00:00:02 ya but this is excessive wear and tear from what i read 00:01:31 what partition scheme should a freebsd bhyve guest get in the bsdinstall zfs configuration dialog? handbook says gpt but bios or uefi? i start the vm with uefi bootroom so i'm assuming GPT (UEFI) right? 00:04:59 why do I keep losing nickserv authentication 00:34:19 doing scripted bsdinstall. why do we have to provide a plain text root password in ROOTPASS_PLAIN? seems like a security risk to have the plaintext pw floating around 01:23:49 Hi, I ran freebsd-update fetch just now and it said that it doesn't want to overwrite /etc/ssh/sshd_config because my version has been changed. Is there a way to diff my version with the would-overwrite version so I can see if the new version has any changes I want to integrate? 01:25:01 adiabatic it would ask you about that 01:25:12 adiabatic usually it says "diff? view? merge?" etc 01:25:58 At only the fetch stage? Or do I have to press on to get prompted to integrate the changes? 01:35:14 adiabatic freebsd-update install 01:35:25 Onward ho, then. 01:35:32 adiabatic good luck! 01:36:06 "No updates are available to install. Run '/usr/sbin/freebsd-update fetch' first." 01:36:14 OK, fair enough… 01:38:25 Just wait around until 14.0 gets released, and then handle it? 01:42:00 8:41 PM good evening im running freebsd 13.2 with bhyve im trying to install and run openbsd within bhyve ive tried the following configuration when trying to boot the vm loader = "uefi" 01:42:00 8:41 PM and im still not able to boot the vm i keep getting the pxe ipv4 02:37:06 doing scripted bsdinstall. why do we have to provide a plain text root password in ROOTPASS_PLAIN? seems like a security risk to have the plaintext pw floating around 02:39:05 I'm configuring a FreeBSD install to get X11 working and I'm on this step: https://docs.freebsd.org/en/books/handbook/x11/#x-config-monitors-xrandr 02:39:06 Title: Chapter 5. The X Window System | FreeBSD Documentation Portal 02:39:24 how can I run xrandr? startx doesn't find the display 02:39:43 sorry, xrandr doesn't find the display. startx doesn't work yet 02:41:19 "no screens found" 02:53:25 rsjw: HW? 02:53:37 + version of FreeBSD, etc. 02:54:35 not sure if my message got through because my irc client was acting wonky: I'm following the guide to get xorg configured but it's asking me to run xrandr to get the screen resolution, but xrandr can't run without xorg working. how can I get around this? 02:54:54 02:53 < coreystephanphd> + version of FreeBSD, etc. 02:54:58 13.2-RELEASE 02:55:14 okay, and on what hardware? 02:56:33 lenovo thinkpad T450. it has an Intel HD Graphics 5500 I believe, but 5500 is not grepping out of dmesg 02:58:05 is X11 supposed to start automatically? 02:58:32 on a new install, I mean 02:59:15 I think the i915kms driver is working though, because I restarted and the console text got smaller 03:00:19 Yes, you do need i915kms 03:00:59 yes, I followed the directions in the guide to install i915kms 03:01:01 https://wiki.freebsd.org/Graphics#Intel_Integrated_Graphics_.28aka_HD_Graphics.29 03:01:02 Title: Graphics - FreeBSD Wiki 03:01:37 I have found that xf86-video-intel, libva-intel-driver, mesa-libs, and mesa-dri tend to be less optional than the guides suggest 03:02:30 Start by making sure that you have drm-kmod, mesa-libs, and mesa-dri installed *AND* kld_list+=i915kms in rc.conf 03:03:08 if you have not changed any xorg settings, try startx again after rebooting and see if you get into TWM or w/e xorg ships with 03:03:13 also, make sure that you have full xorg 03:03:51 how do I make sure I have full xorg? I did pkg install xorg 03:04:09 then you do, good 03:04:46 did you try manually tinkering with any xorg settings? have you installed any wm or de? 03:05:11 and I did install those other things/add that in rc.conf, but rc.conf says = instead of +=. should it be +=? 03:05:28 no, sorry, you have it right 03:06:35 and did you try to change any settings, such as in .xinitrc? 03:06:47 I added 20-intel.conf to make a Section "Device" with the BusID like it said before 03:06:58 without that, I got a different error 03:07:04 ah, that normally should not be required and might even cause a problem 03:07:23 I'll delete it and try again 03:07:52 it *should* just work out-of-the-box on the T450 if you install drm-kmod, mesa-libs, and mesa-dri and make sure to have i915kms load in rc.conf 03:07:53 excellent, deleting it worked 03:07:59 yeah 03:08:03 your custom setting messed it up 03:08:28 is it possible to mount encrypted HFS+ on freebsd? 03:08:30 xorg is very finnicky about such things, but it is supposed to work out-of-the-box on supported Intel iGPUs 03:09:10 it does take some what are IMO unnecessary steps in FreeBSD right now, but that is beside the point. You got it working. Nice 03:10:05 qmr: https://wiki.freebsd.org/HFS -- no 03:10:06 Title: HFS - FreeBSD Wiki 03:10:34 thanks for the help. I did read the box saying that config wasnt normally needed, and I even knew that beforehand, but then I got to the later sections and just started following directions heh 03:12:21 bugger 03:12:44 Any idea why what was a text console is now a blank white screen on my server? 03:12:50 rsjw: FreeBSD's *desktop* documentation is sporadic and randomly spread ATM between Handbook, Wiki, and random forum threads, all of which have varying levels of being up-to-date or not. #freebsd-desktop here in LiberaChat and the Wiki are generally what I consider to be the 2 *best* places for up-to-date info. The Wiki tends to be better on graphics and sound drivers than the Handbook, for 03:12:56 example -- strictly anecdotally/personally speaking. 03:13:20 The Handbook is very sysadmin-centric. 03:13:26 true 03:14:05 qmr: What kind of server, etc.? 03:14:25 anyone seen RhodiumToad? 03:15:58 coreystephanphd: thanks for the tip on #freebsd-desktop, I'll poke my head in there too 03:17:46 rsjw: No problem. Happy to help. #freebsd-desktop can seem like it is all about KDE sometimes, because KDE is kind of the FreeBSD project's 'official' flagship, but it is really a place for people using FreeBSD on desktop to have a separate discussion zone, whereas #freebsd (here) tends to be more about server, enterprise, and other things. 03:18:21 I lurk all around. Join in when I think of it and offer help in those moments. 03:18:30 Just learning, too :) 03:18:52 coreystephanphd: random craigslist bits. was a text console, after some updates and stuff white screen instead. it's a fancy ish mobo with dual nics and oob. intel graphics. oh, I did turn on something in the bios to enable cpu graphics I think too. 03:19:03 mobo e3c226d2I i5 4440 I think 03:20:05 OS updates? 03:20:26 that might have been somewhre in the mix yes 03:20:47 It sounds like you need to find the specific thing that broken the console. It could be a lot of different things. 03:20:51 [root@frisbee /etc]# ps aux|grep X is empty 03:22:06 polyex: I saw Rhodium lurking as recently as last week. Might just have an ISP outage or something. 03:22:29 ah ok. trying to get this scripted bsdinstall set up and kinda stuck hehe 03:24:02 qmr: Well, since I, a rookie, seem to be the helper ATM, ummm...I suppose what I would do in that situation is try to boot into a live environment from a flash drive, maybe with GhostBSD, and make sure that the screen is actually working. Since...you *did* do a hardware upgrade, too, right? (sounds like) 03:24:33 If you can eliminate the hardware itself as the problem, then turn back to the software. look from different angles. 03:25:09 polyex: I would just ask your question and hope for another pro to respond :) 03:26:27 doing scripted bsdinstall. why do we have to provide a plain text root password in ROOTPASS_PLAIN? seems like a security risk to have the plaintext pw floating around 03:30:30 coreystephanphd: yes but console was working on this same hw previously ( had to change NIC references from em0 to igb0 ) 03:47:33 oh just realized ROOTPASS_PLAIN isn't 13.x. damn. so doing scripted bsdinstall, what do we add to the script to set the root password? ideally using the hashed value, not the plain text value. 04:01:32 you can use openssl to get a hashed password value, iirc 04:08:43 ya but how do i use it? 04:09:26 openssl passwd 04:10:41 or use ROOTPASS_ENC in your script 04:14:41 ROOTPASS_ENC is -current only no? 04:15:09 it's in 14 04:15:46 i'm on 13.x so i can't use it 04:15:56 how did ppl set root pw in scripted bsdinstall in 13.x? 04:16:41 does the system have network connectivity? 04:16:53 ya 04:17:07 then drop a ssh key in place and don't set a password 04:19:38 ya, but is there a way to do what i want tho? 04:19:40 jc 04:29:13 run openssl passwd, and write a script to put it in master.passwd 04:30:39 or run 14 >:| 04:37:51 oh so you're saying if there isn't an env var for providing root pw in hashed format, just hardcode it in the script part in a command? 04:38:13 like with a command 04:42:40 yeah 04:42:53 you just have to sed ^root with your hashed full line 04:46:09 i`m out 04:46:19 ty 04:49:52 i set dummy password for root just for the matter of having it and then simply disable the root account on running system. and use doas/su instead 04:50:25 hmm seeing some freebsd or zfs smartness here. rsyncing these old storage SSDs to file server so I can wipe and use for something else, tons of read from the SSD, then brief bursts of full speed writes to the HDDs intermittently 04:50:31 ya me too but i still need to set initial root pw. and i wanna set it with a hash instead of plaintext 04:50:36 trying to figure out how to do that 04:52:21 what's the larger context here? I would say just do that later. you can do it with pssh or ansible or puppet or whatever after the system is provisioned 04:57:20 well rather just make installs right from the start 05:52:08 is it possible to install freebsd "from outside" somehow? I want to create a CF card for a small device (probably using nanobsd), but I don't have any running freebsd systems yet 05:57:10 is there a command to change root's password hash from commandline? 06:15:51 if i have sudo set up, can i just disable root login entirely? (set pw to *) 06:15:54 any downside to that? 06:16:54 Yes. 06:17:14 what're the downside? 06:19:02 None. well, assuming you trust sudo and it's big code base 06:19:28 ya hehe 06:19:40 and all of the normal system level periodic crons and stuff will run? 06:30:58 polyex: one big downside is: what if an upgrade goes awry and sudo doesn't work? 06:31:31 can you think of any others meena? 06:32:21 that's the main point. upgrade goes funny, sudo needs a lib that's in limbo 06:32:44 raspberry pi 5 is coming out 06:32:54 it's literally the main reason we've kept toor around for thirty years 06:33:23 https://reviews.freebsd.org/D40565 06:33:24 Title: ⚙ D40565 Remove toor backup account 06:35:05 wow it's being debated today still 06:35:17 i wonder if it'll be accepted to remove toor? 06:36:01 it's planned for 15.0 06:36:14 we got around two years 06:37:06 the historic reason toor was created was to get a root user defaulting on bourne shell, nothing more, it got useful later, so the reasoning that some are pushing to remove toor is now root is having a bourne shell 06:38:06 looks like default root shell is /bin/csh 06:38:15 so as long as i don't change that, i don't need toor? 06:38:42 not in freebsd 14 06:38:51 the root shell is /bin/sh i freebsd 14 06:38:55 oh the default ... ahhh 06:41:35 toor gecos being literally bourne-again superuser ;) 06:41:50 bapt do you see any problem with me disabling root login (by setting its pw to *) 06:41:58 ? 06:45:26 depends on you, not on me 06:45:40 I really don't see the point of doing it 06:46:25 if i do that then i don't need to set a pw or key for root. isn't that a good enough reason? 06:47:47 then you have your reason, you don't need my opinion on it ;) 06:49:51 there's a few ways to disable login. can set its shell to nologin, can set its pw to *, can also 'lock' the user 06:50:11 apparently setting pw to * stops shell login, but not ssh auth. that's weird 07:19:36 ok i just set root account to a * password AND locked it 07:19:57 didn't touch the shell because it has ignorenologin in login.conf so it would be useless 07:20:05 i miss anything? 07:32:45 Is there a place where I can see all the packages: https://pkgmir.geo.freebsd.org/FreeBSD:14:amd64/latest/All/ gives me a 403 forbidden, same for pkg.freebsd.org 07:38:42 you can use pkg rquery 07:43:58 doing scripted bsdinstall how can i provide config files in the installer iso that the packages installed by the bsdinstall script need? 07:44:50 for example nginx.conf that will end up going into /usr/local/etc/nginx after pkg install nginx in the script part of the bsdinstall script, after its preamble 07:45:08 i don't wanna use heredoc and dump ALL of the configs into the bsdinstall script 07:45:35 actually wanna put as little in bsdinstall script as possible, and leave as much in files that'll just go into the right spot 10:01:15 re: zfs disk partitioning, how can i tell on a running system if GPT (UEFI) or GPT (BIOS + UEFI) was selected during bsdinstall? 10:05:59 sysctl machdep.bootmethod 10:08:16 polyex ^ 10:08:44 NICE!!! 10:11:26 Hey guys, we have a build host running 13.2, which we use, to build the kernel & world from source with a custom kernelconfig and patches to /usrc/src. When then usually mount /usr/src & /usr/obj via nfs on our "productive" servers and run make installkernel installword. That worked without a problem until now, as we want to upgrade from 12.4 to 13.2 - which fails with undefined symbol errors. Do we need a 12.4 build host, where we build 10:11:26 13.2 so that we can install 13.2 by source on the 12.4 servers? 10:13:32 daniel1 do you do scripted bsdinstall? 10:14:53 danel1 10:17:40 danel1 what is the exact error? 10:21:12 polyex: check if you have just efi (gpt/uefi selected) or efi+freebsd-boot (gpt/bios+uefi selected) in gpart show output 10:21:15 polyex: No, we simply use make. 10:21:21 antranigv: ld-elf.so.1: /usr/obj/usr/src/amd64.amd64/tmp/legacy/usr/sbin/make: Undefined symbol "regcomp@FBSD_1.6" 10:23:01 running newer binaries (native make built on 13.2 is "newer") on older host is not supported 10:23:19 it can work, or it can break 10:24:11 thats what we tought.. so we'd have to build 13.2 on a 12.4 build host and then it should work i guess? 10:24:27 yes, that *is* supported :) 10:25:17 danel1 oh yeah, seems like a versioning issue indeed. if you're upgrading from 12.4 to 13.2, then your build machine should be 12.4 :) 10:28:49 well then, i guess we gonna create a new build host... :-) 10:32:11 danel1 good luck! 10:32:27 polyex I do scripted BSD Install, a very complex one. 10:32:36 polyex I think you had a question? 10:32:53 ya tyvm 10:32:58 bsdinstall manpage says for zfs i gotta declare zfsboot_vdev_type and zfsboot_disks to create the pool. but i don't declare zfsboot_vdev_type because its default stripe is what i want. is that ok? 10:33:44 lemme check my scripts 10:34:37 polyex I have `export ZFSBOOT_VDEV_TYPE=stripe` 10:34:56 but that's the default 10:35:28 so why include it? 10:36:07 polyex just to be safe, I guess ¯\_(ツ)_/¯ 10:36:42 hmm 10:36:51 I also have all the other defaults set as well, such as ZFSBOOT_BOOTFS_NAME and ZFSBOOT_BEROOT_NAME 10:37:50 why? 10:39:53 you know never what could go wrong. shell scripts are not very predictable, you know :)) 10:45:13 i got freebsd running zfs. it's a host for bhyve vm guest that's also running freebsd and zfs using a 40G dev volume the host makes for it. there any reason to set copies=2 in the guest vm? can a vol created by the host zfs ever fail and need healing in the guest vm? 10:48:49 antranigv 10:49:58 nah it would be useless to set that inside the guest. use the ZFS features in the guest for better management, i.e. snapshots, clones, whatever you wanna do. but for other things use the host, i.e. raid, copies, etc 10:50:48 yep ok makes sense 10:51:15 doing scripted bsdinstall how can i provide config files in the installer iso that the packages installed by the bsdinstall script need? 10:51:26 do you tar them all up and add them to DISTRIBUTION? 10:51:35 as just another tar.xzf 10:51:41 tgz 10:56:53 antranigv 11:04:54 polyex yup! 11:05:01 that's what we do 11:05:06 we have company.txz 11:05:08 that we ship 11:05:16 and we added that to distribution 11:05:21 that's pretty much it 11:05:30 can that overwrite other files that will be there by default, like /etc/rc.conf with ur own custom? 11:06:16 put your stuff in rc.conf.d/ and don't touch rc.conf 11:06:48 wow, no kidding? 11:07:21 no rc.conf.local either or? 11:10:12 polyex it can, but don't do that. instead use either rc.conf.d or post-install scripts 11:10:32 12:06 put your stuff in rc.conf.d/ and don't touch rc.conf <<= Puppet for instance does this 11:10:51 post install script meaning something in the company.txz that you run from the script part of the bsdinstall script? 11:11:45 polyex yes 11:12:12 ok!! 11:13:07 so i got freebsd running zfs. it's a host for bhyve vm guest that's also running freebsd and zfs. in bsd when i select the disk to use, looks like bhyve created vtbd0 and ada0 for me. vtbd0 worked but ada0 didn't. that make sense? what's ada0 then? 11:20:07 vtbd is for sure the hard drive. what is ada0? you can check in the `dmesg` of the guest 11:20:17 or you can run `gpart show ada0` 11:20:21 or `geom disk list` 11:21:15 hm only the vtbd0 shows up 11:21:22 weird 11:21:57 the ada0 description was something like bhyve SSD 11:22:12 and i could look at the disk info for it through the zfs configuration dialog 11:25:55 looking now 11:26:21 ok got it 11:26:33 disk info option in zfs configuration dialog, shows 2 disks 11:26:39 ada0 bhyve sata disk 11:26:47 vtbd0 virtio block device 11:27:22 antranigv 11:41:50 what devices show in the guest depends on the bhyve config 11:42:11 ada0 is an emulated sata device, vtbd0 is a virtio-blk device 11:43:09 if you boot an installer image, you might get the image on ada0 and the intended destination volume on vtbd0 11:43:17 i see in my bhyve command virtio-blk, but i don't see anywhere i init an ada0 11:43:26 ahhh 11:43:30 how did you run bhyve? 11:43:31 that's p;rolly it 11:44:55 bhyve -AHu -c ... -m ... -w -s 0, amd_hostbridge -s 1, virtio-blk, ... -s 2, virtio-net, tap25 -s 3, ahci-hd, ... 11:45:00 gets pretty long heh 11:45:08 that ahci-hd is the ada0 one 11:45:14 that's what i was thinking 11:45:17 tyvm!!! 11:45:21 good to have you back btw 11:46:12 the vmrun.sh example script adds an ahci-cd or ahci-hd device if you use its -I option, choosing which to use based on whether the filename is *.iso or not 11:50:46 i have a few dozen bhyve vms. i make a tap# interface for each 1 and add it to cloned_interfaces in rc.conf. it's kinda tedious. any way to eliminate that? 12:00:07 So .. the ARC is/can be compressed; I presume this means that there's no additional compression/decompression step to benefit the ARC - it's already compressed on/for disk, so it's "free", in a sense? 12:00:17 Question then is this also applies to encrypted datasets? 12:09:50 My brain hurts.... if I want the same ZFS dastaset mounted rw in two different jails, how? 12:17:54 antranigv yuripv - well now the build on 12.4 fails :-).. cp: /usr/src/sys/modules/irdma/../../dev/ice/ice_rdma.h: Function not implemented 12:21:07 did you install any 13.x binaries on the 12.4 host? 12:23:12 from scrollback, the problem with trying to installworld from an NFS /usr/obj is that the "host" tools in the built world are built for the build host's arch and version, and won't necessarily run on the target host 12:24:11 We didn't. We tried cloning the 13.2 source and run buildkernel / buildworld on there. 12:24:24 on there = on a fbsd 12.4 host 12:24:49 dvl: mount_nullfs ? 12:24:54 What RhodiumToad said, we hit that problem many times. 12:25:16 danel1: When upgrading a 12.4 host, you must do the build on a 12.4 host 12:25:26 thats what i am trying 12:25:50 Ltning: That seems to be the way. In the past, all my nullfs has been readonly. In this case, I want rw. 12:26:38 Ltning: But I see now, that's just history. nullfs can do rw. 12:27:43 dvl: this is not a split-brain situation since it's still the same brain (kernel) 12:28:01 danel1: Good. I've been through this several times and it's bit multiple times. 12:28:47 Ltning: ... we're still talking about nullfs? Yeah, same kernel, so no different than two processes trying to write to the same place (that will be controlled by clients, given the situation). 12:31:49 danel1: and you started with a clean /usr/obj ? 12:31:59 danel1: and no ccache? 12:35:10 Ehrm.. maybe its my fault.. i tried running buildkernel before buildworld.. buildworld now seems to run smothly.. 12:41:19 right, buildworld goes first 12:41:58 when you've built both, remember that you have to do etcupdate -p, installkernel, reboot, installworld 12:58:15 RhodiumToad: For 12.4 to 13.x, does the etcupdate need to be boot strapped? 12:58:23 I recall doing that at work 12:59:14 dunno offhand. I tend to update by building entire new images 13:02:50 antranigv: thanks for your Devuan jail article, there's surprisingly little thorough documentation on the subject 13:04:07 antranigv: reading it a first question comes to mind: why openrc & not sysvinit? 13:04:27 secondly, I love that you mention using /rescue, I just do by nullfs mounting /rescue into /bsd in the Linux jail 13:04:36 veg anytime!. I hope everything worked fine? 13:04:49 I just discovered it, so I haven't given your approach a try 13:05:02 veg sysvinit works fine too, I'm just more familiar with OpenRC because I used to run Gentoo for years 13:05:10 oh, thanks for the clarification 13:05:20 have you encountered issues in running non-vnet Debian jails? 13:05:21 veg that's a good point, we can use nullfs indeed for /resuce -> /native 13:05:54 I haven't gone through the trouble of VNET'ing anything yet 13:06:26 I never run non-VNET Jails, but one of our employees tried it using my guide (but without VNET) and reported that it all worked fine. the only exception is that you'd need to configure the networking via jail/jail.conf instead of /native/ifconfig 13:06:41 right, totally fine for me 13:07:21 veg I can report that, however, with VNET Linux Jails, you can have pf inside Linux :))) NOW LINUX HAS CLEAN WATERS! 13:07:27 hahaha 13:07:39 I just need to add DTrace inside Jails securely, and we'd be on-par with illumos features. 13:07:40 well, just the uname -a kicked me off my chair the first time 13:08:04 I was very interested by Debian kFreeBSD when it was a thing 13:08:13 looks like Debian jails come closest 13:08:52 have you found Devuan jails to be stable & production ready, antranigv? 13:09:31 I was very impressed with speed & performance, seems like the linux compat code is efficient, yet I'm slightly worried to involve more moving parts, and possibly moving parts that won't attract much love from core devs 13:09:33 veg for my use case, yes. but I don't think that I'd recommend it for everyone. 13:10:03 I may be mistaken, and there may be a big crew of FreeBSD devs who are obssessed with Linux emulation, 13:10:06 but it seems somehow unlikely 13:10:06 simplest example: modern epoll is not implemented, hence we cannot run modern nginx. unless we compile it ourselves. 13:11:17 at the moment I just wanna run rtorrent/libtorrent on 10k torrents, I figured out to lift the maximum files limits thanks to compat.linux.default_openfiles, that's a start 13:11:50 but I wonder how network performances could be affected? 13:12:24 what's the problem with running natively? 13:12:36 RhodiumToad: I can't get rtorrent-ps-ch to compile 13:12:55 it has some linuxisms, some patches depending on random_r from glibc 13:13:25 I need to migrate the exact config from a running Debian server, and I can't afford to downgrade to vanilla rtorrent for the time being 13:18:34 veg yeah something like that would most probably work fine. 13:18:44 altho, you don't need a jail for that, maybe try a chroot? 13:18:54 (if you're okay with running it inside tmux :D) 13:18:57 huh. we have code for random_r but it's not exported from libc 13:19:57 I need to learn tmux first, heavy GNU screen user here, but I know "tmux is the way" 13:20:17 true, a chroot might suffice 13:20:32 what's an additional jail amongst friends, though? 13:20:43 especially with zfs snap && zfs clone 13:21:12 interesting RhodiumToad, the other one is initstate_r 13:21:55 but my c++ is non-existent, so aside from using patches from net-p2p/libtorrent to add the proper includes, I haven't made any headway to making rtorrent-ps-ch compile 13:21:58 it's probably not much 13:22:52 I'd be happy to learn how to make a proper port, since I assume FreeBSD is being used as a seedbox/NAS by quite a few people who could see it handy, but I seemingly lack some building blocks 13:23:32 all of random_r, initstate_r, etc. exist in libc but without them being exported, there's no easy way to get at them 13:23:46 veg I created my own, because everything else was way "not my way" 13:24:13 veg you can check it out here. in case you like it too. https://github.com/illuria/jailer/ but it forces stuff. like you have to use ZFS 13:24:14 Title: GitHub - illuria/jailer: Minimal, flexible, and easy-to-expand FreeBSD jail manager. 13:24:22 that's unfortunate, but thank you for the clarification, RhodiumToad 13:24:51 interesting, antranigv, thanks 13:25:12 I actually decided to not use any jail manager for the time being, as I wanted to properly understand what was going on under the hood 13:25:34 bastille looks nice enough, but I figure it will stop being maintained sometime in the future 13:25:41 pot looked like an interesting contender too 13:26:06 but plain jails.conf (& the occasional deboostrap) have been easy enough so far 13:27:01 runj too maybe 13:28:10 interesting polyex, more reading 🤓 13:28:24 looks like your script is "vnet all the way", antranigv, it may force me to try :) 13:28:46 I was reading about some heavy performance penalty for using vnet though? 13:28:56 antranigv what's the key reason to go all in on vnet? 13:28:56 with some workarounds documented on a klara page? 13:29:52 you guys using pf or ipfw? 13:30:13 I want to use pf, polyex, but I haven't started writing my firewall 13:30:22 this leads to a question, however 13:30:34 * RhodiumToad uses ipfw 13:30:43 i use pf and like it but i'm gonna try switching to ipfw. it's the native freebsd fw 13:30:59 I was under the impression that having jails using an IP within the same range as the hosts, on the same interface (bge0 in my case) allowed for not configuring NAT? 13:31:03 may I be mistaken? 13:31:34 vnet or non-vnet jail? 13:32:10 non-vnet jail shares the host's networking, so you just put some alias IP on the host interface and have the jail use that 13:32:22 non-vnet, I have host:bge0(10.30.20.30) & jail:bge0(10.30.20.31) 13:32:35 for vnet jail, you can bridge the jail's epair and the host interface 13:33:14 that should work fine 13:33:19 only networking conf for jail is ip4.addr & interface in jail.conf 13:33:29 well, it does work fine for ping, ssh in/out 13:33:41 but I don't manage to transfer any data using the previously mentionned rtorrent 13:33:54 tried it in a regular jail with rtorrent from ports, same 13:34:05 so I figured I may be missing some pf action 13:34:18 though I fail to understand which 13:34:40 I do launch have rtorrent bind to the jail's IP 13:35:02 I'm guessing it needs inbound connections? I haven't used torrent in years 13:35:10 yes, inbound connections 13:35:37 outbound works fine, ssh'ing from the local network & the host works fine too 13:35:54 sockstat -4 shows outbound, but inbound is a no go 13:36:01 so since you're on a private IP, you must be doing nat _somewhere_, and that's where you need to map inbound connections 13:36:11 I do it on a Linux firewall, yes 13:36:30 the ports are mapped 13:37:18 I'll go through the conf again, but the very same lines work flawlessly when redirecting traffic to the Debian server I need to migrate 13:37:35 once I swap the IP for the FreeBSD jail's, no action 13:38:16 is there a sysctl trigger I may have forgotten? 13:38:45 doubt it... did you check with tcpdump what packets if any are getting through? 13:44:53 I see traffic but length 0 13:45:08 I haven't used tcpdump in a while, I need a crash course I suppose 13:52:00 https://pastebin.com/sehFKWBE 13:52:01 Title: rtorrent to jail - Pastebin.com 13:52:29 (this is an excerpt trying to retrieve a Debian image, should be safe to share) 13:53:11 every 3 months, ansible's acme_certificate module bites me in the arse 13:53:22 and every 3 months, I swear I will replace it with a tiny shell script 13:53:29 and every 3 months, I forget about it 13:54:09 the reason it's not straightforwards is multiple internal & external services, needing DNS-01 auth and some automation 13:54:20 * dch shakes fist at ansible again 13:55:27 veg: there's definitely packets going both ways there? e.g. line 23 has an incoming SYN which leads to an established connection which is then closed cleanly 13:56:51 veg: however, the initiator of the connection sent 68 bytes of data and whatever was running in the jail just acknowledged that and then immediately disconnected 13:57:17 veg: so you might want to check your logs and config for what's in the jail 13:57:25 thank you, RhodiumToad 13:58:06 logs are empty, but I'll double check the config file indeed 13:58:18 vanilla rtorrent (compiled from ports) is what's running 13:58:38 this test is in a plain FreeBSD jail, not the Devuan one running the patched version 14:10:11 OMG RhodiumToad 14:11:07 MANY thanks to you 14:11:19 I don't know what exactly, but it was something in rtorrent's config 14:11:29 thank you so much for pointing me in the right direction 14:11:42 I'll dive into FreeBSD's networking later on as a result :) 14:23:57 yw 15:06:00 RhodiumToad antranigv yuripv Thanks again for your help - it's working as expected now :) 15:49:15 how can I get the volume up/down keys to work? 15:58:34 rsjw, i solved this for myself.. let me see how i did it x) 15:59:32 the keys are recognized by xev so I'm not sure why they're not having an effect 15:59:58 although I'd probably want the volume to change even without x11 16:00:10 rsjw, for me to make multimedia keys work on freebsd, i added usbhid_load="YES" hw.usb.usbhid.enable=1 in /boot/loader.conf 16:00:11 two lines 16:00:24 if xev sees them, then it's a matter for your window manager to adjust the volume accordingly 16:01:01 yeah xev didnt see mine so thats a difference 16:01:03 if you want the volume to change without x11, then the next question would be whether the keys are detected by ACPI 16:01:25 how would I check whether the kays are detected by APCI? 21:10:27 Test 21:12:30 Test was successful. You are now authorized. 21:13:53 Greetings! I am lurrrrrr, leader of omicron perciay eight! 21:14:00 Lol 21:18:27 On the Internet no one knows if you are a dog or not. Note there is useful information in the channel Topic. That may be truncated. Most IRC clients will repeat it with the /topic command. 22:10:37 antranigv: 10 seconds to look at a weird error? 22:10:58 on 15.0-CURRENT *and* OTP26.1+ I get this cat vomit 22:11:31 https://www.irccloud.com/pastebin/7SKBVDvJ/prim_tty 22:11:33 Title: Snippet | IRCCloud 22:12:31 no function clause matching in :prim_tty.cols/2 (kernel 9.1) prim_tty.erl:980: :prim_tty.cols([{:ansi, "\e[G"}, "\e[92m" ... 22:13:11