Cleanup whitespace

CODE-OF-CONDUCT.md

@@ -71,4 +71,3 @@ This Code of Conduct is adapted from the [Contributor Covenant][homepage], versi
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 
 [homepage]: https://www.contributor-covenant.org
-

README.md

@@ -43,7 +43,7 @@ Usage:
 
 Available Commands:
   bootstrap   Bootstrap a FreeBSD release for container base.
-  clone       Clone an existing container. 
+  clone       Clone an existing container.
   cmd         Execute arbitrary command on targeted container(s).
   clone       Clone an existing container.
   console     Console into a running container.
@@ -163,9 +163,9 @@ container at `10.17.89.45`.
 
 Finally, enable and (re)start the firewall:
 
-## dynamic rdr 
+## dynamic rdr
 
-The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the 
+The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
 `bastille rdr` command at runtime - eg.
 
 ```
@@ -176,7 +176,7 @@ The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
 ```
 
   Note that if you are rediirecting ports where the host is also listening
-  (eg. ssh) you should make sure that the host service is not listening on 
+  (eg. ssh) you should make sure that the host service is not listening on
   the cloned interface - eg. for ssh set sshd_flags in rc.conf
 
 ## Enable pf rules
@@ -268,7 +268,7 @@ default this value is set to "base". Additional components are added, space
 separated, without file extension.
 
 Bastille will attempt to fetch the required archives if they are not found in
-the `cache/$RELEASE` directory. 
+the `cache/$RELEASE` directory.
 
 Downloaded artifacts are stored in the `cache/RELEASE` directory. "bootstrapped"
 releases are stored in `releases/RELEASE`.
@@ -782,7 +782,7 @@ root@folsom:~ #
 
 At this point you are logged in to the container and have full shell access.
 The system is yours to use and/or abuse as you like. Any changes made inside
-the container are limited to the container. 
+the container are limited to the container.
 
 
 bastille cp
@@ -808,8 +808,8 @@ bastille rdr
 ------------
 
 `bastille rdr` allows you to configure dynamic rdr rules for your containers
-without modifying pf.conf (assuming you are using the `bastille0` interface 
-for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf 
+without modifying pf.conf (assuming you are using the `bastille0` interface
+for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf
 as described in the Networking section).
 
 ```shell
@@ -907,7 +907,7 @@ Note: On UFS systems containers must be stopped before export.
 ishmael ~ # bastille export folsom
 Exporting 'folsom' to a compressed .xz archive.
 Sending zfs data stream...
-  100 %     1057.2 KiB / 9231.5 KiB = 0.115                   0:01             
+  100 %     1057.2 KiB / 9231.5 KiB = 0.115                   0:01
 Exported '/usr/local/bastille/jails/backups/folsom_2020-01-26-19:23:04.xz' successfully.
 
 ```
@@ -923,7 +923,7 @@ File validation successful!
 Importing 'folsom' from compressed .xz archive.
 Receiving zfs data stream...
 /usr/local/bastille/jails/backups/folsom_2020-01-26-19:22:23.xz (1/1)
-  100 %      626.4 KiB / 9231.5 KiB = 0.068                   0:02             
+  100 %      626.4 KiB / 9231.5 KiB = 0.068                   0:02
 Container 'folsom' imported successfully.
 ```
 
@@ -1020,7 +1020,7 @@ limit the target areas available to anyone that has (or has gained) access.
 Networking Tips
 ===============
 
-Tip #1: 
+Tip #1:
 -------
 Ports and destinations can be defined as lists. eg;
 ```
@@ -1032,7 +1032,7 @@ round-robin between containers with ips 45, 46, 47, and 48 (on ports 80 or
 443).
 
 
-Tip #2: 
+Tip #2:
 -------
 Ports can redirect to other ports. eg;
 ```

docs/Makefile

@@ -16,4 +16,4 @@ help:
 # Catch-all target: route all unknown targets to Sphinx using the new
 # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
 %: Makefile
-	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/chapters/jail-config.rst

@@ -45,7 +45,7 @@ devfs_ruleset
     effective and enforce_statfs is set to a value lower than 2.
     Devfs rules and rulesets cannot be viewed or modified from inside
     a jail.
-   
+
     NOTE: It is important that only appropriate device nodes in devfs
     be exposed to a jail; access to disk devices in the jail may
     permit processes in the jail to bypass the jail sandboxing by
@@ -178,32 +178,31 @@ cases.
   The kernel runs with five different security levels.  Any super-user
   process can raise the level, but no process can lower it.  The security
   levels are:
-   
+
   -1    Permanently insecure mode - always run the system in insecure mode.
         This is the default initial value.
-   
+
   0     Insecure mode - immutable and append-only flags may be turned off.
         All devices may be read or written subject to their permissions.
-   
+
   1     Secure mode - the system immutable and system append-only flags may
         not be turned off; disks for mounted file systems, /dev/mem and
         /dev/kmem may not be opened for writing; /dev/io (if your platform
         has it) may not be opened at all; kernel modules (see kld(4)) may
         not be loaded or unloaded.  The kernel debugger may not be entered
         using the debug.kdb.enter sysctl.  A panic or trap cannot be forced
         using the debug.kdb.panic and other sysctl's.
-   
+
   2     Highly secure mode - same as secure mode, plus disks may not be
         opened for writing (except by mount(2)) whether mounted or not.
         This level precludes tampering with file systems by unmounting
         them, but also inhibits running newfs(8) while the system is multi-
         user.
-   
+
         In addition, kernel time changes are restricted to less than or
         equal to one second.  Attempts to change the time by more than this
         will log the message "Time adjustment clamped to +1 second".
-   
+
   3     Network secure mode - same as highly secure mode, plus IP packet
         filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) cannot be
         changed and dummynet(4) or pf(4) configuration cannot be adjusted.
-

docs/chapters/networking.rst

@@ -95,20 +95,20 @@ Create the firewall rules:
 .. code-block:: shell
 
   ext_if="vtnet0"
-  
+
   set block-policy return
   scrub in on $ext_if all fragment reassemble
   set skip on lo
 
   table <jails> persist
   nat on $ext_if from <jails> to any -> ($ext_if)
-  
+
   ## static rdr example
   ## rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45
 
   ## dynamic rdr anchor (see below)
   rdr-anchor "rdr/*"
-  
+
   block in all
   pass out quick modulate state
   antispoof for $ext_if inet
@@ -127,7 +127,7 @@ to containers are:
 .. code-block:: shell
 
   nat on $ext_if from <jails> to any -> ($ext_if)
-  
+
   ## static rdr example
   ## rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45
 
@@ -141,7 +141,7 @@ containers at `10.17.89.45`.
   ## dynamic rdr anchor (see below)
   rdr-anchor "rdr/*"
 
-The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the 
+The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
 `bastille rdr` command at runtime - eg.
 
   bastille rdr <jail> tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail
@@ -150,7 +150,7 @@ The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
   bastille rdr <jail> clear       # Clear dynamic rdr rules
 
   Note that if you are redirecting ports where the host is also listening
-  (eg. ssh) you should make sure that the host service is not listening on 
+  (eg. ssh) you should make sure that the host service is not listening on
   the cloned interface - eg. for ssh set sshd_flags in rc.conf
 
   sshd_flags="-o ListenAddress=<hostname>"

docs/chapters/subcommands/bootstrap.rst

@@ -25,7 +25,7 @@ To `bootstrap` a release, run the bootstrap sub-command with the
 release version as the argument.
 
 .. code-block:: shell
-    
+
   ishmael ~ # bastille bootstrap 11.3-RELEASE [update]
   ishmael ~ # bastille bootstrap 12.0-RELEASE
   ishmael ~ # bastille bootstrap 12.1-RELEASE

docs/chapters/subcommands/console.rst

@@ -9,25 +9,25 @@ root login.
   ishmael ~ # bastille console folsom
   [folsom]:
   FreeBSD 12.1-RELEASE-p1 GENERIC
-  
+
   Welcome to FreeBSD!
-  
+
   Release Notes, Errata: https://www.FreeBSD.org/releases/
   Security Advisories:   https://www.FreeBSD.org/security/
   FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
   FreeBSD FAQ:           https://www.FreeBSD.org/faq/
   Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
   FreeBSD Forums:        https://forums.FreeBSD.org/
-  
+
   Documents installed with the system are in the /usr/local/share/doc/freebsd/
   directory, or can be installed later with:  pkg install en-freebsd-doc
   For other languages, replace "en" with a language code like de or fr.
-  
+
   Show the version of FreeBSD installed:  freebsd-version ; uname -a
   Please include that output and any error messages when posting questions.
   Introduction to manual pages:  man man
   FreeBSD directory layout:      man hier
-  
+
   Edit /etc/motd to change this login announcement.
   root@folsom:~ #
 

docs/chapters/subcommands/cp.rst

@@ -7,15 +7,15 @@ This command allows efficiently copying files from host to container(s).
 
   ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf etc/resolv.conf
   [bastion]:
-  
+
   [unbound0]:
-  
+
   [unbound1]:
-  
+
   [squid]:
-  
+
   [nginx]:
-  
+
   [folsom]:
 
 Unless you see errors reported in the output the `cp` was successful.

docs/chapters/subcommands/create.rst

@@ -13,7 +13,7 @@ bootstrapped release and a private (rfc1918) IP address.
 .. code-block:: shell
 
   ishmael ~ # bastille create folsom 11.3-RELEASE 10.17.89.10 [interface]
-  
+
   RELEASE: 11.3-RELEASE.
   NAME: folsom.
   IP: 10.17.89.10.

docs/chapters/subcommands/htop.rst

@@ -2,7 +2,7 @@
 htop
 ====
 
-This one runs `htop` inside the container. 
+This one runs `htop` inside the container.
 note: won't work if you don't have htop installed in the container.
 
 

docs/chapters/subcommands/pkg.rst

@@ -23,7 +23,7 @@ To manage binary packages within the container use `bastille pkg`.
   All repositories are up to date.
   Updating database digests format: 100%
   The following 10 package(s) will be affected (of 0 checked):
-  
+
   New packages to be INSTALLED:
       vim-console: 8.1.0342
       git-lite: 2.19.1
@@ -35,12 +35,12 @@ To manage binary packages within the container use `bastille pkg`.
       pcre: 8.42
       gettext-runtime: 0.19.8.1_1
       indexinfo: 0.3.1
-  
+
   Number of packages to be installed: 10
-  
+
   The process will require 77 MiB more space.
   17 MiB to be downloaded.
-  
+
   Proceed with this action? [y/N]: y
   [folsom] [1/10] Fetching vim-console-8.1.0342.txz: 100%    5 MiB   5.8MB/s    00:01
   [folsom] [2/10] Fetching git-lite-2.19.1.txz: 100%    4 MiB   2.1MB/s    00:02
@@ -77,7 +77,7 @@ To manage binary packages within the container use `bastille pkg`.
   [folsom] [9/10] Extracting git-lite-2.19.1: 100%
   [folsom] [10/10] Installing zsh-5.6.2...
   [folsom] [10/10] Extracting zsh-5.6.2: 100%
-    
+
 
 The PKG sub-command can, of course, do more than just `install`. The
 expectation is that you can fully leverage the pkg manager. This means,
@@ -97,7 +97,7 @@ expectation is that you can fully leverage the pkg manager. This means,
   Processing candidates (1 candidates): 100%
   Checking integrity... done (0 conflicting)
   Your packages are up to date.
-  
+
   [unbound0]:
   Updating pkg.bastillebsd.org repository catalogue...
   [unbound0] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
@@ -109,7 +109,7 @@ expectation is that you can fully leverage the pkg manager. This means,
   Processing candidates (0 candidates): 100%
   Checking integrity... done (0 conflicting)
   Your packages are up to date.
-  
+
   [unbound1]:
   Updating pkg.bastillebsd.org repository catalogue...
   [unbound1] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
@@ -121,7 +121,7 @@ expectation is that you can fully leverage the pkg manager. This means,
   Processing candidates (0 candidates): 100%
   Checking integrity... done (0 conflicting)
   Your packages are up to date.
-  
+
   [squid]:
   Updating pkg.bastillebsd.org repository catalogue...
   [squid] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
@@ -133,7 +133,7 @@ expectation is that you can fully leverage the pkg manager. This means,
   Processing candidates (0 candidates): 100%
   Checking integrity... done (0 conflicting)
   Your packages are up to date.
-  
+
   [nginx]:
   Updating pkg.bastillebsd.org repository catalogue...
   [nginx] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
@@ -144,14 +144,14 @@ expectation is that you can fully leverage the pkg manager. This means,
   Checking for upgrades (1 candidates): 100%
   Processing candidates (1 candidates): 100%
   The following 1 package(s) will be affected (of 0 checked):
-  
+
   Installed packages to be UPGRADED:
       nginx-lite: 1.14.0_14,2 -> 1.14.1,2
-  
+
   Number of packages to be upgraded: 1
-  
+
   315 KiB to be downloaded.
-  
+
   Proceed with this action? [y/N]: y
   [nginx] [1/1] Fetching nginx-lite-1.14.1,2.txz: 100%  315 KiB 322.8kB/s    00:01
   Checking integrity... done (0 conflicting)

docs/chapters/subcommands/rdr.rst

@@ -3,12 +3,12 @@ rdr
 ===
 
 `bastille rdr` allows you to configure dynamic rdr rules for your containers
-without modifying pf.conf (assuming you are using the `bastille0` interface 
-for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf 
+without modifying pf.conf (assuming you are using the `bastille0` interface
+for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf
 as described in the Networking section).
 
-Note: you need to be careful if host services are configured to run 
-on all interfaces as this will include the jail interface - you should 
+Note: you need to be careful if host services are configured to run
+on all interfaces as this will include the jail interface - you should
 sepcify the interface they run on in rc.conf (or other config files)
 
 .. code-block:: shell
@@ -24,5 +24,3 @@ sepcify the interface they run on in rc.conf (or other config files)
     rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
     # bastille rdr dev1 clear
     nat cleared
-
-