summaryrefslogtreecommitdiff
path: root/content/bsd
diff options
context:
space:
mode:
Diffstat (limited to 'content/bsd')
-rw-r--r--content/bsd/home.md8
-rw-r--r--content/bsd/jails-usage-examples.md148
2 files changed, 154 insertions, 2 deletions
diff --git a/content/bsd/home.md b/content/bsd/home.md
index fe22f94..0f5d9d5 100644
--- a/content/bsd/home.md
+++ b/content/bsd/home.md
@@ -1,5 +1,5 @@
---
-title: "Demonic BSD Site"
+title: "Daemonic BSD Site"
category: bsd
abstract:
type: special
@@ -8,8 +8,11 @@ draft: false
hardback: yes
---
-Since at least a year, I am a BSD type of a guy. My personal laptop is running on FreeBSD and this site is hosted on an OpenBSD server.
+Since at least a year, I've been a BSD type of a guy. My personal laptop is running on FreeBSD and this site is hosted on an OpenBSD server.
+### Recent Daemonic site updates
+
+{{<recent-updates bsd-update>}}
## Table of Contents
@@ -19,6 +22,7 @@ Since at least a year, I am a BSD type of a guy. My personal laptop is running o
- [FreeBSD won't improve unless people are using it](/bsd/desktop-freebsd-wont-improve-unless-people-are-using-it)
- [13.2 broke my resume](/bsd/freebsd-13-2-was-released-and-broke-my-resume)
- [First time the ZFS saved me](/bsd/first-time-the-zfs-saved-me)
+ - [Jails examples](/bsd/jails-usage-examples) [new]
- FreeBSD on ThinkPad X1 Extreme G2
- [General overview](/bsd/thinkpad/freebsd-on-thinkpad-x1-extreme-g2)
- [Fixing Resume](/bsd/thinkpad/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd)
diff --git a/content/bsd/jails-usage-examples.md b/content/bsd/jails-usage-examples.md
new file mode 100644
index 0000000..cfea398
--- /dev/null
+++ b/content/bsd/jails-usage-examples.md
@@ -0,0 +1,148 @@
+---
+title: "Some examples of using Jails"
+category:
+- bsd
+- bsd-update
+- update
+abstract: How can we use FreeBSD Jails?
+date: 2023-12-04T06:04:33+01:00
+draft: false
+---
+
+Creating Jails in FreeBSD is very easy.
+It takes few minutes to follow the [official handbook](https://docs.freebsd.org/en/books/handbook/jails/) and voilĂ !
+We've a dedicated container.
+But what can we do with it?
+
+A very common use pattern on FreeBSD desktop is to use Jails to encapsulate dependencies, so they don't pollute the main OS.
+Don't want that pesky Pyton? Straight to Jail.
+Java? Straight to jail!
+
+
+## Simple jail - Ltex-Ls
+
+I am not a native speaker, so my English skills are far from perfect.
+My terrible typing skills don't add anything good into the mix.
+Therefore, I am in need of a good grammar and spell checker.
+There is Grammarly, but it's closed source and cloud based.
+We don't want that.
+
+Luckily an alternative exist - [LanguageTool](https://languagetool.org/pl).
+It is quite good and can run locally!
+I use it via an LSP - [Ltex-Ls](https://valentjn.github.io/ltex/ltex-ls/installation.html).
+Technically it's aimed at Latex, but it can work with any filetype.
+
+The problem with ltex-ls is that is runs on JVM.
+I really don't need that on my system.
+Let's lock it in a jail and allow our NeoVim[^lsp] to use it.
+[^lsp]: I can, of course, run in any other editor which supports the LSP standard, be it Emacs or some bad one.
+
+First, let's create a Jail and call it `ltex`.
+For now we can allow it access to the internet, as we will download some files.
+
+{{<highlight shell "linenos=inline">}}
+ltex {
+ ip4 = inherit;
+ interface = em0;
+}
+{{</highlight>}}
+
+We will remove network access after we are done with the setup.
+We don't want any of our writings to leak to the web.
+
+Then, let's log into the jail
+
+{{<highlight shell "linenos=inline">}}
+doas jexec ltex /bin/sh
+{{</highlight>}}
+
+and add the dreaded java
+
+{{<highlight shell "linenos=inline">}}
+pkg install openjdk-jre
+{{</highlight>}}
+
+then, let's fetch our latex-ls
+
+{{<highlight shell "linenos=inline">}}
+cd /root
+wget https://github.com/valentjn/ltex-ls/releases/download/16.0.0/ltex-ls-16.0.0.tar.gz
+tar -xvf ltex-ls-16.0.0.tar.gz
+{{</highlight>}}
+
+for ease of use, let's remove the version number from the directory
+
+{{<highlight shell "linenos=inline">}}
+mv ltex-ls-16.0.0/ ltex
+{{</highlight>}}
+
+And our jail is ready, so let's leave it (either `exit` or the good, old Ctrl+d).
+We can now open our nvim config file.
+This is not a guide about this part, so let's just assume you have LSP and LSP-Config intalled.
+
+Our config will look like this:
+
+{{<highlight lua "linenos=inline">}}
+ lspconfig.ltex.setup{
+ on_attach = on_attach,
+ cmd = { "doas",
+ "jexec",
+ "ltex",
+ "/root/ltex/bin/ltex-ls" },
+ -- rest of config omitted
+ }
+{{</highlight>}}
+
+Notice, that we now run the command as root inside the Jail.
+It would make sense to allow passwordless-doas to our user due to `doas`.
+I will update this guide if I figure out if we can commit this security nightmare here.
+
+But let's go a step further.
+Ltex-Ls allows to use machine learning based grammar check based on ngram data.
+We can add it to our jail.
+Let's log back in
+
+{{<highlight shell "linenos=inline">}}
+doas jexec ltex /bin/sh
+{{</highlight>}}
+
+Next we need to fetch the ngram data (you can find it on [LanguageTool website](https://dev.languagetool.org/finding-errors-using-n-gram-data.html). We need to have a `ngrams` folder which contains `en` (as the language shortcut). The ngrams should be inside the `en`.
+
+I propose you move the files to `/var/ngrams/en` inside the Jail.
+
+We can now tell `NeoVim` to inform the `ltex-ls` runtime to use the ngrams.
+
+{{<highlight lua "linenos=inline">}}
+-- our old config
+lspconfig.ltex.setup{
+ on_attach = on_attach,
+ cmd = { "doas",
+ "jexec",
+ "ltex",
+ "/root/ltex/bin/ltex-ls" },
+ -- ngram settings added
+ settings = {
+ ltex = {
+ additionalRules = {
+ languageModel = '/var/ngrams/',
+ },
+ },
+ },
+ -- rest of config still omitted
+{{</highlight>}}
+
+Note that we instructed the LSP to use `/var/ngrams` folder.
+For program running inside a Jail, the Jail is full system.
+Even though we can access the ngram data on the host OS under `/jail/containers/ltex/var/ngrams` (depending on your config), for Jail, the `/jail/containers/ltex/` prefix doesn't exist as it points to root for the jail.
+
+We can now remove networking from the jail, so our Jail config just defines the existence of the jail
+
+{{<highlight shell "linenos=inline">}}
+ltex {
+}
+{{</highlight>}}
+
+And boom. We've got machine language grammar checking which is completely offline and does not pollute our primary system.
+Our tinfoil friends will be proud of us.
+
+[this article will be expanded with more examples in the near future]