New CS Student: Migrating to FreeBSD - Questions about Service Management and Identity Management
Hello everyone,
I'm a first-semester CS student from Germany, currently switching from Fedora to FreeBSD on my desktop. I still run Fedora on my laptop.
I work part-time at our university's data center, helping with the maintenance of an OpenStack private cloud because I am truly eager to learn how to operate systems.
I plan to repurpose my desktop as a server to host some services locally in my student dormitory. I'm excited about FreeBSD and hope that learning it will help me run and administer services with minimal effort long-term. It would be great to manage my own infrastructure while being confident that updates won't break my system or require relearning everything.
I have several questions:
What are the recommended patterns for hosting multiple services on a single server like bsd.cafe does ? Should I create a new user for each service (e.g., Lemmy, Forgejo), or should I run them all under the same user with multiple jails?
Is there a good identity management solution for FreeBSD? In the Fedora/Red Hat communities, people tend to use FreeIPA, but I haven't found an equivalent for FreeBSD yet. I'd like to provide my friends with single accounts that would give them access to services like Forgejo and Lemmy.
FreeBSD ships with jails in the base system, those offer a nice way to isolate services.
Its also realy easy to create one:
bsdinstall jail <empty folder>
This will guide you through the interactive system install for a jail install. Have a look in jail.conf, and maybe grab a sample config from the handbook. If that is a little involved, you could also install a jailmanager like ipcage or ezjail. (Truenas was a nice webui but wont get updates much longer)
Combined with zfs datasets for the different services, you can even get different snapshot and backup options for the different jails and services.
Thanks a lot for this comprehensive answer! I will watch the talk now.
I didn't know that there is an interactive jail install. Thats very usefull.
I have one more question. Could I do all of this also on GhostBSD ? Or what would be the advantages of FreeBSD?
My reasoning is that Ghost BSD is already configured for running a graphical user interface.
since i forgot to answer the identity part, to get single signon for the services, you can use somthing like keycloak, but not all services support oidc signin. if you need freeipa or AD, you can always use a bhyve vm