Controlling Tinderbox from within a FreeBSD jail

How to control a Ports Tinderbox from within a FreeBSD jail
The problem:
By default, FreeBSD jails do not allow nullfs or NFS mounts from within the jail.
As Tinderbox requires either an NFS or nullfs mount to operate, this makes Tinderbox
operation from within a jail impossible.
The solution:
The goal here was simple: implement a way where a jail can control both the Tinderbox
web interface and the build queue without requiring chroot(8) access from the host.

The end result of the following configuration is this:

• A jail that is fully capable of creating build queue entries and new
  builds¹
• A jail that hosts the Tinderbox web interface
• A jail host that performs the tasks called from within the jail, for example
  performing the actual builds

1 – Note that because FreeBSD jails cannot use chflags(8), you will still
need to create the Tinderbox jails from within the host.

It is assumed you have already created a FreeBSD jail for Tinderbox use.

Host configuration – install the basic Tinderbox dependencies:

• Using make config, enable only the database client you
  need
• Install Tinderbox from Ports
• Create a nullfs mount from the host to the same logical
  path within the jail
• For example, if your host Tinderbox directory is /usr/local/tinderbox,
  the path within the jail must be the same.

Jail configuration – install the remaining Tinderbox dependencies:

• Install your favorite database server (and client)
• Install your favorite web server with PHP
• Install the PHP database connection dependencies

Getting started:

• Enable tinderd in the host /etc/rc.conf
• Install your Tinderbox jails as you normally would
• Log into the jail, install your Ports trees, and configure your builds
• At this point, you will be able to configure and control your Tinderbox build
  environment from within your FreeBSD jail, including queueing from the web
  interface