Goodbye Linux & Podman, hello FreeBSD & Jails!

Just migrated my blog (https://blog.hofstede.it) to a fully native BSD stack (where my Gemini Capsule was already living).

Stack (using Bastille VNET Jails):
- Caddy (Ingress, TLS, Reverse-Proxy)
- Nginx Jail (Internal. Static file serving)
- PF

The Cool Part: A Zero-Trust CI/CD pipeline.

My Forgejo runner deploys via restricted rrsync into an air-gapped "transporter" jail, which nullfs mounts the web root.

Security: Source-IP restricted, no interactive shells, no PTY.

The simplicity of files-on-disk beats container abstraction every time.

#BastilleBSD #SelfHosted #SysAdmin #IPv6 #ZFS #FreeBSD #RunBSD