summaryrefslogtreecommitdiff
path: root/content/bsd/jails-usage-examples.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/bsd/jails-usage-examples.md')
-rw-r--r--content/bsd/jails-usage-examples.md115
1 files changed, 60 insertions, 55 deletions
diff --git a/content/bsd/jails-usage-examples.md b/content/bsd/jails-usage-examples.md
index cfea398..6b37762 100644
--- a/content/bsd/jails-usage-examples.md
+++ b/content/bsd/jails-usage-examples.md
@@ -1,15 +1,18 @@
----
-title: "Some examples of using Jails"
-category:
-- bsd
-- bsd-update
-- update
-abstract: How can we use FreeBSD Jails?
-date: 2023-12-04T06:04:33+01:00
-draft: false
----
-
-Creating Jails in FreeBSD is very easy.
++++
+title = "FreeBSD: examples of Jail usage"
+author = ["Michał Sapka"]
+categories = ["bsd"]
+draft = false
+weight = 2001
+abstract = "How can we use FreeBSD Jails?"
+[menu]
+ [menu.bsd-freebsd]
+ weight = 2001
+ identifier = "freebsd-examples-of-jail-usage"
+ name = "Some examples of using Jails"
++++
+
+Creating Jails in FreeBSD is very easy.
It takes few minutes to follow the [official handbook](https://docs.freebsd.org/en/books/handbook/jails/) and voilà!
We've a dedicated container.
But what can we do with it?
@@ -19,7 +22,7 @@ Don't want that pesky Pyton? Straight to Jail.
Java? Straight to jail!
-## Simple jail - Ltex-Ls
+## Simple jail - Ltex-Ls {#simple-jail-ltex-ls}
I am not a native speaker, so my English skills are far from perfect.
My terrible typing skills don't add anything good into the mix.
@@ -27,7 +30,7 @@ Therefore, I am in need of a good grammar and spell checker.
There is Grammarly, but it's closed source and cloud based.
We don't want that.
-Luckily an alternative exist - [LanguageTool](https://languagetool.org/pl).
+Luckily an alternative exist - [LanguageTool](https://languagetool.org/).
It is quite good and can run locally!
I use it via an LSP - [Ltex-Ls](https://valentjn.github.io/ltex/ltex-ls/installation.html).
Technically it's aimed at Latex, but it can work with any filetype.
@@ -37,64 +40,64 @@ I really don't need that on my system.
Let's lock it in a jail and allow our NeoVim[^lsp] to use it.
[^lsp]: I can, of course, run in any other editor which supports the LSP standard, be it Emacs or some bad one.
-First, let's create a Jail and call it `ltex`.
+First, let's create a Jail and call it \`ltex\`.
For now we can allow it access to the internet, as we will download some files.
-{{<highlight shell "linenos=inline">}}
+```shell
ltex {
- ip4 = inherit;
- interface = em0;
+ ip4 = inherit;
+ interface = em0;
}
-{{</highlight>}}
+```
We will remove network access after we are done with the setup.
We don't want any of our writings to leak to the web.
Then, let's log into the jail
-{{<highlight shell "linenos=inline">}}
+```shell
doas jexec ltex /bin/sh
-{{</highlight>}}
+```
and add the dreaded java
-{{<highlight shell "linenos=inline">}}
+```shell
pkg install openjdk-jre
-{{</highlight>}}
+```
then, let's fetch our latex-ls
-{{<highlight shell "linenos=inline">}}
+```shell
cd /root
wget https://github.com/valentjn/ltex-ls/releases/download/16.0.0/ltex-ls-16.0.0.tar.gz
tar -xvf ltex-ls-16.0.0.tar.gz
-{{</highlight>}}
+```
for ease of use, let's remove the version number from the directory
-{{<highlight shell "linenos=inline">}}
+```shell
mv ltex-ls-16.0.0/ ltex
-{{</highlight>}}
+```
-And our jail is ready, so let's leave it (either `exit` or the good, old Ctrl+d).
-We can now open our nvim config file.
+And our jail is ready, so let's leave it (either \`exit\` or the good, old Ctrl+d).
+We can now open our nvim config file.
This is not a guide about this part, so let's just assume you have LSP and LSP-Config intalled.
Our config will look like this:
-{{<highlight lua "linenos=inline">}}
- lspconfig.ltex.setup{
- on_attach = on_attach,
- cmd = { "doas",
- "jexec",
- "ltex",
- "/root/ltex/bin/ltex-ls" },
- -- rest of config omitted
- }
-{{</highlight>}}
-
-Notice, that we now run the command as root inside the Jail.
-It would make sense to allow passwordless-doas to our user due to `doas`.
+```lua
+lspconfig.ltex.setup{
+ on_attach = on_attach,
+ cmd = { "doas",
+ "jexec",
+ "ltex",
+ "/root/ltex/bin/ltex-ls" },
+-- rest of config omitted
+}
+```
+
+Notice, that we now run the command as root inside the Jail.
+It would make sense to allow passwordless-doas to our user due to \`doas\`.
I will update this guide if I figure out if we can commit this security nightmare here.
But let's go a step further.
@@ -102,22 +105,24 @@ Ltex-Ls allows to use machine learning based grammar check based on ngram data.
We can add it to our jail.
Let's log back in
-{{<highlight shell "linenos=inline">}}
+```shell
doas jexec ltex /bin/sh
-{{</highlight>}}
+```
-Next we need to fetch the ngram data (you can find it on [LanguageTool website](https://dev.languagetool.org/finding-errors-using-n-gram-data.html). We need to have a `ngrams` folder which contains `en` (as the language shortcut). The ngrams should be inside the `en`.
+Next we need to fetch the ngram data (you can find it on [LanguageTool website](https://dev.languagetool.org/finding-errors-using-n-gram-data.html).
+We need to have a \`ngrams\` folder which contains \`en\` (as the language shortcut).
+The ngrams should be inside the \`en\`.
-I propose you move the files to `/var/ngrams/en` inside the Jail.
+I propose you move the files to \`/var/ngrams/en\` inside the Jail.
-We can now tell `NeoVim` to inform the `ltex-ls` runtime to use the ngrams.
+We can now tell \`NeoVim\` to inform the \`ltex-ls\` runtime to use the ngrams.
-{{<highlight lua "linenos=inline">}}
+```lua
-- our old config
lspconfig.ltex.setup{
on_attach = on_attach,
- cmd = { "doas",
- "jexec",
+ cmd = { "doas",
+ "jexec",
"ltex",
"/root/ltex/bin/ltex-ls" },
-- ngram settings added
@@ -129,20 +134,20 @@ lspconfig.ltex.setup{
},
},
-- rest of config still omitted
-{{</highlight>}}
+```
-Note that we instructed the LSP to use `/var/ngrams` folder.
+Note that we instructed the LSP to use `/var/ngrams` folder.
For program running inside a Jail, the Jail is full system.
Even though we can access the ngram data on the host OS under `/jail/containers/ltex/var/ngrams` (depending on your config), for Jail, the `/jail/containers/ltex/` prefix doesn't exist as it points to root for the jail.
We can now remove networking from the jail, so our Jail config just defines the existence of the jail
-{{<highlight shell "linenos=inline">}}
+```shell
ltex {
}
-{{</highlight>}}
+```
-And boom. We've got machine language grammar checking which is completely offline and does not pollute our primary system.
+And boom. We've got machine language grammar checking which is completely offline and does not pollute our primary system.
Our tinfoil friends will be proud of us.
[this article will be expanded with more examples in the near future]
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 08:07:03 +0000