 100644 index 00000000..718a0375 --- /dev/null +++ b/usr/local/share/man/man1/bastille-service.1 @@ -0,0 +1,64 @@ +.Dd 2025/12/06 +.Dt bastille-service 1 +.Os +.Sh NAME +.Nm bastille service +.Nd Manage services within jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET SERVICE ARGS +.Sh DESCRIPTION +The +.Nm +sub-command can manage services in jails. +.Bl -tag -width Ds +.It Fl a , -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Start nginx in myjail: +.Sy bastille service myjail nginx start +.It Stop caddy in myjail: +.Sy bastille service myjail caddy stop +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-setup.1 b/usr/local/share/man/man1/bastille-setup.1 new file mode 100644 index 00000000..c85dbe79 --- /dev/null +++ b/usr/local/share/man/man1/bastille-setup.1 @@ -0,0 +1,100 @@ +.Dd 2025/12/06 +.Dt bastille-setup 1 +.Os +.Sh NAME +.Nm bastille setup +.Nd Auto-configure network, firewall, storage and more... +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Nm +.Op Fl ax +.Ar bridge|linux|loopback|netgraph|firewall|shared|storage|vnet +.Sh DESCRIPTION +The +.Nm +sub-command will attempt to configure different options +for your environment. +.Bl -tag -width Ds +.It Sy bridge +Configure a bride interface for use with the '-B|--bridge' create +option. +.It Sy linux +Configure linux compatability. This involves loading and persisting +some necessary modules, as well as enabling Linux support +with 'linux_enable=YES'. +.It Sy loopback +This will configure an interface to use as a loopback. This is for +NAT jails. +.It Sy netgraph +Configure netgraph for your host. This requires loading and +persisting certain 'netgraph_*' modules. +.It Sy firewall +Configure the 'pf' firewall for use with NAT jails, as well +as the 'rdr' sub-command. See +.Xr bastille-rdr 1 . +.It Sy shared +Configure a 'shared' interface. This is essentially an interface +where jails will 'share' with the host, while still having +their own locally reachable IP. +.It Sy storage +Configure storage (ZFS or UFS). +.It Sy vnet +Configure your host to be able to use VNET jails. +.It Fl y , -yes +Do not prompt. Assume always yes. +.It Fl x , -debug +Enable debug mode. +.El +.Pp +The 'loopback' and 'shared' options will de-configure each other when +they are configured. The INTERFACE these options configure are +only ever used when the INTERFACE argument is not specified +during jail creation. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Setup Bastille for the first time: +.Sy bastille setup +.It Setup Linux support: +.Sy bastille setup linux +.It Setup a bridge: +.Sy bastille setup bridge +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-start.1 b/usr/local/share/man/man1/bastille-start.1 new file mode 100644 index 00000000..74aae069 --- /dev/null +++ b/usr/local/share/man/man1/bastille-start.1 @@ -0,0 +1,72 @@ +.Dd 2025/12/06 +.Dt bastille-start 1 +.Os +.Sh NAME +.Nm bastille start +.Nd Start stopped jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl bvx +.Op Fl d Ar VALUE +.Ar TARGET +.Sh DESCRIPTION +The +.Nm +sub-command will start +.Ar TARGET . +.Bl -tag -width Ds +.It Fl b , -boot +Respect jail boot setting. +.It Fl d Ar VALUE , Fl -delay Ar VALUE +Time (seconds) to wait after starting each jail. +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Start all jails with verbose mode: +.Sy bastille start -v all +.It Start all jails, but only if boot=on: +.Sy bastille start -b all +.It Start all jails with a 5 second delay between each one: +.Sy bastille start -d 5 all +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-stop.1 b/usr/local/share/man/man1/bastille-stop.1 new file mode 100644 index 00000000..e24dbc07 --- /dev/null +++ b/usr/local/share/man/man1/bastille-stop.1 @@ -0,0 +1,63 @@ +.Dd 2025/12/06 +.Dt bastille-stop 1 +.Os +.Sh NAME +.Nm bastille stop +.Nd Stop running jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl vx +.Ar TARGET +.Sh DESCRIPTION +The +.Nm +sub-command will stop +.Ar TARGET . +.Bl -tag -width Ds +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Stop all jails with verbose mode: +.Sy bastille stop -v all +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-sysrc.1 b/usr/local/share/man/man1/bastille-sysrc.1 new file mode 100644 index 00000000..8724f669 --- /dev/null +++ b/usr/local/share/man/man1/bastille-sysrc.1 @@ -0,0 +1,64 @@ +.Dd 2025/12/06 +.Dt bastille-sysrc 1 +.Os +.Sh NAME +.Nm bastille sysrc +.Nd Edit rc files inside jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET ARGS +.Sh DESCRIPTION +The +.Nm +sub-command will run specified sysrc arguements inside jails. +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Enable nginx inside myjail: +.Sy bastille sysrc myjail nginx_enable=YES +.It Disable caddy inside myjail: +.Sy bastille sysrc myjail caddy_enable=NO +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-tags.1 b/usr/local/share/man/man1/bastille-tags.1 new file mode 100644 index 00000000..885cd962 --- /dev/null +++ b/usr/local/share/man/man1/bastille-tags.1 @@ -0,0 +1,88 @@ +.Dd 2025/12/06 +.Dt bastille-tags 1 +.Os +.Sh NAME +.Nm bastille tags +.Nd Add or remove tags to jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl x +.Ar TARGET Sy add|delete Ar tag1,tag2 +.Nm +.Op Fl x +.Ar TARGET Sy list Op tag +.Sh DESCRIPTION +The +.Nm +sub-command add, remove and list tags for jails. +.Bl -tag -width Ds +.It Sy bastille tags Oo Fl x Oc Ar TARGET Sy add|remove Ar TAG1,TAG2 +.Bl -tag -width Ds +.It Sy add +Add specified tag(s) to +.Ar TARGET . +.It Sy remove +Remove specified tag(s) from +.Ar TARGET . +.It Fl x , -debug +Enable debug mode. +.El +.It Sy bastille tags Oo Fl x Oc Ar TARGET Sy list Op TAG +.Bl -tag -width Ds +.It Sy list +List all tag(s) assigned to +.Ar TARGET . +.It Fl x , -debug +Enable debug mode. +.El +.Pp +If the +.Ar TAG +arguement is given, Bastille will list the +.Ar TARGET +name(s) with that tag assigned. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Add 'prod' tag to myjail and yourjail: +.Sy bastille tags 'myjail yourjail' add prod +.It Show jails with the tag 'web': +.Sy bastille tags ALL list web +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-top 1 , +.Xr bastille-template , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-template.1 b/usr/local/share/man/man1/bastille-template.1 new file mode 100644 index 00000000..1db4f510 --- /dev/null +++ b/usr/local/share/man/man1/bastille-template.1 @@ -0,0 +1,72 @@ +.Dd 2025/12/06 +.Dt bastille-template 1 +.Os +.Sh NAME +.Nm bastille template +.Nd Apply templates to jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET|--convert TEMPLATE +.Sh DESCRIPTION +The +.Nm +sub-command will apply the specified +.Ar TEMPLATE +to +.Ar TARGET . +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.El +.Pp +The +.Ar --convert +option is only to convert older style templates to the +new format, which consists of a single 'Bastillefile' inside +'project/template'. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Apply www/nginx to myjail: +.Sy bastille template myjail www/nginx +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-top , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-top.1 b/usr/local/share/man/man1/bastille-top.1 new file mode 100644 index 00000000..84c0a5cb --- /dev/null +++ b/usr/local/share/man/man1/bastille-top.1 @@ -0,0 +1,64 @@ +.Dd 2025/12/06 +.Dt bastille-top 1 +.Os +.Sh NAME +.Nm bastille top +.Nd Process viewer. See +.Xr top 1 . +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET +.Sh DESCRIPTION +The +.Nm +sub-command will run 'top' inside +.Ar TARGET . +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Run 'top' in myjail: +.Sy bastille top -a myjail +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-umount.1 b/usr/local/share/man/man1/bastille-umount.1 new file mode 100644 index 00000000..62378ede --- /dev/null +++ b/usr/local/share/man/man1/bastille-umount.1 @@ -0,0 +1,65 @@ +.Dd 2025/12/06 +.Dt bastille-umount 1 +.Os +.Sh NAME +.Nm bastille umount +.Nd Unmount file(s)/directorie(s) from jail(s). +.Sh SYNOPSIS +.Nm +.Op Fl ax +.Ar TARGET JAIL_PATH +.Sh DESCRIPTION +The +.Nm +sub-command will unmount +.Ar JAIL_PATH +from +.Ar TARGET . +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Unmount /my/path/in/jail from myjail: +.Sy bastille umount myjail /my/path/in/jail +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template , +.Xr bastille-top 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-update.1 b/usr/local/share/man/man1/bastille-update.1 new file mode 100644 index 00000000..e6c0364a --- /dev/null +++ b/usr/local/share/man/man1/bastille-update.1 @@ -0,0 +1,74 @@ +.Dd 2025/12/06 +.Dt bastille-update 1 +.Os +.Sh NAME +.Nm bastille update +.Nd Update a jail or release. +.Sh SYNOPSIS +.Nm +.Op Fl afx +.Ar TARGET +.Sh DESCRIPTION +The +.Nm +sub-command will update +.Ar TARGET +with the latest patches and security updates. +The +.Ar TARGET +can be either a jail or a release. +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl f , Fl -force +Force update a release (FreeBSD legacy releases). +.Pp +This will force the 'fetch' command to proceed in the +event of a previous failed upgrade. +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Update 15.0-RELEASE: +.Sy bastille update 15.0-RELEASE +.It Update myjail: +.Sy bastille update myjail +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-upgrade.1 b/usr/local/share/man/man1/bastille-upgrade.1 new file mode 100644 index 00000000..a1e099a2 --- /dev/null +++ b/usr/local/share/man/man1/bastille-upgrade.1 @@ -0,0 +1,80 @@ +.Dd 2025/12/06 +.Dt bastille-upgrade 1 +.Os +.Sh NAME +.Nm bastille upgrade +.Nd Upgrade a jail to new release. +.Sh SYNOPSIS +.Nm +.Op Fl afx +.Ar TARGET NEW_RELEASE +.Nm +.Op Fl afx +.Ar TARGET install +.Sh DESCRIPTION +The +.Nm +sub-command will upgrade +.Ar TARGET +to +.Ar NEW_RELEASE . +.Bl -tag -width Ds +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl f , Fl -force +Force upgrade a release (FreeBSD legacy releases). +.Pp +This will force the 'fetch' command to proceed in the +event of a previous failed upgrade. +.It Fl x , -debug +Enable debug mode. +.El +.Pp +The +.Ar install +option is needed to upgrade a FreeBSD jail not running +PkgBase. It is run after the initial 'upgrade' command is +completed. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Upgrade myjail to 15.0-RELEASE: +.Sy bastille upgrade myjail 15.0-RELEASE +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-verify.1 b/usr/local/share/man/man1/bastille-verify.1 new file mode 100644 index 00000000..5b67d4ec --- /dev/null +++ b/usr/local/share/man/man1/bastille-verify.1 @@ -0,0 +1,64 @@ +.Dd 2025/12/06 +.Dt bastille-verify 1 +.Os +.Sh NAME +.Nm bastille verify +.Nd Compare release against a 'known good' index. +.Sh SYNOPSIS +.Nm +.Op Fl x +.Ar RELEASE|TEMPLATE +.Sh DESCRIPTION +The +.Nm +sub-command will attempt to verify a release against +a known index of valid releases. It will also verify that +a template is properly formatted. +.Bl -tag -width Ds +.It Fl x , -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Verify myproject/template: +.Sy bastille verify myproject/template +.It Verify 15.0-RELEASE: +.Sy bastille verify 15.0-RELEASE +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille-zfs.1 b/usr/local/share/man/man1/bastille-zfs.1 new file mode 100644 index 00000000..95772907 --- /dev/null +++ b/usr/local/share/man/man1/bastille-zfs.1 @@ -0,0 +1,149 @@ +.Dd 2025/12/06 +.Dt bastille-zfs 1 +.Os +.Sh NAME +.Nm bastille zfs +.Nd Manage ZFS options/attributes for jail(s). +.Sh SYNOPSIS +.Nm Oo Fl avx Oc Ar TARGET Sy snapshot|destroy|rollback Op TAG +.Nm Oo Fl avx Oc Ar TARGET Sy df|usage +.Nm Oo Fl avx Oc Ar TARGET Sy get|set Ar KEY=VALUE +.Nm Oo Fl avx Oc Ar TARGET Sy jail Ar pool/dataset /jail/path +.Nm Oo Fl avx Oc Ar TARGET Sy unjail Ar pool/dataset +.Sh DESCRIPTION +The +.Nm +sub-command can manage snapshots, show disk usage, get or +set attributes for jail datasets and jail or unjail specified +datasets. +.Bl -tag -width Ds +.It Sy bastille zfs Oo Fl avx Oc Ar TARGET Sy snapshot|destroy|rollback Op TAG +.Bl -tag -width Ds +.It Sy snapshot +Create a snapshot for +.Ar TARGET . +.It Sy destroy +Destroy a snapshot for +.Ar TARGET . +.It Sy rollback +Rollback +.Ar TARGET +to last snapshot. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.El +.Pp +If +.Ar TAG +is specified, Bastille will use it as the naming scheme for the snapshot. +Otherwise, Bastille will use its internal one. +.It Sy bastille zfs Oo Fl avx Oc Ar TARGET Sy df|usage +.Bl -tag -width Ds +.It Sy df +Show the space that +.Ar TARGET +datsets are using. +.It Sy usage +Same as 'df'. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.El +.It Sy bastille zfs Oo Fl avx Oc Ar TARGET Sy get|set Ar KEY=VALUE +.Bl -tag -width Ds +.It Sy get +Get the +.Ar VALUE +for +.Ar KEY . +.It Sy set +Set the +.Ar VALUE +for +.Ar KEY . +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.El +.It Sy bastille zfs Oo Fl avx Oc Ar TARGET Sy jail Ar pool/dataset /jail/path +.Bl -tag -width Ds +.It Sy jail +Jail the specified dataset, and mount it at the +specified mount point inside the jail. Make sure +to unjail any jailed datasets before attempting to +destroy a jail. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.El +.It Sy bastille zfs Oo Fl avx Oc Ar TARGET Sy unjail Ar pool/dataset +.Bl -tag -width Ds +.It Sy unjail +Unjail the specified dataset. +.It Fl a , Fl -auto +Auto mode. Start/stop jail(s) if required. +.It Fl v , Fl -verbose +Enable verbose mode. +.It Fl x , -debug +Enable debug mode. +.El +.Sh EXAMPLES +.Bl -tag -width Ds +.It Take a snapshot of myjail: +.Sy bastille zfs myjail snapshot +.It Jail zroot/data in myjail at /my/data: +.Sy bastille zfs myjail jail zroot/data /my/data +.It Get the value of 'mounted' for myjail: +.Sy bastille zfs myjail get mounted +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille.1 b/usr/local/share/man/man1/bastille.1 index c4b916b6..2fbd8972 100644 --- a/usr/local/share/man/man1/bastille.1 +++ b/usr/local/share/man/man1/bastille.1 @@ -33,115 +33,123 @@ Bootstrap a release or template(s). .It Sy clone Clone an existing jail. .It Sy cmd -Execute arbitrary command on targeted jail(s). +Execute command(s) inside jail(s). .It Sy config -Get, set, add or remove properties from targeted jail(s). +Get, set, add or remove properties from jail(s). .It Sy console Console into a jail. .It Sy convert -Convert thin jail to thick jail, or convert a jail to a custom release. +Convert a jail from thin to thick; convert a jail to a custom release. .It Sy cp -cp(1) files from host to targeted jail(s). +Copy file(s)/directorie(s) from host to jail(s). .It Sy create Create a jail. .It Sy destroy -Destroy a jail or release +Destroy jail(s) or release(s). .It Sy edit Edit jail configuration files (advanced). +.It Sy etcupdate +Update /etc for jail(s). .It Sy export -Exports a jail. +Export a jail. .It Sy help -Help about any command. +Help for any command. .It Sy htop Interactive process viewer (requires htop). .It Sy import Import a jail. .It Sy jcp -cp(1) files from a jail to jail(s). +Copy file(s)/directorie(s) from jail to jail(s). .It Sy limits -Apply resources limits to targeted container(s). See rctl(8). +Apply resources limits to jail(s). See +.Xr rctl 8 +and +.Xr cpuset 1 . .It Sy list List jails, releases, templates and more... .It Sy migrate -Migrate targeted jail(s) to a remote system. +Migrate jail(s) to a remote system. .It Sy mount -Mount a volume inside targeted jail(s). +Mount files(s)/directorie(s) inside jail(s). .It Sy network -Add or remove interfaces from targeted jail(s). +Add or remove interface(s) from jail(s). .It Sy pkg -Manipulate binary packages within targeted container(s). See pkg(8). +Manage packages inside jail(s). See +.Xr pkg 8 . .It Sy rcp -cp(1) files from a jail to host. +Copy file(s)/directorie(s) from jail to host. .It Sy rdr -Redirect host port to container port. +Redirect host port to jail port. .It Sy rename Rename a jail. .It Sy restart -Restart a running container. +Restart a jail. .It Sy service -Manage services within targeted jail(s). +Manage services within jail(s). .It Sy setup -Attempt to auto-configure network, firewall and storage and more... +Auto-configure network, firewall, storage and more... .It Sy start Start stopped jail(s). .It Sy stop Stop running jail(s). .It Sy sysrc -Safely edit rc files within targeted jail(s). +Edit rc files inside jail(s). .It Sy tags -Add or remove tags to targeted jail(s). +Add or remove tags to jail(s). .It Sy template -Apply file templates to targeted jail(s). +Apply templates to jail(s). .It Sy top -Display and update information about the top(1) cpu processes. +Process viewer. See +.Xr top 1 . .It Sy umount -Unmount a volume from targeted jail(s). +Unmount file(s)/directorie(s) from jail(s). .It Sy update Update a jail or release. .It Sy upgrade -Upgrade a jail to new X.Y-RELEASE. +Upgrade a jail to new release. .It Sy verify Compare release against a "known good" index. .It Sy zfs -Manage (get|set) zfs attributes on targeted jail(s). +Manage ZFS options/attributes for jail(s). .Sh SEE ALSO -.Xr bastille.conf 5 -.Xr bastille-bootstrap 1 -.Xr bastille-clone 1 -.Xr bastille-cmd 1 -.Xr bastille-config 1 -.Xr bastille-console 1 -.Xr bastille-convert 1 -.Xr bastille-cp 1 -.Xr bastille-create 1 -.Xr bastille-destroy 1 -.Xr bastille-edit 1 -.Xr bastille-etcupdate 1 -.Xr bastille-export 1 -.Xr bastille-htop 1 -.Xr bastille-import 1 -.Xr bastille-jcp 1 -.Xr bastille-limits 1 -.Xr bastille-list 1 -.Xr bastille-migrate 1 -.Xr bastille-mount 1 -.Xr bastille-network 1 -.Xr bastille-pkg 1 -.Xr bastille-rcp 1 -.Xr bastille-rdr 1 -.Xr bastille-rename 1 -.Xr bastille-restart 1 -.Xr bastille-service 1 -.Xr bastille-setup 1 -.Xr bastille-start 1 -.Xr bastille-stop 1 -.Xr bastille-sysrc 1 -.Xr bastille-tags 1 -.Xr bastille-top 1 -.Xr bastille-umount 1 -.Xr bastille-update 1 -.Xr bastille-upgrade -.Xr bastille-verify 1 +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , .Xr bastille-zfs 1 .Sh BUGS Please report any bugs on Github diff --git a/usr/local/share/man/man5/bastille.conf.5 b/usr/local/share/man/man5/bastille.conf.5 new file mode 100644 index 00000000..b16a932e --- /dev/null +++ b/usr/local/share/man/man5/bastille.conf.5 @@ -0,0 +1,169 @@ +.Dd 2025/12/06 +.Dt bastille.conf 5 +.Os +.Sh NAME +.Nm bastille.conf +.Nd Configuration file for Bastille +.Sh DESCRIPTION +Bastille has most options preconfigured with sane defaults. These +can be adjusted to fit your environment. The config file also has +the default options documented, but the following will outline what +the purpose is of each one. +.Ss DEFAULT PATHS +.Bl -tag -width Ds +.It bastille_prefix +This is the main Bastille prefix. All Bastille directories, +excluding 'bastille_logsdir' will start with this prefix. +.Pp +If zfs is enabled, this will become the mount point of the zfs dataset. +.Pp +The following directories, excluding 'bastille_logsdir' +will be prefixed by 'bastille_prefix'. +If zfs is enabled, they will inherit the mount point +of 'bastille_prefix'. +.It bastille_backupsdir +Bastille will store backups and exports here. +.It bastille_cachedir +Bastille will store cache here. +.It bastille_jailsdir +Bastille will store jails here. +.It bastille_releasesdir +Bastille will store releases here. +.It bastille_templatesdir +Bastille will store templates here. +.It bastille_logsdir +Bastille will store jail console logs here. +.Ss FIREWALL +.Bl -tag -width Ds +.It bastille_pf_conf +Path to the pf firewall configuration file. +.Ss SUB-COMMANDS PATH +.Bl -tag -width Ds +.It bastille_sharedir +This is the path where Bastille expects sub-commands to live at. +.Ss BOOTSTRAP +.Bl -tag -width Ds +.It bastille_bootstrap_archives +This is a whitespace-separated list of distribution sets to fetch +when bootstrapping a legacy (non-pkgbase) release. +.It bastille_pkgbase_packages +This is a whitespace-separated list of package sets to install +when bootstrapping a release using PkgBase. +.It bastille_url_freebsd +Url from which to fetch legacy distributions sets when bootstrapping +a FreeBSD release. +.It bastille_url_hardenedbsd +Url from which to fetch legacy distributions sets when bootstrapping +a HardenedBSD release. +.It bastille_url_midnightbsd +Url from which to fetch legacy distributions sets when bootstrapping +a MidnightBSD release. +.Ss TIMEZONE +.Bl -tag -width Ds +.It bastille_tzdata +Set the timezone to apply to newly created jails. +.Ss RESOLV.CONF +.It bastille_resolv_conf +This file is copied into newly created jails to allow them +to reach DNS. +.Ss ZFS +.Bl -tag -width Ds +.It bastille_zfs_enable +Whether to enable or disable zfs support. +.It bastille_zfs_zpool +Which zpool to use when zfs is enabled. +.It bastille_zfs_prefix +Which dataset to use when zfs is enabled. Do not include the zpool +here. +.It bastille_zfs_options +Zfs options to use when creating any and all datasets for any and all +supported actions. +.Ss EXPORT/IMPORT +.Bl -tag -width Ds +.It bastille_compress_xz_options +xz specific compress options. +.It bastille_decompress_xz_options +xz specific de-compress options. +.It bastille_compress_gz_options +gz specific compress options. +.It bastille_decompress_gz_options +gz specific de-compress options. +.It bastille_compress_zst_options +zst specific compress options. +.It bastille_decompress_zst_options +zst specific de-compress options. +.It bastille_export_options +Any flags supported by the 'export' command can be defined here +to make it slightly more convenient. +.Ss NETWORKING +.Bl -tag -width Ds +.It bastille_network_vnet_type +Control whether to use the default 'if_bridge' mode +or Netgraph. +.It bastille_network_loopback +Set the loopback interface name. +.It bastille_network_shared +Set the shared interface name. +.It bastille_network_pf_ext_if +Set the external interface for the 'pf' firewall rules. +.It bastille_network_pf_table +Set the name of the default table used for NAT jails. +.It bastille_network_gateway +Specify a default gateway. +.It bastille_network_gateway6 +Specify a defalut Ipv6 gateway. +.Ss TEMPLATES +.Bl -tag -width Ds +.It bastille_template_base +The default template that is applied to all jails. +.It bastille_template_empty +The default template that is applied to empty jails. +.It bastille_template_thick +The default template that is appled to thick jails. +.It bastille_template_clone +The default template that is appled to clone jails. +.It bastille_template_thin +The default template that is appled to thin jails. +.It bastille_template_vnet +The default template that is appled to vnet jails. +.It bastille_template_vlan +The default template that is appled to vnet+vlan jails. +.Sh SEE ALSO +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file