01:41:59 anyone else have AVAGO MegaRAID SAS 9361-8i that causes checksum errors with zpools? the drives are all fine according to smartctl 01:42:27 the controller is in jbod mode 01:46:22 MelMalik: if you want to perform lockdown in jail or are on low end flash storage, you could run everything you want ro, it gets a hassle in some cases, but you said normal eh, hard to say, first things that could be ro are things that are never written to because they lack (suid) permissions 02:07:24 ketas, I want to put the brakes on a hypothetical jailed customer breaking their own system, so I want to mount as many directories as possible RO. 02:35:17 MelMalik: do they manage it? then no real answer except education and system restore capabilities, maybe with fees... if they don't it could be ro and even rootless 02:35:50 i though it was security question first :p 03:10:49 what breaks is not in /tmp and /root and /home... and maybe not in part of or even full /var 03:13:43 but this is like how to still eat while not being able to put fingers into your mouth 06:07:01 ketas, security in the same way a seatbelt is security i suppose. prevent them from flying through the window if things go horribly sideways 06:07:44 regular things don't help? 06:07:58 idk 06:08:09 yeah jails have fancy option to make fs ro even for roots 06:08:14 :p 06:08:17 i mean, it is mostly academic 06:08:20 the idea is 06:10:01 i have jails where service jails have everything ro except /root where all the stuff lives in 06:10:09 a bit hassle 06:10:27 other rw's are /tmp & /var 06:11:17 one jails manages what passwd has in it and what's generally runnable on this 06:12:09 rc.conf is under /root as well :p 06:12:17 unconventional 06:12:59 interesege! 06:13:38 all jails share a / and /usr/local which are separate fses ro 06:13:53 s/ro/and ro/ 06:14:31 one has own rw /etc since i gave shell to a friend and he insisted using PASSWORD for ssh 06:15:19 unsure why i created / structure under /root 06:15:26 was already there i guess 06:15:29 :p 06:16:03 had to patch rc to allow extra periodic.conf 06:16:54 users are numerics that are preallocated by some prefix 06:17:01 seems like mess tho 06:17:25 basically did own jail mgmt 06:19:17 base upgrades consist stopping jails, doing zfs rename and then starting them again 06:19:34 and probably host too since it's same 06:20:17 i have some directory what i tar | tar over resulting installworld 06:20:48 where my base config is 06:21:37 sad that unionfs sucks so hard 06:21:44 even after 20+y 06:21:56 that has uses too 06:22:27 right now it just makes my livecd virtially "rw" 06:22:51 if it blows up i have nothing to lose 06:39:48 i wonder if the union concept should be implemented at a lower level, perhaps at the vfs level rather than being a filesystem driver 06:46:19 unsure 06:46:46 hackers mailing list had someone wanting to fix it 06:47:25 but not change concept 10:19:00 ! 10:19:06 This year's EuroBSDCon is 1hr drive from me \o/ 10:19:14 Never gone, but considering it's *that* close ...... 10:23:25 DarkUranium: i have wondered about going there, multiple times 10:26:15 it keeps moving around so it's either more or less appealing 11:48:05 good afternoon! 13:30:30 Is there any quality control in the ports at all? I mean, I installed KDE Plasma 6 on FreeBSD, right clicking the panel crashes KDE Plasma, and pressing CTRL + C in Konsole crashes the entire PC outright. 13:31:13 :( 13:34:08 remiliascarlet: there are binary packages available? 13:35:03 Yes, I installed via PKG. 13:35:45 The only thing I literally compiled from source in the ports collection is Zig, this is so I can use Zig 0.14.0 instead of 0.13.0. 13:54:07 You know. . . I really feel like ports have suffered over the years. 13:54:31 Packages went from convenience to requirement. 13:54:52 So many ports won't even build anymore, outside of poudrier. 13:56:03 requiring packages makes sense since not doing that requires a bunch of code duplication to handle things like pkg-messages. but the poudriere thing i agree about, either we should require poudriere or things should work without it 13:56:29 CrtxReavr: well KDE was never a great thing on freebsd 13:56:40 I completely disagreet. 13:57:00 I remember having a KDE setup that rocked. 13:57:15 and I remember having it on freebsd many years ago and it wasnt the quality as on Linux 13:57:16 Then nVidia released their FreeBSD drivers and it only got better. 13:57:39 I think 5 was very late ported to freebsd kinda, but I did quit kde then eventually anyways 13:57:53 Though. . . I stull normally favored a lighter weight setup. 13:57:58 and no clue about 6, these days I just let the mac do what it can do best.. desktop 13:58:07 blackfox/fluxbox 13:58:22 Lightweight, but still supported gtk/gnome apps. 14:01:50 speaking of drivers, should I not be able to pkg install drm-kmod on i386 14.2? 14:03:59 No packages availabe to install matching 'drm-kmod' have been found in the repositories. 14:06:27 if i want to install it from ports, do I understand the Makefile correctly that I need drm-510-kmod first? 14:10:57 benjamino: drm-kmod is supposed to create a metapackage that installs the correct version automatically, but perhaps it failed to build... i wonder how well tested it is on i386 14:12:18 i mean xorg and lxqt work fine, do I need it at all? 14:12:56 if you have a gpu supported by the drm drivers, it will significantly improve performance, but it's not technically required 14:13:15 i would suggest trying to build it from souce and see what happens, if it fails you can open a bug 14:13:58 ivy: i'll give it a go, thank you! 14:35:13 benjamino: somehow I doubt that if you're on i386 you have a GPU that would benefit from kmod? what hardware are you running? 14:35:49 mtll: its an asus eee pc 1005p, intel graphics 14:35:57 nice 14:36:36 i ran make install clean in the drm-kmod port, its still going... 14:40:47 oh interesting 14:44:49 is that with an atom n450 chip? wikipedia claims it has x86-64 "if enabled", whatever that means 14:45:28 is that one of those weird early machines with a 64-bit CPU but a 32-bit EFI firmware? 14:45:40 some cpus could do more than 4gb of ram on 32bit 14:45:54 it is N450! 14:45:57 morpho: that's PAE though, not x86-64 14:46:06 does this mean i could install a 64-bit freebsd? 14:46:34 benjamino: maybe, not sure 14:47:05 see if there's a bios setting for it? 14:47:26 should be called "Intel 64" or something like that 14:48:25 ill try it as soon as make finishes, thanks, i never thought it could have 64-bit support since its so old 14:48:55 if it's 32-bit EFI (e.g. eeepc 1025C) you need https://github.com/freebsd/freebsd-src/pull/1098 and i don't know if this made it into 14 14:49:40 N450 is way more recent than x86-64 14:49:56 it's just that these atom chips were extremely stripped down 14:50:40 looks like that was only MFC'd last month so probably not in 14.2 14:57:42 CrtxReavr: Well, KDE is pretty stable on OpenBSD 7.7 (snapshot, still waiting for the actual release). 14:57:47 dmidecode says its 64-bit capable 14:57:58 so this might just work hehe 14:59:27 anyway, make failed, it says that drm-510-kmod is unsupported on 14.2 and higher, ill just go and check the bios for the 64 bit option, brb 15:02:25 no option to activate 64-bit in BIOS, ill just try to install the 64-bit OS and see what happens 15:04:34 I assume if you live boot some 64bit thing it'll shit itself well before being able to install something, if there is no 64bit support 15:04:39 Is there a good process for migrating a normal UFS installation over to root on ZFS? I'd be doing it on a separate drive too, but wanted to avoid doing a full installation and then migrating everything over manually 15:05:53 hodapp: you can pretty much just boot from an installer/rescue system and copy it over with tar. you'll need to look up how to create the correct zfs layout, i think this is on the wiki somewhere 15:06:35 make sure you preserve permissions when you copy stuff over or you could have a very bad time of it 15:07:37 'copy it over' = copy the existing root FS over? 15:08:02 yes 15:08:42 I'd assume you'd have to change some bootloader config and stuff too? not too familiar with loader.conf 15:09:36 hm, yeah, would expect those might need some manual patching up 15:10:49 and yeah, preserver permissions and ownership and all those things 15:11:04 consult the cp/tar manpages I guess 15:12:02 for loader.conf you just need to load zfs.ko (if you didn't compile it into kernel), it should pick up the root fs correctly as long as bootfs is set 15:13:35 maybe I should do a very barebones installation to new drive, verify that it at least boots, and get back to intaller/rescue to clone things from existing root 15:33:02 mtll: in case you want to know, 64-bit version is installed and works just fine, haha, i don't know why i didnt try this in the first place, anyway, pkg install drm-kmod works now, great, i can keep this baby for years to come :D 16:42:29 I trying to install linux in bhyve va vm-bhyve show should I get so my virtual machine bootin from debian.iso file? 16:47:32 vm install mydebian debian.iso 16:47:33 yep 16:48:41 rtprio: but should loader="uefi" or? 16:49:09 it uses the template when you created it 16:49:23 if you want it to use uefi, update the template, or use a different template 16:49:54 # pkg clean 16:49:56 pkg: No package database installed. Nothing to do! 16:50:02 mine are all grub, i haven't been bothered to change it 16:50:03 ...odd 16:50:42 nwe: perhaps you want to deploy open-stack debian image wiht vm-bhyve ? 16:50:46 it's seamless 16:50:57 rtprio: because after I have fetch debian-12.10.0-amd64-netinst.iso and create vm create myguest and trying to boot it looks it cant boot from iso 16:51:06 Im just entering uefi shell 16:51:16 no need to install anything, just provision with ssh keys 16:51:25 mzar: hush, for now 16:51:49 nwe: which template did you use to create myguest? 16:52:58 rtprio: https://pastebin.com/4Ha1rG72 found one example on internet :P 16:53:21 ... uh 16:53:41 you know that vm create will use templates in /$VMDIR/.templates 16:53:51 the debian one, last i checked, uses grub 16:54:32 rtprio: yes but doesnt I need to create the template by myself and put it in VMDIR/.templates? 16:55:10 iirc when you run `vm init` it copies the templates packaged with it into the templates directory 16:55:14 you did do that, right? 16:55:43 yes but I only have one default.conf 16:56:12 maybe i took them from https://github.com/churchers/vm-bhyve/tree/master/sample-templates 16:56:24 i set mine up a long time ago and haven't thought about it since 16:58:32 rtprio: I will try with this template :) 17:00:24 another stupid question on this https://github.com/churchers/vm-bhyve/blob/master/sample-templates/freebsd-zvol.conf#L8C12-L8C18 17:00:40 does that mean zpool/dataset? 17:07:44 yeah, a zvol. just a chunk of space on the zpool, without a 'zfs' filesystem 17:11:42 rtprio: what do you suggest use zfs-vol or disk0.img ? 17:13:41 if you're using zfs, zfs-vol would have some advantages, easier/better snapshots 17:16:57 rtprio: another stupid question :) if my rc.conf looks like this vm_dir="zfs:tank/bhyve" so bhyve using zfs then I should just add what the new volume would be named in the template and it will be created? 17:19:31 you should really read the docs, but as i recall you set the things in rc.conf and then run `vm init` that will set it up 17:19:55 and vm create _should_ create the zvol but i haven't used it 17:20:07 * rtprio is stuck on a machine with a hardware raid 17:23:17 will read the docs more :) and thanks for the help rtprio :) 17:26:35 nwe: you can create zvol, and just change disk0 in machine config file before installation 17:27:23 mzar: I will try it out, thats the best way to learn :) read and try things out :) 17:28:56 OK, have a splendid and playful install nwe 17:30:05 Cloudflare Zero Trust Tunnel FreeBSD can you share the document for the construction? 17:31:58 mzar: thanks :) 17:32:14 vxwarlock: wasn't aware freebsd was a supported platform 17:33:26 Thanks for answering rtprio 17:33:45 also why do you want cloudflare on your local network 17:33:46 A great loss 17:34:23 yeah, i disagree 17:34:29 rtprio > vps install freebsd > tunnel cloudflare and domain to tunnel interfaces 17:34:56 yeah, sure, but what problem does it solve 17:36:42 "Where it is not optimal or possible to install software agents, networks can also be connected to Cloudflare using existing network equipment, such as routers and network firewalls. To do this, organizations create IPsec or GRE tunnels that connect to Cloudflare's cloud-native Magic WAN ↗ service." 17:37:07 so at least this method looks feasible 17:37:29 To distribute tunnel services between VPSs | and maybe a little more security 17:38:02 z 17:38:03 Thanks mzar 17:38:12 well you don't run the router in a vps so that's not feasible 17:38:33 just use a wireguard tunnel like a normal person 17:38:33 vxwarlock: np, I just read this on https://developers.cloudflare.com/reference-architecture/architectures/sase/ 17:39:54 Snapdragon is ARMv7? 17:41:18 mzar > you read very fast;) I have to examine this document. Thank you for my sharing. 18:39:33 OpenZFS documentation says to use 32k recordsize for postgresql. Anyone with another opinion? (I'm using 32k at the moment because ot that documentation) https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html#postgresql 18:41:03 why don't you trust the documentation Yaazkal ? 18:42:03 mzar I trust it, that's why I'm using 32k. Wonder what are the othe opinions, many blockes suggesting 8k and others 16k but no one mentioning that documentation hehe 18:42:18 s/blockes/blogs 18:43:20 hm.. I have 128k for postgres, it looks like neglected setup :-/ 18:43:30 this presentation says 16k https://people.freebsd.org/%7Eseanc/postgresql/scale15x-2017-postgresql_zfs_best_practices.pdf 18:43:38 so different opinions 18:43:53 but for MariaDB 16K is set 19:00:17 * Yaazkal TIL that NVMe should be formatted to 4096-byte sectors without metadata before using them on ZFS 19:17:53 Hello. Are there any script like "localepurge" to be used in a FreeBSD environment? 19:19:20 you mean like "rm /var/db/locate.database" ? 19:21:02 rtprio: no, it's not about "find". 19:21:30 rtprio: it's about localization files like man pages, docs, etc 19:22:18 rtprio: directories like "du -hsc /usr/local/share/locale /usr/share/locale" 19:23:13 fuck my font, oops 19:23:45 no, none that i'm aware of 19:24:48 rodolfo: you can do it per user, software from ports usually respects locale(1), and plese take a look at login.conf(5), also notice ~/.login_conf file 19:25:12 manuals are not traslated, but kept up to date 19:32:50 /quit 19:33:01 * benjamino facepalms 20:36:17 lol