Post · bonfire.cafe

Post

Goodbye Linux & Podman, hello FreeBSD & Jails!

Just migrated my blog (https://blog.hofstede.it) to a fully native BSD stack (where my Gemini Capsule was already living).

Stack (using Bastille VNET Jails):
- Caddy (Ingress, TLS, Reverse-Proxy)
- Nginx Jail (Internal. Static file serving)
- PF

The Cool Part: A Zero-Trust CI/CD pipeline.

My Forgejo runner deploys via restricted rrsync into an air-gapped "transporter" jail, which nullfs mounts the web root.

Security: Source-IP restricted, no interactive shells, no PTY.

The simplicity of files-on-disk beats container abstraction every time.

#BastilleBSD #SelfHosted #SysAdmin #IPv6 #ZFS #FreeBSD #RunBSD

2 media

Auli

@Auli@twit.social replied · last month

@Larvitz Isn't jails more like LXC then containers?

Not to mention docker seems to perform better than jails.

dch :flantifa: :flan_hacker:

@dch@bsd.network replied · 2 weeks ago

@Auli there should be zero overhead for jails to cpu, file system and network on FreeBSD. I’m not sure how you measure performance in this case @Larvitz

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1 no JS en

Automatic federation enabled