Add bastion and certificate jails.

ansible/roles/jail/files/fstab_bastion

@@ -0,0 +1,4 @@
+tmpfs /jail/bastion/tmp tmpfs rw,mode=777 0 0
+tmpfs /jail/bastion/var/run tmpfs rw,mode=755 0 0
+
+/jail/certificate/usr/local/etc/letsencrypt/archive/stuff.fizz.buzz       /jail/bastion/stuff.fizz.buzz     nullfs    ro,noexec     0      0

ansible/roles/jail/files/jails/bastion.conf

@@ -0,0 +1,15 @@
+bastion {
+    path = "/jail/${name}";
+    vnet;
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
+    vnet.interface += "jail${name}";
+
+    devfs_ruleset = 14;
+    mount.devfs;
+    mount.fstab = "/etc/fstab.${name}";
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}

ansible/roles/jail/files/jails/certificate.conf

@@ -0,0 +1,15 @@
+certificate {
+    path = "/jail/${name}";
+    vnet;
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
+    vnet.interface += "jail${name}";
+
+    devfs_ruleset = 14;
+    mount.devfs;
+    mount.fstab = "/etc/fstab.${name}";
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}