Add sftp jail.

ansible/environments/home/host_vars/homeserver

@@ -51,6 +51,9 @@ jail_list:
   - name: dagger
     conf:
       src: dagger
+  - name: sftp
+    conf:
+      src: sftp
   - name: mumble
     conf:
       src: mumble

ansible/roles/jail/files/jails/sftp.conf

@@ -0,0 +1,14 @@
+sftp {
+    path = "/jail/${name}";
+    vnet;
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
+    vnet.interface += "jail${name}";
+
+    devfs_ruleset = 14;
+    mount.devfs;
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}

ansible/roles/jail/templates/new_jail.bash.j2

@@ -31,10 +31,26 @@ function by_bin {
     for component in base ports; do fetch $SOURCEURL/$component.txz -o - | tar -xf - -C "$DESTDIR" ; done
 }
 
+function by_pkg {
+    local config
+    config=$(cat <<EOF
+base: {
+    url: "https://pkg.freebsd.org/FreeBSD:14:amd64/base_latest",
+    mirror_type: "none",
+    enabled: yes,
+    priority: 100
+}
+EOF
+             )
+    IGNORE_OSVERSION=yes pkg --rootdir "$DESTDIR" --config <(cat <<<"$config") install --repository base --yes --glob 'FreeBSD-*'
+}
+
 if [ "$1" = "src" ]; then
     by_src
 elif [ "$1" = "bin" ]; then
     by_bin
+elif [ "$1" = "pkg" ]; then
+    by_pkg
 else
     die "First argument must be either 'src' or 'bin', got $1"
 fi