01:05:37 <rtprio> wireguard works well enough, without a google account component
01:48:19 <tehpeh> not if your home network has a dynamic IP or CG-NAT
02:21:34 <thorongil> if i'm using a jail based on a zfs snapshot and an update to freebsd is released, i can either run freebsd-update from within the jail or make a new snapshot based on the newly-released version and then re-create the jail.  are there any other methods i'm missing?
03:34:29 <mason> thorongil: Shutting it down and doing it from within a chroot can be more successful sometimes.
03:42:13 <thorongil> mason: thank you
05:09:38 <rtprio> tehpeh: i never said you need to wireguard directly home
05:10:41 <tehpeh> good for you
05:30:39 <kevans> i mean, wg does work well, there
05:30:50 <kevans> it's cheap and easy to put up a small machine to coordinate
05:31:31 <kevans> vpns are cheap, and if you're paranoid enough you could probably layer wireguard over wireguard to add a layer of encryption through the coordinator
05:31:56 <kevans> (insert "yo dawg, I heard you like wireguard [...]")
06:16:48 <ivy> kevans: your MTU: <crying face emoji>
06:36:31 <angry_vincent> how do i get pkg contents but remote? i need to find out which pkg provides certain header
07:18:17 <babz_> angry_vincent: pkg-rquery(8) can query metadata
07:18:51 <babz_> You can find who probides a shared library, but not a specific file
07:21:50 <BraveheartBSD> G'day all. FreeBSD router/firewall running isc-dhcp server is not sending the dhcp server address to clients. Or it does and gets no response.
08:05:46 <nimaje> tehpeh: use ipv6, so that you don't have a cg-nat problem and dns with proper automation because of the dynamic ip, so you don't use ip addresses directly
12:49:00 <angry_vincent> babz_: that's the question. i know about shlibs but not individual file.
14:09:11 <nimaje> well, you can grep the pkg-plist files in the ports tree, then if a port only has a few files they are somethimes defined in the Makefile, but there are also some ports that generate the plist fully dynamic while building
14:33:47 <ghoti> There's less discussion here than I'm used to. Have people found a new placce to hang out? Slack, Discord, Mattermost? Or is it just that we all agree on everything and theere's nothing left to fix?
15:03:46 <kevans> ivy: yeah, but the MTU drop seems like a reasonable trade-off if you really feel like you need protection from the VPN host itself
15:08:50 <jbo> kevans!
15:08:59 * kevans runs 
15:09:06 <jbo> I saw your ECC stuff landed some time ago - nice
15:11:06 <kevans> yep
15:14:26 <jbo> how's life?
15:42:14 <drobban> does someone have the answer to if it is possible to run nvidia-drivers on a arm-system?
15:44:32 <babz_> angry_vincent: that information is not indexed on the pkg repository
17:00:30 <Demosthenex> ok, so is there a tunable to cleanup the laundry before there is memory pressure?
17:32:02 <morpho> how do i load graphics cards drivers?
17:32:27 <morpho> the installer downloaded them but i cant figure out how to load them?
17:35:11 <|cos|> morpho: have you found the freebsd handbook?
17:35:46 <|cos|> morpho: specifically https://docs.freebsd.org/en/books/handbook/x11/#x-graphic-card-drivers
17:35:48 <morpho> yes! it says to install krm-kmod which is what i have done before
17:42:53 <morpho> oh, i downloaded drm-61-kmod, kldload i915kms, and now its hanging on that :I
17:52:47 <|cos|> morpho: you're saying `kldload i915kms` does not return?
17:53:02 <morpho> yes, it just hangs on boot now
17:55:03 <|cos|> morpho: oh. you added it to kld_list? :/
17:55:15 <morpho> yeah
17:55:46 <morpho> im in single user mode
17:57:03 <morpho> thanks for helping
17:58:21 <morpho> well the installer driver detection did work with my wifi
17:59:13 <|cos|> morpho: the expected behaviour of loading the module would be no hang, and i think my console font gets changed. dunno what do to in your case. am out of my depth there.
17:59:51 <morpho> yeah, can i change /etc/rc.conf from single user mode
18:07:51 <morpho> fixing it...
18:10:47 <morpho> why would it just hang though
18:14:15 <morpho> i tried installing drm-kmod but it does not work either
18:15:38 <|cos|> it really shouldn't just hang. that's most likely a bug.
18:17:35 <morpho> yeah kind of annoying because it worked last time
18:19:42 <|cos|> oh. how complete is the new installation? would it be worth installing an older release to see whether it works again then, then upgrading and see where it breaks?
18:21:45 <morpho> pretty new
18:22:11 <morpho> i usually use openbsd on my laptops
18:24:11 * |cos| would probably attempt to install 13.4 then, but dunno if its sound advice
18:24:55 <|cos|> drm-kmod comes from ports, so it might be unlikely to be affected by the version of base, right?
18:25:20 <morpho> i might have done something wrong
18:25:51 <morpho> its a pretty standard install though
18:27:56 <|cos|> when it worked last time, was that on the same hardware?
18:29:39 <morpho> yes
18:30:19 <morpho> do you think i can get a log of before it hangs?
18:30:26 <morpho> and i will upload
18:31:04 * |cos| has no idea :/  seems like a good thing to try though.
18:31:51 <morpho> :I sorry i cant help out
18:34:09 <|cos|> morpho: by the way. you're definitely sure the kernel hangs? it's not still possible to access the machine using the network or a serial console?
18:36:23 <morpho> i did not try
18:39:10 <|cos|> morpho: give it a try. i'll need to go afk, i'm afraid.
21:01:47 <CrtxReavr> Is there a way to print the color settings for 'ls -G'?
22:05:57 <polarian> hmm not sure if this is better for #bhyve or not, but if you jail bhyve I am trying to figure out the networking setup. So the simple one is a bridge and tap interface, but this isn't the most secure or extensible way. So epair would be useful, so epair the jail networking, assign it a RFC 1918 block and NAT it within pf.conf perfect, but what then for the bhyve VM? jails share the network stack
22:05:59 <polarian> iirc, ideally you want an epair within the jail with its own block, which then passes through pf there, and then after leaving the jail it passes through host pf giving nested networking, at each level the packets are filtered
22:06:33 <polarian> suggestions!?!?
22:06:39 <polarian> :D
22:23:18 <rtprio> uh
22:23:24 <rtprio> polarian: that sounds complicated
22:23:40 <rtprio> but i did run all my VMs on their own vlan for time, that worked well
22:24:04 <rtprio> and should work if you route at the host or the firewall,
22:24:09 <ivy> polarian: you can create a bridge in the jail, put the tap interface and a dedicated epair interface in it, then the host end of the epair will be directly connected to the vm (via the bridge) but as rtprio says, this sounds somewhat overcomplicated to me
22:24:51 <polarian> ivy: hmm true
22:25:01 <ivy> bhyve is already capsicumised so i'm not convinced putting it in a jail offers a significant security benefit (although i haven't looked at this in detail so i may be wrong there)
22:25:14 <polarian> unless you are running multiple vm's in the same jail, then bridging is not a problem
22:25:35 <polarian> so I guess its a valid point
22:25:41 <rtprio> wait, what
22:25:54 <polarian> wait hold up laptop on 2%
22:25:56 <polarian> lol
22:26:13 <rtprio> jailing bhyve? what is the point of that, hermanoher?
22:27:51 <ivy> ime jailing bhyve is more common than you might expected but for most people i'm not convinced it's worth the hassle
22:28:20 <ivy> there was one capsicum bypass vulnerability in bhyve a few months back but that kind of thing is pretty uncommon
22:32:29 <ivy> unrelatedly, it looks like multimedia/jellyfin is maintained again (by bapt@), maybe i should have another go at moving that off linux
22:33:23 <polarian> ivy: extra layers don't hurt
22:33:31 <polarian> jails are not that resource intensive
22:34:01 <polarian> in order to break into the host you would need a bhyve bypass and a jail bypass
22:34:18 <ivy> but increased complexity and management overhead is an inherent negative by itself.  not to say you shouldn't do it (it's up to you) but...
22:34:21 <polarian> and some vuln within the software in the jail as well
22:34:56 <polarian> well originally I was running bhyve on the host, but then I thought "if I am going through all this hassle, why not use all the security features on the table"
22:35:11 <polarian> if you are going to virtualise, why not throw in the extra security from the jail?
22:47:07 <polarian> but yeah back to the original point if the jail is being filtered on the epair interface by the host, then having a bridge with a single vm inside is not an issue as there cant be talk between vms unless you run two inside the same jail (which you wouldn't do anyways)
23:11:46 <rtprio> so is all the traffic from all bhyve hosts going through that epair?
23:11:53 <rtprio> that sounds... not as fast as it could be
23:13:04 <rtprio> CrtxReavr: The default is "exfxcxdxbxegedabagacad"
23:28:54 <CrtxReavr> rtprio, Yeah - I found that a little further down in ls(1).  Thanks though.
23:30:08 <CrtxReavr> It was easier to start with that, then change the one thing I wanted to change.
23:30:32 <CrtxReavr> (Blue dir names on a black background can often be problematic.)
23:31:22 <CrtxReavr> I went with export LSCOLORS=gxfxcxdxbxegedabagacad