Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-11 01:19:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c8fc3256995e4b7777b794ce4c6008d0aafcfa8
BastilleBSD_bastille/docs/chapters/getting-started.rst
tschettervictor 8c8fc32569 more doc fixes
2025-11-09 17:24:39 -07:00

102 lines
3.0 KiB
ReStructuredText
Raw Blame History

Getting Started
===============
Bastille has many different options when it comes to creating
and managing jails. This guide is meant to show some basic
setup and configuration options.
Setup
-----
The first command a new user should run is ``bastille setup``. This
will configure the networking, storage, and firewall on your system
for use with Bastille.
By default the ``bastille setup`` will configure a loopback interface, storage (ZFS if
enabled, otherwise UFS) and the ``pf`` firewall.
Alternatively, you can run ``bastille setup OPTION`` command with any of the supported
options to configure the selected option by itself.
To see a list of available options, see the ``setup`` subcommand.
.. code-block:: shell
ishmael ~ # bastille setup
Now we are ready to bootstrap a release and start creating jails.
Bootstrapping a Release
-----------------------
To bootstrap a release, run ``bastille bootstrap RELEASE``.
.. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE
This will fetch the necessary components of the specified release, and
enable us to create jails from the downloaded release.
Creating a Jail
---------------
There are a few different types of jails we can create, described below.
* Thin jails are the default, and are called thin because they use symlinks to
the bootstrapped release. They are lightweight and are created quickly.
* Thick jails use the entire release, which is copied into the jail. The jail
then acts like a full BSD install, completely independent of the release.
Created with the ``--thick|-T`` option.
* Clone jails are essentially clones of the bootstrapped release. Changes to the
release will affect the clone jail. Created with the ``--clone|-C`` option.
* Empty jails are just that, empty. These should be used only if you know what
you are doing. Created with the ``--empty|-E`` option.
* Linux jails are jails that run linux. Created with the ``--linux|-L`` option.
See :doc:`Linux Jails <chapters/linux-jails>`.
We will focus on thin jails for this guide.
Classic/Standard Jail
^^^^^^^^^^^^^^^^^^^^^
.. code-block:: shell
ishmael ~ # bastille create nextcloud 14.2-RELEASE 10.1.1.4/24
This will create a classic jail, which uses the loopback interface
(created with ``bastille setup``) for outbound connections.
To be able to reach a service inside the jail, use ``bastille rdr``.
.. code-block:: shell
ishmael ~ # bastille rdr nextcloud tcp 80 80
This will forward traffic from port 80 on the host to port 80 inside the jail.
See also :doc:`rdr <rdr>`.
VNET Jail
^^^^^^^^^
VNET jails can use either a host interface with ``-V`` or a manually created
bridge interface with ``-B``. You can also optionally set a static MAC for the
jail interface with ``-M``.
.. code-block:: shell
ishmael ~ # bastille create -BM nextcloud 14.2-RELEASE 192.168.1.50/24 bridge0
or
.. code-block:: shell
ishmael ~ # bastille create -VM nextcloud 14.2-RELEASE 192.168.1.50/24 vtnet0
The IP used for VNET jails should be an IP reachable inside your local network.
You can also specify 0.0.0.0 or DHCP to use DHCP.
Reference in New Issue View Git Blame Copy Permalink