How's the UX for jails these days? I remember trying to use it barebones and also some of the wrappers.

Bastille is very nice to use. You can spin up a jail with a simple `doas bastille create myjail 10.0.0.1` or whatever. Bastillefiles stand in as Dockerfile analogs, if you want to go that route (you have to create the jail, then apply the template, rather than doing it in a single command).

One nice thing is cloning a jail (which can be done live if using ZFS) to spin up a dev/test environment on a different IP. Or setting up a jail to try some different configurations and not having to worry about resetting things on your main host.

I've set up a storage jail with no network access, then a couple of service jails that dip into it at various mount points/permissions. It's total overkill for what I'm doing, but the point is to learn, tinker, and have fun.

I've started using Bastille recently, it allows using Dockerfile-like 'templates' to provision jails. I like this because I can destroy and recreate the jails easily, particularly to move to a new release (without having to do in-place upgrades synced to the host version, which is how I used to do it).