====== Setting up Host ======
  * disable syslogd's network access with **-ss** flags<code bash>sysrc syslogd_flags="-ss"</code>
  * bind sshd to specific IP <code bash /etc/ssh/sshd_config>ListenAddress 10.0.0.1</code>

To Do:
<code bash>sysrc jail_enable="YES"
service jail enable
</code>
<code bash /etc/jail.conf>
$j="/jails";
path="$j/$name";
host.hostname="$name.domain.com";

mount.devfs;
exec.clean;
exec.start="sh /etc/rc";
exec.stop="sh /etc/rc.shutdown";

#BASE {
#	ip4.addr="10.0.0.70";
#       path="/jails/BASE"
#}</code>
----



====== Create zfs jail base ======
===== Create from source =====
<code bash>
zfs create -o quota=30G zroot/jails/BASE
cd /usr/src
make installworld DESTDIR=/jails/BASE
make distribution DESTDIR=/jails/BASE
</code>

===== Create from release tarball =====
  * grab the **base** and **lib32** tarballs for your FreeBSD version <code bash>fetch https://download.freebsd.org/ftp/snapshots/amd64/12.2-PRERELEASE/base.txz
fetch https://download.freebsd.org/ftp/snapshots/amd64/12.2-PRERELEASE/lib32.txz</code>
  * extract snapshot tarballs to jail path <code bash>tar -xf base.txz -C /jails/BASE
tar -xf lib32.txz -C /jails/BASE</code> 

----

====== Configure zfs jail base ======
<code bash>
touch /jails/BASE/etc/fstab /jails/BASE/etc/rc.conf
mkdir -p /jails/BASE/usr/local/etc/pkg/repos
cp /usr/local/etc/pkg/repos/FreeBSD.conf /jails/BASE/usr/local/etc/pkg/repos
cp /etc/localtime /jails/BASE/etc/
cp /etc/resolv.conf /jails/BASE/etc/
echo 'sendmail_enable="NO"' >> /jails/BASE/etc/rc.conf
echo 'ntpd_enable="NO"' >> /jails/BASE/etc/rc.conf
echo 'sshd_enable="YES"' >> /jails/BASE/etc/rc.conf
</code>
  * jails don't use fstab, but some programs need it <code bash>touch /jails/BASE/etc/fstab</code>
  * jails will probably be in same timezone as host <code bash>cp /etc/localtime /jails/BASE/etc/</code>
  * don't need to configure dns servers <code bash>cp /etc/resolv.conf /jails/BASE/etc/</code>
  * don't need sendmail <code bash>echo "sendmail_enable="NO"" >> /jails/BASE/etc/rc.conf</code>
  * no need to run ntpd since jail cannot change time <code bash>echo "ntpd_enable="NO"" >> /jails/BASE/etc/rc.conf</code>
  * enable sshd <code bash>echo "sshd_enable="YES"" >> /jails/BASE/etc/rc.conf</code>

----

==== install typical packages, add user, install dotfiles, copy keys.====
<cli green uppercase>
pkg -j BASE install nano zsh git-lite python37 py37-pip
jexec -l BASE adduser
jexec -l -U sleepy BASE git clone https://gitlab.com/ikiryuta/dotfiles.git
jexec -l -U sleepy BASE /home/sleepy/dotfiles/install_links.sh
jexec -l BASE /home/sleepy/dotfiles/install_links.sh
jexec -l BASE chsh -s zsh
jexec -l -u sleepy BASE mkdir /home/sleepy/.ssh
cp ~sleepy/.ssh/authorized_keys_jails /jails/BASE/home/sleepy/.ssh/authorized_keys
jexec -l BASE chown -R sleepy:sleepy /home/sleepy/.ssh
jexec -l BASE chmod 700 /home/sleepy/.ssh
jexec -l BASE chmod 600 /home/sleepy/.ssh/authorized_keys
</cli>
----

Snapshot the BASE jail
<code bash>zfs snapshot zroot/jails/BASE@CLEAN_JAILS_BASE</code>

----
====== Create jail ======
  * create new jail dataset <code bash>zfs clone zroot/jails/BASE@2020-09-21_12.2-PRERELEASE_clean zroot/jails/python</code>
  * add entry to **/etc/jail.conf** for new jail <code bash /etc/jail.conf>
python {
	ip4.addr="10.0.0.50";
}</code>
  * add entry to **/etc/rc.conf** new jail ip alias <code bash /etc/rc.conf>ifconfig_igb0_alias2="inet 10.0.0.50 netmask 255.255.255.0"</code> or <code bash /etc/rc.conf>ifconfig_igb0_aliases="inet 10.0.0.49-69 netmask 255.255.255.0"</code>

----
====== Updating jails ======
===== using source =====
assuming you have already built and installed world and kernel. Stop the running jail(s) first.
<code>cd /usr/make
make installworld DESTDIR=/jails/path
mergemaster -iFU -D /jails/path
</code>
==== jails_update.sh ====
Script to automate the updates, just make sure to update the jails paths.
<code bash jails_update.sh>
jails="/jails/postgres /jails/python /jails/nginx /jails/bitbot"

cd /usr/src

for jail in $jails
do
    make installworld DESTDIR=$jail
    mergemaster -iFU -D $jail
done
</code>

===== using freebsd-update binaries =====
<code bash>
freebsd-update -b /jails/path fetch
freebsd-update -b /jails/path install
</code>
----
====== To Do ======
  * create ZFS dataset with 20% reserve quota <code bash>zfs create -o quota=300G -o mountpoint=/jails zroot/jails</code>
  * replace hardcoded jail paths with variable<code bash>export jail=/jails/BASE
echo $jail</code>
  * add UTF8 configuration to BASE jail
  * need to create alias for jail ip on hosts network interface during jail creation.
    * using ''ifconfig'' for one-time use <code bash>ifconfig igb0 alias 10.0.0.92 netmask 255.255.255.0</code>
    * permanent using ''rc.conf'' <code bash /etc/rc.conf>ifconfig_igb0_alias2="10.0.0.92 netmask 255.255.255.0"</code>