I don't do a lot of AI-agent work but it struck me recently that Bastille nested VNET jails could make fantastic agent harnesses to limit access, resources and blast radius.
We already support resource limitations on memory, cpu and storage. Limiting outbound network is simple enough to enforce. It wouldn't take much to put some tooling around this.
Seems to me Bastille is a great candidate. What do you think? If you HAD to run an agent.
@ianthetechie We consolidated the docs & domains but some of the old links are still around. Try this one:
https://bastille.readthedocs.io/projects/rocinante/en/latest/
For additional context, cross-reference with the Bastille templates documentation which uses the same engine for template parsing.
https://bastille.readthedocs.io/en/latest/chapters/template.html
Last chance wishlist for BastilleBSD 15.1-RELEASE tweaks.
What packages, sysctl knobs, loader.conf changes, etc do you make on every FreeBSD installation?
My goal is a slightly more "modern", admin-friendly version of FreeBSD with the Bastille+Rocinante toolkit pre-installed, bastille setup and bastille bootstrap automated, pkgbase by default, zsh/fish/bash shells pre-installed, tmux/htop/btop/etc utils, system hardening, ssh hardening and other creature comforts ootb.
Made a lot of progress on the BastilleBSD 15.1-RELEASE image in the past 24hrs!
Hopefully only a few more days of testing before it's ready for wider use.
What must-have packages, tweaks or changes do you make to your fresh FreeBSD installs?
I upgraded my box to #FreeBSD 15.1-RELEASE. Everything ran smoothly as always.
After that I upgraded my 3 #Bastille #jails to FreeBSD 15.1-RELEASE too.
I just found anything strange:
{HOST} # bastille service <JailName> pf restart
[JailName]:
Enabling pfpfctl: DIOCADDRULE: Operation not permitted
/etc/rc.d/pf: WARNING: Unable to load /etc/pf.conf.
pfctl: DIOCSTART: Operation not permitted.
To solve this issue with PF startup, I had to change jails securelevel to 1 instead of 2 (default value).
Is it normal now, or should I missed something?
RE: https://mastodon.bsd.cafe/@subnetspider/116758330967344651
Bastille makes a great self-hosting platform! Look at this absolute list of self-hosted software ⬇️
nsd, unbound, acme, adguard, gitea, haproxy, homebox, mail, netbox, nextcloud, plex, rustdesk, samba, syncthing, tor, unifi, vaultwarden, and more on one box.
The 15.1-RELEASE announcement has inspired me to work on an updated ISO for BastilleBSD. Let's see how far I can get tonight.
Happy upgrading!
Happy FreeBSD 15.1-RELEASE day everyone!
Congratulations to the release team.
BastilleBSD 
Alexandre 
Fabian Mettler