Template registry
GET /templates is the source of truth for what the gateway
can create. POST /templates/reload rescans the template
roots without restarting the gateway.
Jail templates are ZFS datasets ending in -template with a
signed @base snapshot. bhyve templates are image entries
under the bhyve template root plus optional sidecar config.
OCI imports
POST /templates with a body like
from = oci:<ref>
imports an OCI root filesystem into a jail template. This is the
bring-your-own-image path for FreeBSD-compatible images.
The nginx BYOI receipt uses this shape: an nginx template, port 80 in
the jail, and wildcard DNS routing through
<port>-<id>.coppice.lan.
Desktop template
The desktop template starts openbox, Firefox, xterm,
xclock, and xeyes. The portal exposes both VNC and RDP tabs with
clipboard buttons, Ctrl-Alt-Del, and adaptive resize.
Use desktop when visual/manual interaction matters. Use browser/CDP when you want automation and screenshots.
Linux, Windows, and GPU
Linux and Windows run through bhyve templates. Linux guests are pooled for fast checkout and support SSH-backed shell/exec. Windows guests use the bhyve framebuffer console.
GPU passthrough is a Linux bhyve feature: honor binds the NVIDIA device
to ppt(4), the template sidecar adds passthrough slots, and
the receipt requires in-guest nvidia-smi. CUDA kernel
receipts and reset behavior are the next hardening pass.
Signing
Template signatures are over the ZFS snapshot GUID, not a mutable path.
When COPPICE_REQUIRE_SIGNED_TEMPLATES=1, unsigned or
tampered templates fail before clone.