documentation updates to match current state of code

docs/chapters/gettingstarted.rst

@@ -4,7 +4,7 @@ Getting Started
 This guide is meant to get you up and running with bastille, and will show you a number
 of different options to create and manage your jails.
 
-The first step is running ``bastille setup`` to try to configure bastille initially.
+The first step is running ``bastille setup`` to try to configure bastille initially, if you didn't during setup. Setup should only be run once.
 
 .. code-block:: shell
 

docs/chapters/installation.rst

@@ -18,7 +18,7 @@ pkg
 .. code-block:: shell
 
   pkg install bastille
-  sysrc bastille_enable=YES
+  bastille setup
 
 To install from source (don't worry, no compiling):
 
@@ -28,7 +28,7 @@ ports
 .. code-block:: shell
 
   make -C /usr/ports/sysutils/bastille install clean
-  sysrc bastille_enable=YES
+  bastille setup
 
 git
 ---
@@ -38,7 +38,7 @@ git
   git clone https://github.com/BastilleBSD/bastille.git
   cd bastille
   make install
-  sysrc bastille_enable=YES
+  bastille setup
 
 This method will install the latest files from GitHub directly onto your
 system. It is verbose about the files it installs (for later removal), and also

docs/chapters/networking.rst

@@ -221,6 +221,35 @@ Below is the definition of what these three parameters are used for and mean:
        net.link.bridge.pfil_bridge  Set	to 1 to	enable filtering on the	bridge
 				    interface, set to 0	to disable it.
 
+Bridged Network (VNET bridged)
+------------------------------
+
+To use a bridged VNET setup the first thing you have to do is to create a bridge interface on your system.  This is done with the ifconfig command and will create a bridged interface named bridge0:
+
+.. code-block:: shell
+   ifconfig bridge create
+
+Then you need to add your system's network interface to the bridge and bring it up (substitute your interface for em0).
+
+.. code-block:: shell
+   ifconfig bridge0 addm em0 up
+
+Optionally you can rename the interface if you wish to make it obvious that it is for bastille:
+
+.. code-block:: shell
+   ifconfig bridge0 name bastille0bridge
+
+To create a bridged container you use the ``-B`` option, an IP or DHCP, and the bridge interface.
+
+.. code-block:: shell
+   bastille create -B folsom 14.2-RELEASE DHCP bastille0bridge
+
+All the epairs and networking other than the manually created bridge will be created for you automagically. Now if you want this to persist after a reboot then you need to add some lines to your ``/etc/rc.conf`` file.  Add the following lines, again, obviously change em0 to whatever your network interface on your system is.
+
+.. code-block:: shell
+   cloned_interfaces="bridge0"
+   ifconfig_bridge0_name="bastille0bridge"
+   ifconfig_bastille0bridge="addm vtnet0 up"
 
 Regarding Routes
 ----------------

docs/chapters/zfs-support.rst

@@ -4,14 +4,19 @@ ZFS Support
   :width: 400
   :alt: Alternative text
 
-Bastille 0.4 added initial support for ZFS. ``bastille bootstrap`` and ``bastille create`` will generate ZFS volumes based on settings found in the ``bastille.conf``. This section outlines how to enable and configure Bastille for ZFS.
+Bastille 0.4 added initial support for ZFS. ``bastille bootstrap`` and ``bastille create`` will generate ZFS volumes based on settings found in the ``bastille.conf``. This section outlines how to enable and configure Bastille for ZFS.  As of Bastille 0.13 you no longer need to do these steps manually.  The setup program when you run:
 
-Two values are required for Bastille to use ZFS. The default values in the ``bastille.conf`` are empty. Populate these two to enable ZFS.
+.. code-block:: shell
+   bastille setup
+
+will create the zfs settings for you IF you are running zfs.  This section is left in the documents for historical purposes, and so you can understand what the setup program is doing AND so if you need to tweak your settings for some reason.
+
+Two values are required for Bastille to use ZFS. The default values in the ``bastille.conf`` are NO and empty. Populate these two to enable ZFS.
 
 .. code-block:: shell
 
   ## ZFS options
-  bastille_zfs_enable=""                                  ## default: ""
+  bastille_zfs_enable=""                                  ## default: "NO"
   bastille_zfs_zpool=""                                   ## default: ""
   bastille_zfs_prefix="bastille"                          ## default: "${bastille_zfs_zpool}/bastille"
   bastille_zfs_options="-o compress=lz4 -o atime=off"     ## default: "-o compress=lz4 -o atime=off"

usr/local/bin/bastille.orig

@@ -0,0 +1,208 @@
+#!/bin/sh
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+## check for config existence
+bastille_conf_check() {
+    if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then
+        echo "[INFO] Configuration file not found. Do you want to create it with default values? [y/N]"
+        read  answer
+            case "${answer}" in
+                [Nn][Oo]|[Nn]|"")
+                    echo "[INFO] No configuration file has been generated. Exiting."
+                    exit
+                ;;
+                [Yy][Ee][Ss]|[Yy])
+                    cp /usr/local/etc/bastille/bastille.conf.sample /usr/local/etc/bastille/bastille.conf
+                    echo "[INFO] Configuration file has been generated. Continuing with default values"
+                ;;
+                *)
+                  echo "[ERROR] Invalid option. Please answer with 'y' or 'N'."
+                  exit 1
+                ;;
+            esac
+    fi
+}
+
+bastille_conf_check
+
+## we only load this if conf_check passes
+. /usr/local/share/bastille/common.sh
+. /usr/local/etc/bastille/bastille.conf
+
+## bastille_prefix should be 0750
+## this restricts file system access to privileged users
+bastille_perms_check() {
+    if [ -d "${bastille_prefix}" ]; then
+        BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}")
+        if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then
+            error_notify "Insecure permissions on ${bastille_prefix}"
+            error_exit "Try: chmod 0750 ${bastille_prefix}"
+        fi
+    fi
+}
+
+bastille_perms_check
+
+## version
+BASTILLE_VERSION=c6297d7
+
+usage() {
+    cat << EOF
+Bastille is an open-source system for automating deployment and management of
+containerized applications on FreeBSD.
+
+Usage:
+  bastille command TARGET [args]
+
+Available Commands:
+  bootstrap   Bootstrap a FreeBSD release for container base.
+  clone       Clone an existing container.
+  cmd         Execute arbitrary command on targeted container(s).
+  config      Get or set a config value for the targeted container(s).
+  console     Console into a running container.
+  convert     Convert a Thin container into a Thick container.
+  cp          cp(1) files from host to jail(s).
+  create      Create a new thin container or a thick container if -T|--thick option specified.
+  destroy     Destroy a stopped container or a FreeBSD release.
+  edit        Edit container configuration files (advanced).
+  etcupdate   Update /etc directory to specified release.
+  export      Exports a specified container.
+  help        Help about any command.
+  htop        Interactive process viewer (requires htop).
+  jcp         cp(1) files from a jail to jail(s).
+  import      Import a specified container.
+  limits      Apply resources limits to targeted container(s). See rctl(8).
+  list        List containers (running).
+  mount       Mount a volume inside the targeted container(s).
+  pkg         Manipulate binary packages within targeted container(s). See pkg(8).
+  rcp         cp(1) files from a jail to host.
+  rdr         Redirect host port to container port.
+  rename      Rename a container.
+  restart     Restart a running container.
+  service     Manage services within targeted container(s).
+  setup       Attempt to auto-configure network, firewall and storage on new installs.
+  start       Start a stopped container.
+  stop        Stop a running container.
+  sysrc       Safely edit rc files within targeted container(s).
+  tags        Add or remove tags to targeted container(s).
+  template    Apply file templates to targeted container(s).
+  top         Display and update information about the top(1) cpu processes.
+  umount      Unmount a volume from within the targeted container(s).
+  update      Update container base -pX release.
+  upgrade     Upgrade container release to X.Y-RELEASE.
+  verify      Compare release against a "known good" index.
+  zfs         Manage (get|set) ZFS attributes on targeted container(s).
+
+Use "bastille -v|--version" for version information.
+Use "bastille command -h|--help" for more information about a command.
+
+EOF
+    exit 1
+}
+
+if [ "$#" -lt 1 ]; then
+    usage
+else
+    CMD="${1}"
+    shift
+fi
+
+# Handle special-case commands first.
+case "${CMD}" in
+    version|-v|--version)
+        info "${BASTILLE_VERSION}"
+        exit 0
+        ;;
+    help|-h|--help)
+        usage
+        ;;
+    bootstrap| \
+    clone| \
+    cmd| \
+    config| \
+    console| \
+    convert| \
+    cp| \
+    create| \
+    destroy| \
+    edit| \
+    etcupdate| \
+    export| \
+    htop| \
+    jcp | \
+    import| \
+    limits| \
+    list| \
+    mount| \
+    network| \
+    pkg| \
+    rcp| \
+    rdr| \
+    rename| \
+    restart| \
+    service| \
+    setup| \
+    start| \
+    stop| \
+    sysrc| \
+    tags| \
+    template| \
+    top| \
+    umount| \
+    update| \
+    upgrade| \
+    verify| \
+    zfs)
+        ;;
+    *)
+        usage
+        ;;
+esac
+
+# shellcheck disable=SC2154
+SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
+if [ -f "${SCRIPTPATH}" ]; then
+    : "${UMASK:=022}"
+    umask "${UMASK}"
+
+    : "${SH:=sh}"
+
+    if [ -n "${PARAMS}" ]; then
+        exec "${SH}" "${SCRIPTPATH}" "${PARAMS}"
+    else
+        exec "${SH}" "${SCRIPTPATH}" "$@"
+    fi
+else
+    error_exit "${SCRIPTPATH} not found."
+fi