🚀 In Active Development — Join the Waitlist

FreeBSD Jails,
Under Control

A REST API and web dashboard for managing FreeBSD jails via Bastille. Create, configure, and monitor — without the SSH marathon.

Get Early Access See How It Works

curl — yardctl API

# Create a jail in seconds
$ curl -X POST https://your-host:8080/api/jails \
  -H "Authorization: Bearer $YARDCTL_KEY" \
  -d '{"name":"web01","release":"15.0-RELEASE","ip":"10.0.0.5"}'
 
{ "message": "Jail created successfully",
  "jail": {
    "name": "web01",
    "release": "15.0-RELEASE",
    "ip": "10.0.0.5"
  }
}

Managing Jails Shouldn't Be This Tedious

Bastille is powerful. But the CLI-only workflow adds friction at every step.

Without YardCtl

SSH in, type commands manually every time
Easy to mess up (wrong netmask, mount paths, permissions)
No way to automate jail provisioning
Can't integrate with CI/CD or Terraform
No visual overview of your jails
Troubleshooting means grepping logs on the host

With YardCtl

Create, start, stop, destroy via API or dashboard
Smart defaults fix common mistakes automatically
REST API for scripting and automation
Works with Ansible, Terraform, any HTTP client
Clean web dashboard with status at a glance
Audit log tracks every operation

Built for Real Sysadmins

Everything you need to manage jails at scale. No fluff, no cloud dependency.

📡

REST API

18 endpoints covering the full jail lifecycle. Create, configure, mount, network, start, stop, destroy — all via HTTP.

🌐

Web Dashboard

Visual jail management with real-time status, configuration editing, and one-click operations. Dark theme because we're not savages.

🎯

Smart Defaults

Automatically sets /24 netmask, normalizes release names, validates jail names for VNET — catches mistakes before Bastille does.

🔍

Network Scanner

Detects interfaces, scans for available IPs, suggests the next free address. No more IP collisions.

🔒

API Key Auth

SHA-256 hashed keys, bootstrap flow for first setup, protected jails list, lockout protection. Security that doesn't get in the way.

📋

Audit Log

Every create, start, stop, destroy is logged with who, what, when. Full accountability for your infrastructure.

Three Steps to Sanity

YardCtl runs on your FreeBSD host alongside Bastille. Nothing leaves your machine.

# Create a jail with one API call
POST /api/jails

{
  "name": "web01",
  "release": "15.0-RELEASE",
  "ip": "10.0.0.5/24",
  "config": {
    "boot": true,
    "vnet": true
  }
}

# YardCtl handles:
# → Release name normalization (strips -pN suffix)
# → VNET netmask fix (auto-applies /24)
# → Input validation (name, IP format, conflicts)
# → Audit logging

# List all jails with status
GET /api/jails

# Response:
{
  "jails": [
    {
      "name": "web01",
      "jid": "1",
      "state": "Up",
      "ip": "10.0.0.5"
    },
    {
      "name": "db01",
      "jid": "2",
      "state": "Up",
      "ip": "10.0.0.6"
    }
  ]
}

# Read a jail's configuration
GET /api/config/web01

# Set a config property
POST /api/config/web01/allow.mlock

{ "value": "1" }

# Manage mounts
POST /api/mounts/web01

{
  "hostPath": "/tank/media",
  "jailPath": "/mnt/media",
  "mode": "rw"
}

# Scan for available IPs on your network
GET /api/network/scan

# Response:
{
  "subnet": "10.0.0.0/24",
  "available": [
    "10.0.0.5",
    "10.0.0.6",
    "10.0.0.7"
  ],
  "used": [
    "10.0.0.1",
    "10.0.0.2",
    "10.0.0.3"
  ]
}

# List network interfaces
GET /api/network/interfaces

Who It's For

If you run FreeBSD jails, YardCtl fits your workflow.

🏢 Hosting Providers

Provision customer jails via API when they sign up. Automate the entire lifecycle from creation to teardown.

🔧 DevOps Teams

Deploy dev, staging, and production jails through Terraform or Ansible. No more SSH scripts that break at 3am.

🏠 Home Lab

Manage your Plex, Samba, Transmission jails through a clean web UI. See everything at a glance.

🎓 Learning & Testing

Spin up jails to test configs, experiment with services, and tear them down. Fast iteration without the friction.

Self-Hosted. Always.

YardCtl runs on your machine, talks to your Bastille install. Zero cloud dependency. Your infrastructure, your rules.

Requires FreeBSD 14+ with Bastille and Node.js 22+.
Install script coming soon — join the waitlist to get notified.

Simple Pricing

All features included in every tier. No feature gating — just scale when you're ready.

Free

For personal use and small labs

Up to 5 jails
All features included
REST API + Web Dashboard
Community support
Self-hosted

Get Started Free

Questions

When will YardCtl launch?

We're actively building the MVP. The API is functional with 18 endpoints and a working web dashboard. Beta access is coming soon for waitlist members.

Will it work with my existing Bastille setup?

Yes. YardCtl wraps Bastille — it doesn't replace it. Your existing jails stay untouched. You can still use Bastille directly whenever you want. YardCtl just gives you an API and UI on top.

Is it really self-hosted? No phone-home?

100% self-hosted. YardCtl runs on your FreeBSD host as a service. It talks to Bastille locally. No cloud, no telemetry, no external dependencies. Your data stays on your machine.

What about iocage support?

We're focused on Bastille first since it's the most actively maintained jail manager. iocage support is possible in the future if there's demand — let us know.

What's the tech stack?

TypeScript + Node.js 22 + Hono (HTTP framework). SQLite for local storage. Vue 3 + Vite for the web dashboard. Runs on FreeBSD with the Node.js package from ports/pkg.

Can I pay with Bitcoin?

Yes. We accept BTC (including Lightning Network), USDT, USDC, and SOL alongside traditional card payments via Stripe. Crypto payments get 10% off annual plans.

Get Early Access

Join the waitlist for beta access and early-bird pricing. No spam, just launch updates.

FreeBSD Jails,Under Control