Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-01-03 19:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: Update setup

Browse Source
This commit is contained in:
tschettervictor
2025-04-22 17:01:33 -06:00
parent 485889285f
commit de4aaf4b7b
3 changed files with 71 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/chapters/gettingstarted.rst
View File

@@ -4,12 +4,27 @@ Getting Started
This guide is meant to get you up and running with bastille, and will show you
a number of different options to create and manage your jails.
The first step is running ``bastille setup`` to try to configure bastille
initially, if you didn't during setup. Setup should only be run once.
Setup
-----
The first command a new user should run is the ``bastille setup`` command. This
will attempt to configure the networking, storage, and firewall on your system
for use with Bastille.
By default the setup command will configure a loopback interface, storage (ZFS if
enabled, otherwise UFS) and the pf firewall if you run it as below without any options.
Alternatively, you can run the ``setup`` command with any of the supported options to
configure the selected option by itself.
To see a list of available options and switches, see the ``setup`` subcommand.
.. code-block:: shell
ishmael ~ # bastille setup
Bootstrapping a Release
-----------------------
Then we need to bootstrap a release for bastille to use. We will use
14.2-RELEASE.
@@ -17,6 +32,9 @@ Then we need to bootstrap a release for bastille to use. We will use
.. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE
Creating a Jail
---------------
Next we can create our first jail. Bastille can create a few different types of
jails.
@@ -41,7 +59,7 @@ Only clone, thin, and thick jails can be created with ``-V`` ``-B`` and ``-M``.
We will focus on thin jails for the guide.
Classic/Standard Jail
---------------------
^^^^^^^^^^^^^^^^^^^^^
.. code-block:: shell
@@ -62,7 +80,7 @@ necessary to redirect the traffic. It will pass in and out normally.
This will forward traffic from port 80 on the host to port 80 inside the jail.
VNET Jail
---------
^^^^^^^^^
VNET jails can use either a host interface with ``-V`` or a manually created
bridge interface with ``-B``. You can also optionally set a static MAC for the
@@ -82,7 +100,7 @@ The IP used for VNET jails should be an IP reachable inside your local network.
You can also specify 0.0.0.0 or DHCP to use DHCP.
Linux Jail
----------
^^^^^^^^^^
Linux jails are still considered experimental, but they seem to work. First we
must bootstrap a linux distro.

53
docs/chapters/subcommands/setup.rst
View File

@@ -2,19 +2,56 @@ setup
=====
The ``setup`` sub-command attempts to automatically configure a host system for
Bastille containers. This allows you to configure networking, firewall, and
storage options for a Bastille host with one command.
Bastille jails. This allows you to configure networking, firewall, storage, vnet
and bridge options for a Bastille host with one command.
Options
-------
Below is a list of available options that can be used with the ``setup`` command.
.. code-block:: shell
ishmael ~ # bastille setup -h ## display setup help
ishmael ~ # bastille setup network ## only configure loopback interface
ishmael ~ # bastille setup pf ## only configure default firewall
ishmael ~ # bastille setup zfs ## only configure ZFS storage
ishmael ~ # bastille setup vnet ## only configure VNET bridge
ishmael ~ # bastille setup ## configure all of the above
ishmael ~ # bastille setup -l ## configure loopback interface
ishmael ~ # bastille setup -s ## configure shared interface
ishmael ~ # bastille setup -p ## configure default pf firewall
ishmael ~ # bastille setup -z ## configure ZFS storage
ishmael ~ # bastille setup -v ## configure VNET
ishmael ~ # bastille setup -b ## configure bridge interface
ishmael ~ # bastille setup ## configure -l -p and -z
The ``-l|loopback`` option will configure a loopback interface called ``bastille0`` that
will be used when not specifying an interface with the ``create`` command.
The ``-s|shared`` option will configure the interface you choose to also be used as the default
when not specifying an interface with the ``create`` command.
Please note. You CANNOT run both a loopback and a shared interface with Bastille. Only one
should be configured. If you configure one, it will disable the other.
The loopback option is the default, and is enough for most use cases. It is simply an ``lo`` interface
that jails will get linked to on creation.
The ``shared`` option is for cases where you do not want a raw interface to use with bastille as
opposed to a loopback. Jails will then be created and linked to the shared interface.
The ``-p|pf|firewall`` option will configure the pf firewall by enabling the service and creating the
default ``pf.conf`` file. Once this is done, you can use the ``rdr`` command to forward traffic into
a jail.
The ``-z|zfs|storage`` option will attempt to configure a pool and dataset for Bastille, but only
if ZFS in enabled on your system.
The ``-v|vnet`` option will configure your system for use with VNET ``-V`` jails.
The ``-b|bridge`` options will attempt to configure a bridge interface for use with bridged VNET
``-B`` jails.
Running ``bastille setup`` without any options will attempt to auto-configure the ``-l``, ``-p`` and
``-z`` options.
.. code-block:: shell
ishmael ~ # bastille setup help
Usage: bastille setup [pf|network|zfs|vnet]
Usage: bastille setup [-p|pf|firewall] [-l|loopback] [-s|shared] [-z|zfs|storage] [-v|vnet] [-b|bridge]