BastilleBSD 
Had a little trouble with one of the download mirrors today. Thanks for your patience.
I setup a hetzner EU mirror here:
https://download-eu.bastillebsd.org/releases/
Happy downloading!
JdeBPCan anyone provide me with a good argument why any of these options shouldn't be enabled out of the box like this?
Until someone can, they'll be enabled by default in BastilleBSD images.
Check out a copy of BastilleBSD-15.1-RELEASE here:
Preview of BastilleBSD-15.1-RELEASE using EFI boot. So pretty!
BastilleBSD is FreeBSD +
- modern shells (zsh, fish, bash)
- common utilities (tmux, opendoas, git-lite, htop/btop)
- chrony configured for accurate time
- dnscrypt-proxy configured for privacy friendly, malware filtering DoH to quad9.
- sysctl.conf hardening enabled-by-default in BastilleBSD Installer
- cpu-microcode updates auto-loaded
- a bunch more
Preview of BastilleBSD-15.1-RELEASE boot screen!
Download a copy at https://download.bastillebsd.org/releases/ISO-IMAGES/15.1/
BastilleBSD is FreeBSD +
Bastille and Rocinante ready to use out of the box.
`bastille setup` run automatically on firstboot
`bastille bootstrap $RELEASE update` run automatically on firstboot
`bastille bootstrap https://github.com/bastillebsd/templates` automatically run on firstboot
…plus some ootb sysctl hardening, SSH hardening, git-lite, tmux, chrony, and more!
To celebrate FreeBSD's birthday today we're releasing BastilleBSD 15.1-RELEASE images!
BastilleBSD: Vanilla FreeBSD 15.1-RELEASE +
- Bastille + Rocinante pre-installed out of the box
- bastille setup & bastille bootstrap run via firstboot
- A handful of modern common utilities pre-installed
- System hardening options enabled by default
- SSH hardened by default
- bash, zsh and fish modern shells pre-installed
- more!
Get your copy at:
https://download.bastillebsd.org/releases/ISO-IMAGES/15.1
FreeBSD Day | FreeBSD Foundation
Join us to celebrate FreeBSD Day! FreeBSD Day, celebrated on June 19, commemorates the launch of the FreeBSD open source operating system and recognizes its pioneering and continued impact on technology. On June 19, 1993, an email thread on an early BSD list proposed project names for a new open source UNIX derivative. "FreeBSD" was
I don't do a lot of AI-agent work but it struck me recently that Bastille nested VNET jails could make fantastic agent harnesses to limit access, resources and blast radius.
We already support resource limitations on memory, cpu and storage. Limiting outbound network is simple enough to enforce. It wouldn't take much to put some tooling around this.
Seems to me Bastille is a great candidate. What do you think? If you HAD to run an agent.
@ianthetechie We consolidated the docs & domains but some of the old links are still around. Try this one:
https://bastille.readthedocs.io/projects/rocinante/en/latest/
For additional context, cross-reference with the Bastille templates documentation which uses the same engine for template parsing.
https://bastille.readthedocs.io/en/latest/chapters/template.html
Last chance wishlist for BastilleBSD 15.1-RELEASE tweaks.
What packages, sysctl knobs, loader.conf changes, etc do you make on every FreeBSD installation?
My goal is a slightly more "modern", admin-friendly version of FreeBSD with the Bastille+Rocinante toolkit pre-installed, bastille setup and bastille bootstrap automated, pkgbase by default, zsh/fish/bash shells pre-installed, tmux/htop/btop/etc utils, system hardening, ssh hardening and other creature comforts ootb.