clawdie-ai/docs/public/architecture/bastille.md

---
title: "Bastille on FreeBSD 15"
---


Clawdie uses Bastille as the host-side jail manager for its Warden runtime on
FreeBSD.

## Host Assumptions

- FreeBSD 15 host
- ZFS root pool
- Bastille installed from packages
- `warden0` bridge on `10.0.0.1/24`
- host-side orchestration, not an operator jail

## Recommendation

Keep Bastille boring and explicit:

- bootstrap `15.0-RELEASE`
- keep the stock Bastille layout
- use `warden0` as the canonical bridge name
- use `10.0.0.0/24` as the default internal jail subnet
- create persistent service jails as thick VNET jails
- create workers as thin jails from the current profile logic

## Bootstrap

```sh
pkg install -y bastille
bastille bootstrap -p 15.0-RELEASE
```

## Canonical Service Jails

Default fixed service slots:

- `db` on `<subnet>.3`
- `cms` on `<subnet>.4`
- `llama-cpp` on `<subnet>.5` (llama-server, embeddings)
- `git` on `<subnet>.6`

The operator controlplane is not a jail in the current model. It runs on the
FreeBSD host and is published at `ai.<internal_base>`.

Example bring-up for the default install:

```sh
bastille create -T -B -g <subnet>.1 db 15.0-RELEASE <subnet>.3/24 warden0
bastille create -T -B -g <subnet>.1 cms 15.0-RELEASE <subnet>.4/24 warden0
bastille create -T -B -g <subnet>.1 git 15.0-RELEASE <subnet>.6/24 warden0
```

Apply internal hostnames after creation:

```sh
bastille config cms set host.hostname cms.home.arpa
bastille config git set host.hostname git.home.arpa
```

## Worker Bring-Up

Workers are derived from `AGENT_NAME` and start in the high range:

- default worker: `10.0.0.101`
- future networked workers continue upward from there

Use the setup path rather than hand-writing worker create commands:

```sh
just setup -- --step jails --create
```

## Networking

The intended host-side network is:

- bridge: `warden0`
- gateway: `10.0.0.1`
- jailed subnet: `10.0.0.0/24`

If a VNET jail comes up without a `default` route, treat that as a provisioning
defect and fix the create command rather than applying ad hoc routes later.

## Packages and Roles

Current setup steps own the jail bootstrap contract:

- `db` installs PostgreSQL + pgvector
- `git` installs plain git storage
- `cms` installs nginx and the Astro/Starlight web baseline; optional Strapi
  content/bootstrap remains internal and deployment-specific

Do not bootstrap a separate operator jail. The FreeBSD host is the operator
surface.

## ZFS Layout

With the default Bastille + Clawdie settings, datasets should live under a
project prefix such as:

```text
zroot/clawdie-runtime/jails
zroot/clawdie-runtime/releases
zroot/clawdie-runtime/templates
```

## Snapshots

Snapshot persistent service jails before risky changes, for example:

```sh
zfs snapshot zroot/clawdie-runtime/jails/clawdie-db@pre-schema-14.mar.2026-1200
zfs snapshot zroot/clawdie-runtime/jails/clawdie-cms@pre-strapi-14.mar.2026-1230
```

Use user-facing snapshot names in `DD.mmm.YYYY-HHMM` format.

## Current Direction

- host orchestrator on FreeBSD
- Bastille-managed service and worker jails
- no dedicated operator jail in the active model
- shared internal surfaces named by role: `ai`, `cms`, `git`
- public web serving delegated to the `cms` jail instead of host nginx ownership
Fix Starlight build: add frontmatter to all public docs 18 markdown files under docs/public/ were missing YAML frontmatter (title field). Starlight requires this for content collection schema validation. Extracted titles from existing # headings. Build: PASS (cms setup succeeds, site deployed) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --- Build: pass \| Tests: pass — Tests 603 passed (603) 2026-04-06 01:54:45 +00:00			`---`
			`title: "Bastille on FreeBSD 15"`
			`---`

Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Clawdie uses Bastille as the host-side jail manager for its Warden runtime on`
			`FreeBSD.`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Host Assumptions`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
			`- FreeBSD 15 host`
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`- ZFS root pool`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00			`- Bastille installed from packages`
docs: standardize subnet to 10.0.0 + fix stale references All docs now use 10.0.0.x as the canonical example subnet, matching the code default in config.ts and shell-env.sh. Previously docs used a mix of 192.168.100.x (architecture docs) and 10.0.1.x (install docs). Also: - Fix dead link to setup-wizard.ts in git-storage.md (now points to setup/git.ts and setup/install.ts) - Update stale nomic-embed-text reference in SKILLS-ARTIFACT-V1-PLAN.md to current BAAI/bge-m3 at 1024 dims - Fix uppercase display text in internal doc cross-references Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --- Build: pass \| Tests: pass — Tests 603 passed (603) 2026-04-06 02:15:41 +00:00			- `warden0` bridge on `10.0.0.1/24`
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`- host-side orchestration, not an operator jail`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Recommendation`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Keep Bastille boring and explicit:`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			- bootstrap `15.0-RELEASE`
			`- keep the stock Bastille layout`
			- use `warden0` as the canonical bridge name
docs: standardize subnet to 10.0.0 + fix stale references All docs now use 10.0.0.x as the canonical example subnet, matching the code default in config.ts and shell-env.sh. Previously docs used a mix of 192.168.100.x (architecture docs) and 10.0.1.x (install docs). Also: - Fix dead link to setup-wizard.ts in git-storage.md (now points to setup/git.ts and setup/install.ts) - Update stale nomic-embed-text reference in SKILLS-ARTIFACT-V1-PLAN.md to current BAAI/bge-m3 at 1024 dims - Fix uppercase display text in internal doc cross-references Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --- Build: pass \| Tests: pass — Tests 603 passed (603) 2026-04-06 02:15:41 +00:00			- use `10.0.0.0/24` as the default internal jail subnet
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`- create persistent service jails as thick VNET jails`
			`- create workers as thin jails from the current profile logic`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
			`## Bootstrap`

			```sh
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`pkg install -y bastille`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00			`bastille bootstrap -p 15.0-RELEASE`
			```

docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Canonical Service Jails`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Default fixed service slots:`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs(architecture): align docs with live naming and docs topology --- Build: pass \| Tests: pass — Tests 2017 passed (2017) --- Build: pass \| Tests: pass — Tests 2017 passed (2017) 2026-04-27 21:26:40 +02:00			- `db` on `<subnet>.3`
			- `cms` on `<subnet>.4`
			- `llama-cpp` on `<subnet>.5` (llama-server, embeddings)
			- `git` on `<subnet>.6`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs(architecture): align docs with live naming and docs topology --- Build: pass \| Tests: pass — Tests 2017 passed (2017) --- Build: pass \| Tests: pass — Tests 2017 passed (2017) 2026-04-27 21:26:40 +02:00			`The operator controlplane is not a jail in the current model. It runs on the`
			FreeBSD host and is published at `ai.<internal_base>`.

			`Example bring-up for the default install:`
Document Bastille destroy and pf warnings 2026-03-08 14:20:35 +01:00
			```sh
docs(architecture): align docs with live naming and docs topology --- Build: pass \| Tests: pass — Tests 2017 passed (2017) --- Build: pass \| Tests: pass — Tests 2017 passed (2017) 2026-04-27 21:26:40 +02:00			`bastille create -T -B -g <subnet>.1 db 15.0-RELEASE <subnet>.3/24 warden0`
			`bastille create -T -B -g <subnet>.1 cms 15.0-RELEASE <subnet>.4/24 warden0`
			`bastille create -T -B -g <subnet>.1 git 15.0-RELEASE <subnet>.6/24 warden0`
Document Bastille destroy and pf warnings 2026-03-08 14:20:35 +01:00			```

docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Apply internal hostnames after creation:`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
			```sh
docs(architecture): align docs with live naming and docs topology --- Build: pass \| Tests: pass — Tests 2017 passed (2017) --- Build: pass \| Tests: pass — Tests 2017 passed (2017) 2026-04-27 21:26:40 +02:00			`bastille config cms set host.hostname cms.home.arpa`
			`bastille config git set host.hostname git.home.arpa`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00			```

docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Worker Bring-Up`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			Workers are derived from `AGENT_NAME` and start in the high range:
Add controlplane operator doc 2026-03-09 14:03:25 +01:00
docs: standardize subnet to 10.0.0 + fix stale references All docs now use 10.0.0.x as the canonical example subnet, matching the code default in config.ts and shell-env.sh. Previously docs used a mix of 192.168.100.x (architecture docs) and 10.0.1.x (install docs). Also: - Fix dead link to setup-wizard.ts in git-storage.md (now points to setup/git.ts and setup/install.ts) - Update stale nomic-embed-text reference in SKILLS-ARTIFACT-V1-PLAN.md to current BAAI/bge-m3 at 1024 dims - Fix uppercase display text in internal doc cross-references Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --- Build: pass \| Tests: pass — Tests 603 passed (603) 2026-04-06 02:15:41 +00:00			- default worker: `10.0.0.101`
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`- future networked workers continue upward from there`
Add controlplane operator doc 2026-03-09 14:03:25 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Use the setup path rather than hand-writing worker create commands:`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
			```sh
Standardize just command shortcuts in docs --- Build: pass \| Tests: FAIL — Tests 10 failed \| 928 passed (938) 2026-04-12 16:38:52 +00:00			`just setup -- --step jails --create`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00			```

docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Networking`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`The intended host-side network is:`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			- bridge: `warden0`
docs: standardize subnet to 10.0.0 + fix stale references All docs now use 10.0.0.x as the canonical example subnet, matching the code default in config.ts and shell-env.sh. Previously docs used a mix of 192.168.100.x (architecture docs) and 10.0.1.x (install docs). Also: - Fix dead link to setup-wizard.ts in git-storage.md (now points to setup/git.ts and setup/install.ts) - Update stale nomic-embed-text reference in SKILLS-ARTIFACT-V1-PLAN.md to current BAAI/bge-m3 at 1024 dims - Fix uppercase display text in internal doc cross-references Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --- Build: pass \| Tests: pass — Tests 603 passed (603) 2026-04-06 02:15:41 +00:00			- gateway: `10.0.0.1`
			- jailed subnet: `10.0.0.0/24`
Add controlplane operator doc 2026-03-09 14:03:25 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			If a VNET jail comes up without a `default` route, treat that as a provisioning
			`defect and fix the create command rather than applying ad hoc routes later.`
Add controlplane operator doc 2026-03-09 14:03:25 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Packages and Roles`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Current setup steps own the jail bootstrap contract:`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			- `db` installs PostgreSQL + pgvector
			- `git` installs plain git storage
docs(architecture): align docs with live naming and docs topology --- Build: pass \| Tests: pass — Tests 2017 passed (2017) --- Build: pass \| Tests: pass — Tests 2017 passed (2017) 2026-04-27 21:26:40 +02:00			- `cms` installs nginx and the Astro/Starlight web baseline; optional Strapi
			`content/bootstrap remains internal and deployment-specific`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Do not bootstrap a separate operator jail. The FreeBSD host is the operator`
			`surface.`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## ZFS Layout`
Adopt day-first snapshot naming baseline 2026-03-08 18:51:48 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`With the default Bastille + Clawdie settings, datasets should live under a`
			`project prefix such as:`
Adopt day-first snapshot naming baseline 2026-03-08 18:51:48 +01:00
			```text
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`zroot/clawdie-runtime/jails`
			`zroot/clawdie-runtime/releases`
			`zroot/clawdie-runtime/templates`
Adopt day-first snapshot naming baseline 2026-03-08 18:51:48 +01:00			```

docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Snapshots`
Adopt day-first snapshot naming baseline 2026-03-08 18:51:48 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`Snapshot persistent service jails before risky changes, for example:`
Adopt day-first snapshot naming baseline 2026-03-08 18:51:48 +01:00
			```sh
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`zfs snapshot zroot/clawdie-runtime/jails/clawdie-db@pre-schema-14.mar.2026-1200`
			`zfs snapshot zroot/clawdie-runtime/jails/clawdie-cms@pre-strapi-14.mar.2026-1230`
Add Bastille and jail networking docs 2026-03-08 09:18:35 +01:00			```

docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			Use user-facing snapshot names in `DD.mmm.YYYY-HHMM` format.
Expand Warden runtime model 2026-03-08 11:00:52 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`## Current Direction`
Expand Warden runtime model 2026-03-08 11:00:52 +01:00
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			`- host orchestrator on FreeBSD`
			`- Bastille-managed service and worker jails`
			`- no dedicated operator jail in the active model`
docs(architecture): align docs with live naming and docs topology --- Build: pass \| Tests: pass — Tests 2017 passed (2017) --- Build: pass \| Tests: pass — Tests 2017 passed (2017) 2026-04-27 21:26:40 +02:00			- shared internal surfaces named by role: `ai`, `cms`, `git`
docs: polish host-first FreeBSD runtime model 2026-03-14 20:11:34 +01:00			- public web serving delegated to the `cms` jail instead of host nginx ownership