diff options
author | mms <michal@sapka.me> | 2023-12-04 21:59:35 +0100 |
---|---|---|
committer | mms <michal@sapka.me> | 2023-12-04 21:59:35 +0100 |
commit | b2606034ed696e5acc95f0033d19e6b0bef142c7 (patch) | |
tree | 20f23df6bfad58938921f5518384844ca47f3a85 /content | |
parent | ad7f2f74f0a43c5c617d2f4454e1b270c07d9dfe (diff) |
feat: jails via ltex
Diffstat (limited to 'content')
-rw-r--r-- | content/bsd/home.md | 8 | ||||
-rw-r--r-- | content/bsd/jails-usage-examples.md | 148 |
2 files changed, 154 insertions, 2 deletions
diff --git a/content/bsd/home.md b/content/bsd/home.md index fe22f94..0f5d9d5 100644 --- a/content/bsd/home.md +++ b/content/bsd/home.md @@ -1,5 +1,5 @@ --- -title: "Demonic BSD Site" +title: "Daemonic BSD Site" category: bsd abstract: type: special @@ -8,8 +8,11 @@ draft: false hardback: yes --- -Since at least a year, I am a BSD type of a guy. My personal laptop is running on FreeBSD and this site is hosted on an OpenBSD server. +Since at least a year, I've been a BSD type of a guy. My personal laptop is running on FreeBSD and this site is hosted on an OpenBSD server. +### Recent Daemonic site updates + +{{<recent-updates bsd-update>}} ## Table of Contents @@ -19,6 +22,7 @@ Since at least a year, I am a BSD type of a guy. My personal laptop is running o - [FreeBSD won't improve unless people are using it](/bsd/desktop-freebsd-wont-improve-unless-people-are-using-it) - [13.2 broke my resume](/bsd/freebsd-13-2-was-released-and-broke-my-resume) - [First time the ZFS saved me](/bsd/first-time-the-zfs-saved-me) + - [Jails examples](/bsd/jails-usage-examples) [new] - FreeBSD on ThinkPad X1 Extreme G2 - [General overview](/bsd/thinkpad/freebsd-on-thinkpad-x1-extreme-g2) - [Fixing Resume](/bsd/thinkpad/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd) diff --git a/content/bsd/jails-usage-examples.md b/content/bsd/jails-usage-examples.md new file mode 100644 index 0000000..cfea398 --- /dev/null +++ b/content/bsd/jails-usage-examples.md @@ -0,0 +1,148 @@ +--- +title: "Some examples of using Jails" +category: +- bsd +- bsd-update +- update +abstract: How can we use FreeBSD Jails? +date: 2023-12-04T06:04:33+01:00 +draft: false +--- + +Creating Jails in FreeBSD is very easy. +It takes few minutes to follow the [official handbook](https://docs.freebsd.org/en/books/handbook/jails/) and voilĂ ! +We've a dedicated container. +But what can we do with it? + +A very common use pattern on FreeBSD desktop is to use Jails to encapsulate dependencies, so they don't pollute the main OS. +Don't want that pesky Pyton? Straight to Jail. +Java? Straight to jail! + + +## Simple jail - Ltex-Ls + +I am not a native speaker, so my English skills are far from perfect. +My terrible typing skills don't add anything good into the mix. +Therefore, I am in need of a good grammar and spell checker. +There is Grammarly, but it's closed source and cloud based. +We don't want that. + +Luckily an alternative exist - [LanguageTool](https://languagetool.org/pl). +It is quite good and can run locally! +I use it via an LSP - [Ltex-Ls](https://valentjn.github.io/ltex/ltex-ls/installation.html). +Technically it's aimed at Latex, but it can work with any filetype. + +The problem with ltex-ls is that is runs on JVM. +I really don't need that on my system. +Let's lock it in a jail and allow our NeoVim[^lsp] to use it. +[^lsp]: I can, of course, run in any other editor which supports the LSP standard, be it Emacs or some bad one. + +First, let's create a Jail and call it `ltex`. +For now we can allow it access to the internet, as we will download some files. + +{{<highlight shell "linenos=inline">}} +ltex { + ip4 = inherit; + interface = em0; +} +{{</highlight>}} + +We will remove network access after we are done with the setup. +We don't want any of our writings to leak to the web. + +Then, let's log into the jail + +{{<highlight shell "linenos=inline">}} +doas jexec ltex /bin/sh +{{</highlight>}} + +and add the dreaded java + +{{<highlight shell "linenos=inline">}} +pkg install openjdk-jre +{{</highlight>}} + +then, let's fetch our latex-ls + +{{<highlight shell "linenos=inline">}} +cd /root +wget https://github.com/valentjn/ltex-ls/releases/download/16.0.0/ltex-ls-16.0.0.tar.gz +tar -xvf ltex-ls-16.0.0.tar.gz +{{</highlight>}} + +for ease of use, let's remove the version number from the directory + +{{<highlight shell "linenos=inline">}} +mv ltex-ls-16.0.0/ ltex +{{</highlight>}} + +And our jail is ready, so let's leave it (either `exit` or the good, old Ctrl+d). +We can now open our nvim config file. +This is not a guide about this part, so let's just assume you have LSP and LSP-Config intalled. + +Our config will look like this: + +{{<highlight lua "linenos=inline">}} + lspconfig.ltex.setup{ + on_attach = on_attach, + cmd = { "doas", + "jexec", + "ltex", + "/root/ltex/bin/ltex-ls" }, + -- rest of config omitted + } +{{</highlight>}} + +Notice, that we now run the command as root inside the Jail. +It would make sense to allow passwordless-doas to our user due to `doas`. +I will update this guide if I figure out if we can commit this security nightmare here. + +But let's go a step further. +Ltex-Ls allows to use machine learning based grammar check based on ngram data. +We can add it to our jail. +Let's log back in + +{{<highlight shell "linenos=inline">}} +doas jexec ltex /bin/sh +{{</highlight>}} + +Next we need to fetch the ngram data (you can find it on [LanguageTool website](https://dev.languagetool.org/finding-errors-using-n-gram-data.html). We need to have a `ngrams` folder which contains `en` (as the language shortcut). The ngrams should be inside the `en`. + +I propose you move the files to `/var/ngrams/en` inside the Jail. + +We can now tell `NeoVim` to inform the `ltex-ls` runtime to use the ngrams. + +{{<highlight lua "linenos=inline">}} +-- our old config +lspconfig.ltex.setup{ + on_attach = on_attach, + cmd = { "doas", + "jexec", + "ltex", + "/root/ltex/bin/ltex-ls" }, + -- ngram settings added + settings = { + ltex = { + additionalRules = { + languageModel = '/var/ngrams/', + }, + }, + }, + -- rest of config still omitted +{{</highlight>}} + +Note that we instructed the LSP to use `/var/ngrams` folder. +For program running inside a Jail, the Jail is full system. +Even though we can access the ngram data on the host OS under `/jail/containers/ltex/var/ngrams` (depending on your config), for Jail, the `/jail/containers/ltex/` prefix doesn't exist as it points to root for the jail. + +We can now remove networking from the jail, so our Jail config just defines the existence of the jail + +{{<highlight shell "linenos=inline">}} +ltex { +} +{{</highlight>}} + +And boom. We've got machine language grammar checking which is completely offline and does not pollute our primary system. +Our tinfoil friends will be proud of us. + +[this article will be expanded with more examples in the near future] |