Can you use a #freebsd vnet jail over WiFi? Tried to follow the handbook and created a bridge and epair. But I saw 2 blogs/comments that said that doesn't work.
Somewhere else said to use NAT? My goal was to have the host use wireguard on the host and have a jail that bypasses that and uses wlan0. But I can't seem to get a basic vnet jail working.
Can you use a #freebsd vnet jail over WiFi? Tried to follow the handbook and created a bridge and epair. But I saw 2 blogs/comments that said that doesn't work.
Somewhere else said to use NAT? My goal was to have the host use wireguard on the host and have a jail that bypasses that and uses wlan0. But I can't seem to get a basic vnet jail working.
One thing that I always missed in my infrastructure at @BoxyBSD@bsd.cafe when running with #bhyve was a missing #Prometheus exporter for metrics of the #VMs (and #jails) - agentless of course... It f*cked me up, that I simply wrote it for my new platform which is based on #Sylve in #FreeBSD (thanks to @hayzam@bsd.cafe for creating Sylve!).
It's written in Go and will be published asap.
One thing that I always missed in my infrastructure at @BoxyBSD@bsd.cafe when running with #bhyve was a missing #Prometheus exporter for metrics of the #VMs (and #jails) - agentless of course... It f*cked me up, that I simply wrote it for my new platform which is based on #Sylve in #FreeBSD (thanks to @hayzam@bsd.cafe for creating Sylve!).
It's written in Go and will be published asap.
New blog post: Managing FreeBSD Jails with Ansible.
I wrote jailexec - an Ansible connection plugin that lets you manage FreeBSD jails without running SSH inside each one. It connects to the jail host via SSH and uses jexec to run commands, just like you would manually.
Features:
• Single Python file, easy install
• Supports doas and sudo
• Secure two-stage file transfers
• Works with any jail manager
Blog: https://blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
New blog post: Managing FreeBSD Jails with Ansible.
I wrote jailexec - an Ansible connection plugin that lets you manage FreeBSD jails without running SSH inside each one. It connects to the jail host via SSH and uses jexec to run commands, just like you would manually.
Features:
• Single Python file, easy install
• Supports doas and sudo
• Secure two-stage file transfers
• Works with any jail manager
Blog: https://blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
New blog post: Hosting a Static Blog on FreeBSD with Bastille Jails
A deep dive into my self-hosting setup:
- FreeBSD 15.0 with securelevel 2
- Bastille jails for isolation (Caddy, Nginx, deployment gateway)
- PF firewall with strict NAT/RDR rules
- CI/CD via Forgejo Actions with rrsync-restricted deployments
- nullfs mounts for zero-copy file sharing between jails
The "transporter pattern" keeps the blog jail unexposed while enabling automated deploys. Jails remain the most elegant isolation mechanism around.
On Thursday, @gyptazy provided a talk about #BoxyBSD at the "Virtualization Gathering" at @credativde.
@gyptazy provided some more information about the BoxyBSD project, but also about the history and infrastructure including the switches of #FreeBSD #Jails, #bhyve and #Proxmox ( #kvm). Afterwards, additional information about the #Sylve project were shared and why this is so important and interesting and could make BoxyBSD return to bhyve based #virtualization.
Slides: https://cdn.gyptazy.com/talks/BoxyBSD_Virtualization_Hypervisor_bhyve_Proxmox_credativ_gyptazy.pdf
Recording: https://peertube.gyptazy.com/w/2HtUv9HFBNEU4sEw52bD8H
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟯 - 𝗧𝗵𝗲 𝚓𝚖𝚘𝚛𝚎(𝟾) 𝗶𝘀 𝗖𝗼𝗺𝗺𝗶𝘁𝘁𝗲𝗱 𝘁𝗼 𝗣𝗼𝗿𝘁𝘀 [UPDATE 3 - The jmore(8) is Committed to Ports] to 𝗡𝗲𝘄 𝚓𝚖𝚘𝚛𝚎(𝟾) 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗟𝗶𝘀𝘁/𝗠𝗮𝗻𝗮𝗴𝗲 𝗧𝗼𝗼𝗹 [New jmore(8) FreeBSD Jails List/Manage Tool] article.
https://vermaden.wordpress.com/2024/11/22/new-jless-freebsd-jails-list-manage-tool#UPDATE3
New blog post: Hosting a Static Blog on FreeBSD with Bastille Jails
A deep dive into my self-hosting setup:
- FreeBSD 15.0 with securelevel 2
- Bastille jails for isolation (Caddy, Nginx, deployment gateway)
- PF firewall with strict NAT/RDR rules
- CI/CD via Forgejo Actions with rrsync-restricted deployments
- nullfs mounts for zero-copy file sharing between jails
The "transporter pattern" keeps the blog jail unexposed while enabling automated deploys. Jails remain the most elegant isolation mechanism around.
On Thursday, @gyptazy provided a talk about #BoxyBSD at the "Virtualization Gathering" at @credativde.
@gyptazy provided some more information about the BoxyBSD project, but also about the history and infrastructure including the switches of #FreeBSD #Jails, #bhyve and #Proxmox ( #kvm). Afterwards, additional information about the #Sylve project were shared and why this is so important and interesting and could make BoxyBSD return to bhyve based #virtualization.
Slides: https://cdn.gyptazy.com/talks/BoxyBSD_Virtualization_Hypervisor_bhyve_Proxmox_credativ_gyptazy.pdf
Recording: https://peertube.gyptazy.com/w/2HtUv9HFBNEU4sEw52bD8H
Take the time to read {again} how Stephan has built a self hosted CDN using OpenSource programming and tools.
He literally shares the code. From what I processed, this method can scale up quite easily. You can build a super large CDN yourself using similar modus operandi.
No corporate CDN, but the insight, resilience and technical expertise of a great programmer, with the Passion and Curiosity of someone visionary.
All powered by OpenSource BSD IPv6 jails DNS caching and enthusiasm
Thank you Stephan
#CDN #networking #cache #IPv6 #IPv4 #programming #technology #BSD #freeBSD #jails #DNS #Wireshark
https://it-notes.dragas.net/2024/08/26/building-a-self-hosted-cdn-for-bsd-cafe-media/
I'm using Bastille to run jails on FreeBSD 15.0-RELEASE.
Does it matter (to Bastille) if I use templates, or can I just manually apply the setup from a template's Bastillefile?
Bastillefile example:
https://github.com/BastilleBSD/templates/blob/main/databases/mariadb-server/Bastillefile
Take the time to read {again} how Stephan has built a self hosted CDN using OpenSource programming and tools.
He literally shares the code. From what I processed, this method can scale up quite easily. You can build a super large CDN yourself using similar modus operandi.
No corporate CDN, but the insight, resilience and technical expertise of a great programmer, with the Passion and Curiosity of someone visionary.
All powered by OpenSource BSD IPv6 jails DNS caching and enthusiasm
Thank you Stephan
#CDN #networking #cache #IPv6 #IPv4 #programming #technology #BSD #freeBSD #jails #DNS #Wireshark
https://it-notes.dragas.net/2024/08/26/building-a-self-hosted-cdn-for-bsd-cafe-media/
FreeBSD + BastilleBSD + Mastodon = ❤️
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
https://blog.hofstede.it/migrating-burningboardnet-mastodon-instance-to-a-multi-jail-freebsd-setup/
I'm using Bastille to run jails on FreeBSD 15.0-RELEASE.
Does it matter (to Bastille) if I use templates, or can I just manually apply the setup from a template's Bastillefile?
Bastillefile example:
https://github.com/BastilleBSD/templates/blob/main/databases/mariadb-server/Bastillefile
FreeBSD + BastilleBSD + Mastodon = ❤️
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
https://blog.hofstede.it/migrating-burningboardnet-mastodon-instance-to-a-multi-jail-freebsd-setup/
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟯 - 𝗧𝗵𝗲 𝚓𝚖𝚘𝚛𝚎(𝟾) 𝗶𝘀 𝗖𝗼𝗺𝗺𝗶𝘁𝘁𝗲𝗱 𝘁𝗼 𝗣𝗼𝗿𝘁𝘀 [UPDATE 3 - The jmore(8) is Committed to Ports] to 𝗡𝗲𝘄 𝚓𝚖𝚘𝚛𝚎(𝟾) 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗟𝗶𝘀𝘁/𝗠𝗮𝗻𝗮𝗴𝗲 𝗧𝗼𝗼𝗹 [New jmore(8) FreeBSD Jails List/Manage Tool] article.
https://vermaden.wordpress.com/2024/11/22/new-jless-freebsd-jails-list-manage-tool#UPDATE3
WOW #Sylve by @hayzam is making good progress!
Now on to Jails support, including #Linux-compatible jails:
https://bsd.network/@dexter/115659210618375891
From the call, “I avoided FreeBSD 15.0 because I thought it would break things but it fixed lots of issues I was having!” (Paraphrased)
Thank you @FreeBSDFoundation for support his work!
@stefano @christopher I am not sure if I'd say #Linux is becoming like #Windows. I do recall similar statements made on the Debian-User mailing list on a previous release when xorg introduced autoconfiguration. A lot of people were pissed that it was making choices for you instead of manually configuring the xorg.conf file.
Honestly, that was a good thing. Painful doesn't begin to describe it but users were unaware they could still hand-configure the file.
There has been, however, more stuff added to Linux over the last several years. Call it bloat, call it whatever you want. OSes change. But it has been gradually moving away from simplicity.
I miss the simplicity.
However, to reply to your original post, coming from COTS solutions, sometimes the vast amount of choice can be overwhelming. For instance, when it comes to #FreeBSD #jails it used to just be jails. Now, it's thin, thick, classic, networking. I understand they have their places but it would be helpful to provide more detailed explanations, tutorials, or best practices for each. The FreeBSD Handbook is good but just scratches the surface but often leaves more questions. It would help with learning and in part...marketing.
On a side note: The FreeBSD Handbook is a great resource but there are opportunities to improve it, like tailoring it to new users (better empathy), best practices, architectural examples, and links to additional resources and info.
