Post AaN8QuLjSfKWT9WSZc by vermaden@mastodon.bsd.cafe
(DIR) More posts by vermaden@mastodon.bsd.cafe
(DIR) Post #Aa7ozVoXlKF23Up5rk by alelab@mastodon.bsd.cafe
2023-09-25T10:30:51Z
0 likes, 1 repeats
I am playing with @BastilleBSD on my home server. I love it π₯° This software is so easy and nice to use. I hope new version will be released soon because it seems to bring better IPv6 support, and rdr IPv6 rules#BSDCafe #FreeBSD #BastilleBSD
(DIR) Post #Aa7p3KtMJTulL3tmm8 by stefano@mastodon.bsd.cafe
2023-09-25T12:13:52Z
0 likes, 0 repeats
@alelab @BastilleBSD It's great. Be careful at next upgrade as some things changed in the configuration file: https://fosstodon.org/@BastilleBSD/110950908034719075
(DIR) Post #Aa7wDBNzD77yQnrnyC by fluxwatcher@mastodon.social
2023-09-25T13:33:37Z
0 likes, 0 repeats
Out of curiosity, are you guys using it in production?@stefano @alelab @BastilleBSD
(DIR) Post #Aa7ykanFxyy6hDkHkO by stefano@mastodon.bsd.cafe
2023-09-25T14:02:29Z
0 likes, 0 repeats
@fluxwatcher @alelab @BastilleBSD yes, I am using it in production and it's stable and reliable. Bastille is being active developed and it's a collection of shell scripts, so I feel I can trust it for production
(DIR) Post #Aa7zcjbdPxLJfJ7uCW by alelab@mastodon.bsd.cafe
2023-09-25T14:12:19Z
0 likes, 0 repeats
@stefano For #IPv6 you use loopback network and RDR redirections, or VNET ?For VNET, PF must be enable in container to manage network access?@fluxwatcher @BastilleBSD
(DIR) Post #Aa7zx18NxRQZot7JGS by stefano@mastodon.bsd.cafe
2023-09-25T14:15:58Z
0 likes, 0 repeats
@alelab @fluxwatcher @BastilleBSD it depends, both routing via subnetting the ipv6 space or using vnet. No, you don't need pf enabled in the container. Also, you don't need rdr if using subnetting as it's pure routing. I'm using rdr only for ipv4
(DIR) Post #Aa8067zjotDvhgPsjA by fluxwatcher@mastodon.social
2023-09-25T14:17:09Z
0 likes, 0 repeats
@stefano Glad that it works for you.I probably had bad luck at the time I try it 6+ months ago creating thick VNETs and testing RELEASE upgrades.I will definitely check it again once it hits 1.0 @alelab @BastilleBSD
(DIR) Post #Aa80Cu8nj61ulPt3AG by fluxwatcher@mastodon.social
2023-09-25T14:18:24Z
0 likes, 0 repeats
@stefano Glad that it works for you.I probably had bad luck at the time I tried it 6+ months ago creating thick VNETs and testing RELEASE upgrades.I will definitely check it again once it hits 1.0 @alelab @BastilleBSD
(DIR) Post #Aa821rT9WGMxCUGge8 by alelab@mastodon.bsd.cafe
2023-09-25T14:39:15Z
0 likes, 0 repeats
Thank you @stefano π I thought that when using VNET and setting IP addresses (IPv4 on the same subnet than the host, and IPv6 SLAAC), I should enable PF to manage container network flows. It is maybe easier to manage by using dedicated private IP addresses (for both IPv4 and IPv6) for Bastille. I mean different than the subnet used by the host and manage rdr rules via PF on host. fluxwatcher@mastodon.social @BastilleBSD
(DIR) Post #Aa8JEnTjMm0JoDICTA by stefano@mastodon.bsd.cafe
2023-09-25T17:52:05Z
0 likes, 0 repeats
@fluxwatcher @alelab @BastilleBSD One of my servers. A nice mix & match of #FreeBSD Bastille jails π
(DIR) Post #Aa8JWemSRZkC2rZHqi by fluxwatcher@mastodon.social
2023-09-25T17:54:52Z
0 likes, 0 repeats
@stefano Oh those "expensive" FreeBSD jails. Got to love them.@alelab @BastilleBSD
(DIR) Post #AaAMKtYkMJNsaJ9rFY by PythonLinks@mastodon.social
2023-09-26T17:35:46Z
0 likes, 1 repeats
I am also running BastilleBSD, and really like it. I hated #docker. #FreeBSD #BastilleBSD @stefano @fluxwatcher @alelab @BastilleBSD
(DIR) Post #AaAMOtE5XWDUi3OrTs by stefano@mastodon.bsd.cafe
2023-09-26T17:36:59Z
0 likes, 0 repeats
@PythonLinks @fluxwatcher @alelab @BastilleBSD BastilleBSD is a very nice tool, I've been using it for years and love it.
(DIR) Post #AaAezdCprbRCugU23E by thepanz@phpc.social
2023-09-26T21:04:47Z
0 likes, 0 repeats
@stefano @PythonLinks @fluxwatcher @alelab @BastilleBSD been reading about BastilleBSD from your comments and sounds very interesting especially for servers where jailing is quite important (and we want to avoid Docker).Are you using your own templates, as the ones on bastille-templates repos are not updated? (Just checked a few, and found PHP v7.4)Do you have other resources to link, or willing to share how you manage it?How do you scale jailed services? Sorry for the rookie question :)
(DIR) Post #AaBU80vucsn2TqK2b2 by stefano@mastodon.bsd.cafe
2023-09-27T06:38:13Z
0 likes, 0 repeats
@thepanz @PythonLinks @fluxwatcher @alelab @BastilleBSD Using jails is a nice solution. You get separation without all the overhead of a VM or the pre-built nature of Docker containers (which can be good or bad, depending on your needs).Generally speaking, I create single jails as I would with VMs, so I manually install what I need. For more common use cases (nginx+php, etc.) or more complex solutions (stacks), I create a 'model' jail and send/receive it via ZFS to use it for projects. Otherwise, I export and import jails using 'bastille export | bastille import.'I've written something about it here: https://it-notes.dragas.net/2022/02/05/how-we-are-migrating-many-of-our-servers-from-Linux-to-FreeBSD-part-1-system-and-jails-setup/ and in the article about backups/restore here: https://it-notes.dragas.net/2022/05/30/how-we-are-migrating-many-of-our-servers-from-Linux-to-FreeBSD-part-2/.As for scaling, I manage busy servers but have never needed to immediately scale to the point where I can't handle it manually. I'm not a big fan of autoscaling (auto-billed, so you never know what you're going to pay). I've seen old, hacked CMS instances mining crypto and scaling up, generating a very high bill...
(DIR) Post #AaBUQ17seBTGI8VMBs by catavz@mastodon.social
2023-09-27T06:39:38Z
0 likes, 0 repeats
@stefano @fluxwatcher @alelab @BastilleBSD I'm also use BastilleBSD for BSD jails. How can I use it for Debian or Yunohost jails?
(DIR) Post #AaBUUOTXmCp5rniz56 by stefano@mastodon.bsd.cafe
2023-09-27T06:42:19Z
0 likes, 0 repeats
@catavz @fluxwatcher @alelab @BastilleBSD No, you can't. It's for FreeBSD jails. In Debian, the closest solution you can find is lxc.
(DIR) Post #AaBUbmNLJbzy1CLV0C by catavz@mastodon.social
2023-09-27T06:43:09Z
0 likes, 0 repeats
@stefano @fluxwatcher @alelab @BastilleBSD I meant run Debian or Yunohost in jails.
(DIR) Post #AaBUsMjXu8ZvPkdkKe by stefano@mastodon.bsd.cafe
2023-09-27T06:46:39Z
0 likes, 0 repeats
@catavz @fluxwatcher @alelab @BastilleBSD Yes, you can run Debian in a BastilleBSD jail. bastille bootstrap bullseye and then create a jail with -LIt works like a charm.
(DIR) Post #AaBV3KNkzHC3J5fwmG by catavz@mastodon.social
2023-09-27T06:48:09Z
0 likes, 0 repeats
@stefano @fluxwatcher @alelab @BastilleBSD Thanks, where can I find detailed instructions?
(DIR) Post #AaBVjjeJR3Xfpkdn4y by stefano@mastodon.bsd.cafe
2023-09-27T06:56:16Z
0 likes, 0 repeats
@catavz @fluxwatcher @alelab @BastilleBSD this can be a good starting point: https://bastillebsd.org/blog/2021/08/01/bastille-experiments-with-ubuntu-and-debian-linux-containers/
(DIR) Post #AaBVrg3UgI1T0KCqdU by catavz@mastodon.social
2023-09-27T06:57:16Z
0 likes, 0 repeats
@stefano @fluxwatcher @alelab @BastilleBSD Thanks again.
(DIR) Post #AaBgCahSmoQk1AVqfw by alelab@mastodon.bsd.cafe
2023-09-27T08:53:34Z
0 likes, 1 repeats
@stefano I setup my jails (without template) using #VNet network method as I have IPv6 SLAAC at home and I wanted to use it. Because of this setup, I configured pf rules inside each jail (#unbound, #adguardhome and #wireguard). Now it works like a charm. I also tested bastille update release to install patch level updates: this is so easy and simple. @fluxwatcher @BastilleBSD
(DIR) Post #AaBi0feYkE57oTb9Pc by jcamos@mastodon.bsd.cafe
2023-09-27T09:13:49Z
0 likes, 0 repeats
@stefano @catavz @fluxwatcher @alelab @BastilleBSD any chance you know if it's possible to run a Debian version of, let's say, firefox directly on the FreeBSD machine? a bit like https://github.com/mrclksr/linux-browser-installer does? I'm curious... the later one stop working for me as expected :/thanks!
(DIR) Post #AaBlxh8x9BcVNneQKG by stefano@mastodon.bsd.cafe
2023-09-27T09:58:07Z
0 likes, 0 repeats
@jcamos @catavz @fluxwatcher @alelab @BastilleBSD It should be possible, but I haven't tried it recently. I've done it years ago, and everything was ok. I think I'll try it on a VM π
(DIR) Post #AaBs57JGrJQGHxOpMG by jcamos@mastodon.bsd.cafe
2023-09-27T11:06:40Z
0 likes, 0 repeats
@stefano @catavz @fluxwatcher @alelab @BastilleBSD That's cool to know! I'm not near my machine to test it, but if you manage to do it please share it! πCheers!
(DIR) Post #AaBsG3moIduIXuQzWy by stefano@mastodon.bsd.cafe
2023-09-27T11:08:40Z
0 likes, 0 repeats
@jcamos @catavz @fluxwatcher @alelab @BastilleBSD Sure. I'm not sure I'll be able today, but will definitely do it soon and report here.
(DIR) Post #AaCDOTkVkh1GQGDMie by catavz@mastodon.social
2023-09-27T15:04:59Z
0 likes, 0 repeats
@stefano @fluxwatcher @alelab @BastilleBSD JID IP Address Hostname Path alcatraz 10.17.89.50 alcatraz /usr/local/bastille/jails/alcatraz/root debian-bullseye 192.168.122.2 debian-bullseye /usr/local/bastille/jails/debian-bullseye/rootIt's alrightππ
(DIR) Post #AaCDhs9vDlYLd9LdCq by stefano@mastodon.bsd.cafe
2023-09-27T15:09:00Z
0 likes, 0 repeats
@catavz @fluxwatcher @alelab @BastilleBSD well done!
(DIR) Post #AaCDlCPeNIXHJaI6K0 by fluxwatcher@mastodon.social
2023-09-27T15:08:03Z
0 likes, 1 repeats
@catavz @stefano @alelab @BastilleBSD Let me play here the devil's advocate π
https://weblog.antranigv.am/posts/2023/08/freebsd-jail-devuan-linux-openrc/
(DIR) Post #AaCE2ayKJinoPIo12G by stefano@mastodon.bsd.cafe
2023-09-27T15:12:44Z
0 likes, 0 repeats
@fluxwatcher @catavz @alelab @BastilleBSD I think that Devuan is better than Debian for a jail. No systemd dependencies.
(DIR) Post #AaCELSsQdfHInp2pHM by fluxwatcher@mastodon.social
2023-09-27T15:15:37Z
0 likes, 0 repeats
@stefano @catavz @alelab @BastilleBSD Exactly!.Less complexity it's always a plus, specially in jailed setups.
(DIR) Post #AaN8QqlSn3XHLnWx7o by jcamos@mastodon.bsd.cafe
2023-09-27T19:01:44Z
0 likes, 0 repeats
@datasmurfthanks! I did read this post on another occasion and it's about the same link I referred before π but thanks for pointing out!
(DIR) Post #AaN8Qra9ka5Lt1FR8i by jcamos@mastodon.bsd.cafe
2023-09-27T20:29:21Z
0 likes, 0 repeats
@datasmurf In fact, the author of this blog ( @vermaden ) is here with us! πGreat reading indeed π
(DIR) Post #AaN8QsNQnNV6LqImwa by jcamos@mastodon.bsd.cafe
2023-10-02T20:31:44Z
0 likes, 0 repeats
@datasmurf by the way @vermaden , I see you've opened an issue regarding this. So it's not me doing something dumb I guess... I'm able to install the whole thing but then the DRM kicks me on the teeth with some related DRM error. π
(DIR) Post #AaN8QuLjSfKWT9WSZc by vermaden@mastodon.bsd.cafe
2023-10-02T20:47:22Z
0 likes, 0 repeats
@jcamos @datasmurf Yeah.I am keeping some older FreeBSD 13.1 and do not update it as DRM works there - requires reboot - but better that then nothing.I do not know why it is broken now :(
(DIR) Post #AaN8Qv7Ec3KMqTkOcC by jcamos@mastodon.bsd.cafe
2023-10-02T21:18:00Z
0 likes, 0 repeats
@vermaden I just tried an old BE of FreeBSD 13.1 and it does work! never occurred it could be that! haha!just a bectl activate -t <bename> and it works! Even though it complains about some stuff I changed over the time, it's a temporary workaround... In any case, thanks!Still curious if @stefano was able to do something with our little Bastille Debian jail.. it would be also nice :)
(DIR) Post #AaN8QvsNml2dCho36W by stefano@mastodon.bsd.cafe
2023-10-02T21:31:16Z
0 likes, 0 repeats
@jcamos @vermaden not yet. It's still in my to-do list π
(DIR) Post #AaZRo9PmChdNF4qybQ by thepanz@phpc.social
2023-10-08T20:04:50Z
0 likes, 0 repeats
@stefano cool, thank you for the links and the hints! Will have a chat with our DevOps to check if they'd give some support on moving to *BSD and Bastille from the CentOs/AlmaLinux distro they're offering.Another option would be #lxd or #incus , but looks like it is not that much automated, and I should study that a bit more :)Grazie!