00:55:54 CrtxReavr: running for the rest of the day, had no issue 00:55:59 was likely a one off 00:59:25 polarian: CrtxReavr is alive ? 00:59:42 cpet: ??/ 01:37:14 cpet: I appreciate you taking the time to try and build orca slicer BTW 01:37:59 Looking at prusa, and holy cow so many patches. In retrospect if im needing orca I could just put it on my Linux PC since the printer would presumably be at my house lol 01:46:18 JetpackJackson: okie dokie 02:23:20 cpet: upgraded 2 days ago with 15-RELEASE 02:34:12 hernan604: how does it feel man ? 03:00:30 cpet: like something from another world 03:00:51 from another galaxy 03:01:10 you must upgrade too so you can understand 14:30:19 cpet, nope. 15:08:48 i've been really happy with freebsd-update for a while now, i haven't tried the new pkgbase stuff yet 15:25:24 "new" 15:30:22 Demosthenex: pkgbase is still experimental (and I triggered a still existing bug with it), so ymmv 15:30:39 I would hold off a bit longer. 15:30:47 yeah. thing is i'm quite confident about updates with boot environments ;] 15:30:51 it'll get there eventually 15:42:15 q 15:42:53 My apologies, I thought I was on a different program 15:48:08 kenrap: i also triggered a bug with it 15:49:57 Does anyone have an opinion on refurbished HDDs for a NAS? I'm gonna need to upgrade space in it. 15:50:06 rtprio: this one? https://github.com/freebsd/pkg/issues/2517 15:50:30 To be clear, I'm running a 3× mirror zpool, which does give me more redundancy / failure-safety than usual. 15:50:41 rtprio: Not with regards to sendmail but getting that SAT Solver error message. 15:50:49 (also, my plan is to buy 3 different brands, e.g. Seagate + Toshiba + HGST/Hitachi/WD) 15:51:20 Last I checked, I'd save about 100 EUR per disk, or 300 EUR total. 15:51:28 (for ~16-18TB / disk) 15:51:45 DarkUranium: probably depends on how much you are willing to spend, what your backup strategy looks like, what your tolerace for potential disruptions is, etc. 15:52:31 Yeah. It's for personal stuff mostly, so there isn't much of a backup strategy (the server *is* primarily a backup server itself, so). Also means the budget is lower than usual, heh. 15:54:09 i usually aim at the enterprise disks for the hope of higher reliability, but there's def a cost hit for that 15:55:08 I think my current ones are low-RPM (so not enterprise in that sense), but high-reliability ones. They're sold as enterprise, but I think they're aimed specifically at backup servers and such, not so much "live" data (which nowadays is mostly the domain of SSDs anyhow) 15:55:24 Buuuut it's been ... probably almost a decade since I bought them, so I don't recall the details anymore. 15:56:02 DarkUranium: as long as you are using zraid or mirroring, sure. at home, it's easy to rebuild and replace one 15:56:46 Yeah, I even got a (Supermicro) motherboard with hot-plug support, and one of those rack cases with hot-swappable disk mounts. 15:56:58 So I can literally just pull it, replace the disk in the unit, and put it back. 15:57:01 (and tell zfs to add it) 15:57:19 yep. i would suggest putting your OS on a simple pair, and data on a zraid 15:57:23 Demosthenex: but yeah, I'm using a 3× zfs mirror. 15:57:35 My OS is not on a pair ATM, but then again, there's nothing of relevance *in* it. 15:57:40 (it's on its own 128GB SSD) 15:57:58 yeah, i'd get a pair of cheap used 128G ssds and do mirrored root 15:58:17 Maybe, though 128GB SSDs are so cheap nowadays that "used" is a bit moot ^^ 15:58:22 with ZFS you can have some extra confidence if a disk fails, you can replace it. 15:58:30 yeah, they are like 20 eur :P 15:58:42 no point in buying new 15:58:49 You mean *not* buying new? 15:59:44 But yes, I've always used zfs for this, it's why I went with FreeNAS (at the time, then TrueNAS, then TrueNAS Core, and now abandoned ... I'll need to fix that at some point, but it's not a huge priority for me, because "if it works, don't fix it") 15:59:46 i wouldn't buy any storage for homelab new 15:59:56 Fair. 16:00:19 (to be clear, I've plenty of experience managing FreeBSD servers, but a web UI is handy, mostly for the overview of system health and such) 16:00:29 CrtxReavr: ok 16:01:13 DarkUranium: install netcd from pkg 16:01:17 What *would* you recommend for a NAS nowadays, anyway? OS / software-wise? Ideally BSD-based (not necessarily FreeBSD, though I'd prefer that because it has the best ZFS support among the BSDs) 16:01:53 freebsd 14 latest patch, 2 OS used/refurb SSDs (geom mirror swap, zfs root), and 4 x used HDD for zraid for data 16:02:11 monitoring web frontend, netcd. 16:02:49 4× for 4-way mirror, or do you mean parity-style (Z1 / RAID5-style)? 16:02:55 true nas even if it's linux now 16:03:05 (well, Z2 I guess?) 16:03:20 if its 4 x chances are you made a z2 16:03:27 you can check it by doing zppol status 16:03:36 I'm asking what Demosthenex is proposing. 16:03:45 *I* am extra paranoid, so I went with a 3-way mirror ^^ 16:03:46 raidz2-0 ONLINE 16:04:15 3 way mnirror ? 16:04:28 Demosthenex: Hm, I can't find netcd in pkg/ports. The only netcd I found is IBM's netcd daemon (network caching daemon) 16:04:30 cpet: yes. 16:04:39 normally mirrors are 2 drives 16:04:53 3 disks with same data. Means it tolerates 2 drives failing with no dataloss. 16:05:10 DarkUranium: i think zraid (3+1) is fine for a homelab. y 16:05:14 you'll setup backups right? 16:05:28 (I was worried about the somewhat-common issue of the remaining disk failing during intense reads because of resilvering) 16:05:29 if you have no other backups, then mirror 2+2 16:05:35 zfs doesn't do that 16:05:35 Demosthenex: well, no, since it's a backup server itself, really. 16:05:45 zfs only resilvers the blocks in active files 16:05:46 Plus there's kind of too much data at this point to back it up -_- 16:05:49 not every empty byte of disk space 16:05:49 you still need backups of those backups 16:05:56 so if you have 50% usage, you may read 50% off a disk 16:05:56 Sure, but the storage is mostly full. 16:06:03 ah well that's different. 16:06:06 cpet: technically, these *are* the backups of some other backups, so. 16:06:20 i use zraid and i have zfs snapshots via zrepl, but i take a backup offsite of critical items with borg 16:06:27 Anyway, to be honest, it's mostly budgetary. The lack of even more backups. 16:06:39 you need more backups 16:06:40 Personal stuff server, after all. 16:06:43 you described a cheap homelab 16:06:48 Yeah. 16:07:11 Demosthenex: anyway, uh, I cannot find this netcd =\ 16:07:23 sorry, its netdata 16:07:41 its a python thing, with it's own webserver and graph collection. nearly zero config 16:07:44 There are plenty of monitoring frontends I'm aware of (e.g. Prometheus), but. 16:07:47 just install and open a browser to the port 16:08:00 i like nagios and munin, but this is live and mostly all in one 16:08:23 I use Prometheus to some extent for my servers, but since the home NAS is partially airgapped (behind NAT, firewalled, etc), I'd rather keep it isolated. 16:08:50 netdata is pretty small, one port, runs on the box not a chain of agents 16:08:59 Nice. I'll check it out, thanks. 16:09:43 you can run prometheus locally on the NAS and have it remotewrite to your real prom, so you don't have to open any ports frm outside 16:09:47 but anyway. 2x used ssds for OS (geli swap, zfs for OS), and 4 x used HDD for data (3+1 zraid or 2+2 mirror) 16:10:05 freebsd 14 latest patchlevel ought to be fine 16:10:19 all the cool people run 15.0 16:10:20 Tykling: I know, yeah. 16:10:33 cpet: i'm boring, not cool. 16:10:39 low maint, this isn't gentoo 16:10:40 FWIW, I *have* considered getting an extra backup box that's even more gapped from this one. Something that (ideally) wouldn't even have internet access, just the ability to connect to this NAS to sync changes (via Syncoid, rdiff-backup, or whatever). Doesn't even need disk redundancy (the NAS has that). 16:10:56 so, if i may. 16:10:58 And I'd only backup the most important data; I've a ton that's less important (can technically be redownloaded, assuming upstream doesn't disappear). 16:11:09 (which means less disk space needed) 16:11:16 consider having one larger disk (no raid), and use it locally for borgbackup 16:11:37 borg does compression and deduplication 16:11:37 i have a 800GB pool I will never use it but I had drives laying around so I used them 16:11:40 The reason I was thinking of a separate system is my concern with power surges. 16:12:02 A lightning strike could in theory fry all the disks. 16:12:21 that's more DR, not local recovery. 16:12:30 (my neighbour had a wall socket fly out of their wall, across the room ... the same lightning bolt gave me tinnitus for 1.5 days, as it struck ~25m from me while I was staring out the window) 16:12:33 borgbase has a 4TB plan for like 200€/yr 16:12:43 Aaah. 16:12:52 thats why UPS's are for 16:13:01 Yeah, I just don't trust them 100%, is all. 16:13:04 Maybe I'm too paranoid. 16:13:13 Demosthenex: Actually, I did buy a server for that, but never got storage. 16:13:27 just saying, i'd be more worried about fire from lightning 16:13:29 (didn't get around to it yet) 16:13:32 offsite backups. 16:13:33 hrm youre one of those heh 16:13:33 If you're looking for secure, remote back-up, that's also low cost: https://www.tarsnap.com/ 16:13:39 lol 16:13:42 tarsnap is good too 16:13:48 borgbase has been good to me 16:14:06 the fact of having my data being responsible of a 3rd party 16:14:09 make a deal with a friend to exchange space :P 16:14:09 doesnt appeal to me 16:14:09 That's actually a side biz of Colin Percival, FreeBSD's Security Engineer Emeritus 16:14:25 CrtxReavr: you for a role 16:14:29 er you forgot a role 16:14:31 Demosthenex: that too. Though I don't know of any friends with such amounts of space :( 16:14:32 cpet: borg is fully encrypted. you don't have to trust the remote storage 16:14:41 FWIW, I've been thinking of buyvm.net for my backups. 16:14:50 make friends on irc. 16:15:00 what are friends ? 16:15:06 I already got a slice-512 in preparation for it. 16:15:08 cpet: exactly. 16:17:23 DarkUranium: anyway point is, nothing wrong with most refurb HW for home projects. ZFS is better than raid with it's built in checksums, so even if you replace a disk you should be ok 16:17:42 Demosthenex: to be clear, do you mean borgbackup.org the software, or borgbase.com the provider? 16:17:49 i used to buy refurbished drives 16:17:57 cheaper and had the same waranty as retail drives 16:17:59 I mean, 100% ZFS. Also, never HW raid (because if the controller fails ...) 16:18:02 borg is the software. borgmatic is a cron wrapper. borgbase is a offsite borg provider. 16:18:11 Demosthenex: I know, my question is, which one are you recommending here. 16:18:16 Not sure if you just mean the SW, or the provider. 16:18:17 all 3 16:18:17 Demosthenex: is full of borg 16:18:18 heh 16:18:19 Fair. 16:18:21 DarkUranium: HW raid is a scam 16:18:36 HW is perfectly fine 16:18:36 inflexibility, often low performance... 16:18:41 scottpedia: HW raid is **great**, except in the low-mid market. 16:18:57 expensive but 16:19:07 i luv petabyte of ferrari speed flash fiber channel arrays. 16:19:19 i don't trust the whatever controller doing that job 16:19:21 TBH, in my case, it's mostly a combination of HW controller failure concerns, as well as more flexibility by using a zraid (I can then make the NAS work with literally any machine) 16:19:22 but that's not "make ddue from home" 16:19:24 (just move the disks over) 16:19:53 yes, on the low end do not use HW raid. 16:20:19 don't trust iscsi raid appliances 16:20:28 fiber channel, real data center quality raid appliances, are amazing. 16:20:31 scottpedia: so you trust software instead of a piece of HW specifically designed to do it ? 16:21:07 Demosthenex: FWIW, I do get a cheaper price at buyvm with the ability to run whatever (it's literally just a server + storage slabs) ... no redundancy for the attached block storage though, I *think*. 16:21:08 i had a 3ware card for about 8 years and it never failed once 16:21:09 cpet: yes. cause if it fails it means down time for replacements or fixes. 16:21:18 But since it's a backup of a backup, I think "no redundancy" should be fine. 16:21:20 a lot of people do, and have mostly good reasons to 16:21:41 scottpedia: if you have one machine doing whatever it is your doing you failed already 16:22:10 Well. Not everything needs a redundant server. 16:22:21 if not for saving money on the scale of things, i'd never choose HW raid. 16:22:27 yeap lets move it all to the cloud 16:22:36 DarkUranium: yeah, borgbase was for borg. they have EU datacenters, so i was satisfied 16:22:43 Yeah, very fair. 16:22:59 I do like the idea of *not* using borgbase just because I like the flexibility of being able to switch target servers. 16:23:05 (or even SW) 16:23:05 my data compresses and dedups well. so i have 4TB and get all my NAS homedirs. things i can download again are exbluded. 16:23:14 Mine doesn't, I think I did a test once. 16:23:19 with borg, anything you can access over ssh works. 16:23:24 It was something like 1.04 ratio or thereabouts. 16:23:33 yep, some data does that. 16:23:33 (a lot of it is already compressed, hence) 16:24:25 (stuff like video archives or my photos --- many of which aren't compressed [I shoot RAW/DNG], but are still not easily losslessly compressed by non-dedicated algos, and deduplication is out of the question for those) 16:25:42 s/DNG/NEF/ (brain fart) 16:26:33 I just did a quick test on some random photos, I got compression ratios between 1.03 and 1.06 with bzip2 (I just had bzip2 on hand, gzip or lz4 is likely to be worse --- though maybe zstd would do a bit better) 16:27:05 zstd seems like magic 16:27:24 And video is already compressed anyway (typically h264 or h265) 16:27:35 yeah, all of those compress poorly 16:27:44 dedup can still help when you have multiple copies 16:28:05 The "less important stuff" is stuff like my backup of all the GoG games I bought (juuuuust in case GoG goes belly-up) ... which is less important because I can redownload them at any time if the NAS fails. 16:28:12 But those are also compressed in one manner or another. 16:28:23 As in, already-compressed; the installer & their files. 16:28:28 if you can redownload it it's not important (TM) 16:28:46 Yeah, it's just convenient to have it on the same disks, TBH. 16:28:54 And no chance of error in where I put the stuff. 16:28:55 yep. i would suggest when you make your zraid, you create a few first level data types 16:29:08 zraid/STATIC and zraid/DATA making it easy to filter what to backup 16:29:11 dedup can still help when you have multiple copies 16:29:18 I don't, I did a comprehensive check a while back ^^ 16:29:24 (ran a script that did sha256 of everything) 16:29:24 lucky you ;] 16:29:41 Granted, it wasn't per-block, but photos et al are unlikely to have same blocks anyway. 16:29:53 anything that can be replaced is not important in my book even my dd214 can be either downloaded form the VA or fetched from other parties 16:30:01 photos is a hit and miss 16:30:27 My *really* important stuff, I have on Seafile, and it's auto-synced with every single computer (albeit not server, except its host) that I have. 16:30:55 And I keep at least, uh. 3-5 computers constantly online. Not counting ones that come online at least once a week or so, and sync then. 16:31:03 Well, "constantly" being at least daily. 16:31:06 i trust a USB thumb drive more than most 3rd party backup services encrypted or not 16:31:12 (if I'm not awake, I won't be creating new files anyhow) 16:31:29 (unless I'm sleep-walk-programming?) 16:31:41 usb thumb drives have died on me so many times. 16:32:05 Demosthenex: I actually have that already. I didn't mention it because it was irrelevant, but I also have some much-less-important stuff on --- currently --- a non-reduncant storage. 16:32:05 as much as I like my pictures of my dogs they arent life threatning if I lose them 16:32:27 TL;DR my old mirror was only 2× (2×2), and I migrated it to this 3×. 16:32:43 After I was happy that 3× was fine (after about 6 months), I reused the old HDDs for the extra less-important storage. 16:32:52 One of those 4 failed since, so that pool is degraded. 16:33:11 Buuuut the data really isn't that important (TBH, I might have moved the GoG stuff to it, I know I was planning to) 16:33:30 cpet: well, definitely true. 16:33:52 no data is really just inconvient if it happens 16:33:59 Now I'm curious how much storage all my photos take, but I can't access my NAS right now, ironically. 16:34:23 (the server is at my parents' place, and their ISP fucked up and *then* my dad fucked up with some router config, so now I'm temporarily locked out of it until I get home and sort it out xD) 16:35:02 kinda curous wqhen bold text was a thing 16:35:19 I mean, it's still a thing, I'm just kinda lazy to use it. 16:36:57 Bold is toggled via \x02 in IRC. Similar to how \x01 is used for CTCP ACTION and such. 16:45:14 *slappy* 16:45:18 yay 16:45:44 *slappy jippy jappy* 16:53:45 For my client, it's ctrl+B. 16:53:52 With your thingie, I just see asterisks. 16:54:03 Demosthenex: just tried netdata, is there a way to get the full metrics without the use of their cloud? 16:55:25 someone used to use .oO for everything 16:55:30 that was annoying as well 16:56:15 DarkUranium: i ignore all the cloud crap. just use the local stuff 16:56:30 it's a decent all in one zero config local webui for monitoring. 16:56:33 but i use nagios and munin 16:56:38 Yeah, thing is, I get stuff like "Sign in to Netdata to use this function" 16:56:48 then don't use that function 16:57:09 you should have graphs for all major system items over time, and javascript navigation of them 16:58:42 Yeah, Top and Logs aren't accessible. Just irks me, I guess. 16:59:01 yeah, webuis irk me too. 16:59:52 i kind of like tui's and would be cool if they did something like that 17:01:29 .... to be honest, that's not a bad idea. I might do that. 17:02:05 i mean all you really need to know if if your system is OK, your FS arent full and temps are in normal levels 17:02:12 cpet: i would LOVE to see more tools usable over SSH. where did all the TUI CRUD forms builders for SQL go :P 17:02:14 you dont or i dont need a full blown webui for that 17:02:30 yeah, thus nagios. it alerts me over xmpp 17:02:36 i don't even open the ui 17:02:54 but then again I really dont need to monitor my system 17:05:58 i think the monitoring thing if its not enterprise its an attitude 17:06:10 either you like those conky stats or you dont 17:06:22 i luv my little conky bar on my laptop!' 17:06:38 back when I used to run FreeBSD on a cyrix CPU with limited space, ram, and CPU i ran nagios 17:06:47 but now that most systems are i7 or above 17:06:50 i dont bother any more 17:07:38 some people tend to go ape when there CPU goes above 40C 17:08:10 with my liquid cooling setup I can buildworld with -j30 and it doesnt even move 17:08:30 100% cpu usage is just good efficiency ;] 17:09:23 i dont need a graph showing it 17:09:41 oh look im running youtube my CPU is actually doing something 17:09:51 so many idle cpus in the world 17:09:55 but like I said some people like them others dont 17:09:58 same with LEDs 17:10:01 i hate LEDs 17:10:12 electape and wire cutters. 17:10:25 i hate them so much I take the fans apart remove the LEDs and put them back together 17:10:43 cause now you cant even fine normal fans 17:11:03 cause normally when you need a fan you need it now not in 1-3 business days 17:12:22 however ive seen that sometimes removing the LEDs causing issues with the PWM function of the fan 17:39:04 From the release notes: "The FreeBSD and FreeBSD-kmods repositories defined in /etc/pkg/FreeBSD.conf have been renamed to FreeBSD-ports and FreeBSD-ports-kmods respectively. Users who override these in /usr/local/etc/pkg/repos will need to adjust their configuration to match the new names." Gonna have to remember that, though not sure I will jump 17:39:04 on 15.0-R right away 17:47:55 scoobybejesus_tl: makes sense to change the names as FreeBSD for ports didint make sense when pkgbase is the new norm 17:48:07 i dont think thats a reason to bypass a update 17:48:59 Yeah I'm going to wait until .1 17:49:34 FreeBSD drink.unix.beer 15.0-RELEASE FreeBSD 15.0-RELEASE releng/15.0-7aedc8de6446 GENERIC amd64 17:49:37 works fine here 17:53:32 is someone familiar with x86 intel pmc? i'd like to support another cpu 17:54:11 I updated to 15.0-R over the weekend on most of my stuff too. 17:54:26 leah2: more testing ? 17:55:35 well the counter i want seems to work, but i'm not sure if i broke something else :) 17:56:08 ok let me use some telekinesis and guess the optiosn you used, program, port options kernel version OS installed 17:56:12 hardware information 17:56:17 IP address and shell acount info 17:56:42 and my donation for a free coffee 17:59:11 i can provide many details, if you're interested 18:00:48 that's the patch i wrote https://l2.re/JU7dj2 to run on intel N100 18:36:38 so you wrote that patch ? 18:37:47 i do not have a alderlake I have a Raptopr Lake 18:38:03 however if it compiles and works 18:38:16 i dont see why It wouldnt wokr for someone else which that rev 18:38:26 well you need a N100 or N150 to test it 18:38:43 i adjusted the libpmc now with new json files, i think it fits better now 19:34:42 So, I've noticed some behaviour with daemon(8) that I'm not sure is intentional. 19:35:40 Namely, if one uses -u / --user, it'll try to open the program *as* that user. So if I run daemon as root, root has access to /usr/local/sbin/foo but other users don't (as it typical), then `daemon -u foo_user /usr/local/sbin/foo` will fail. 19:37:03 I have come across that and can't remember what i did to deal with it, or even which program I had the issue with 19:42:00 I'm guessing it (`daemon(8)`) basically does `setuid() -> exec()`, and that open() fails. 19:46:40 (the implied/specified-by-standard one in `exec()` family) 19:49:47 I can't help but wonder if a `fd = open(...); setuid(); fexecve(fd, ...)` would work. But it does check for exec permission, so I'm not sure. 20:24:19 scoobybejesus_tl: FWIW, I made a small program that does exactly that (yes, it seems to work) 20:24:51 `int fd = open("/path/to/program", O_EXEC | O_CLEXEC); setgid(...); setuid(...); fexecve(fd, ...);` 20:37:32 why pput code in `` 21:22:13 cpet: clarity 21:24:14 I normally put extra spaces around code, to seperate it from the surrounding text on irc 21:29:28 It's common in markdown and modern chats like discord but for IRC it's usually not used 21:35:44 I'm pretty sure markdown has it from irc and email, as when inline with other text, it is sometimes not clear where the surrounding text and the code starts/stops 21:51:57 I am trying to switch from ezjails to jails on a bunch of services . one of them is a squeezebox server for what is now lyrion server. with spotty as as the connecting daemon to spotify. Seems the shift from ezjails to vanilla jails have changed somewhat what I need to do? 21:52:32 the spotty daemon process needs avahi/bonjour facilities in order to work properly 21:53:04 this seems to have been a part of my old jails config, not a part of my new 21:53:43 have anyone got exp in this broadcast I/O from whithin a jail? 21:54:30 what am I not seeing? 21:55:05 it is mainly the authentication process that fails due to the difference between what ezjails did and vanilla jails 21:56:06 maybe the correct question is - how to make avahi / bonjour work in a vanilla jail 21:56:56 Are you sure you want to move to vanilla jails, they are kind of a burden to maintain, especially if a thick jail. I recently migrated from vanilla jails to bastille. Much better experience. 21:57:43 they are thin jails, but in effect this should be be a vnnet issue? .. maybe 21:57:58 Yes, sounds like it 21:58:05 yes 21:58:47 I think ez jail configured more than vanilla jails does towards this 21:59:24 I am unsure really how far to go in the network setup to replicate ezjails with vanilla jails 22:00:14 currently the diagnosis is just a timeout in the dependent services 22:00:45 All my jails have their own net stack, let me check 22:01:37 the rest of the stack works, eg gui and etc. but the avahi / other broadcast stuff - not so much 22:01:44 they used to in ezjail 22:01:53 I can provide configs 22:02:16 This is my relevant jail.conf https://gist.github.com/0x1eef/803a5e32315e3fc8c8eb96cec6bd7733 22:02:53 bastille manages most of that for me 22:09:26 https://paste.ubuntu.com/p/4C9FH78dRR/ 22:09:29 more info 22:10:12 Basically it works - except for spotty login / since it uses avahi / bonjour - so other music sources are ok 22:10:45 You are missing the vnet configuration 22:10:57 I keep seeing 15.0-RELEASE in rss feeds yet is still upcoming. Is 15 is the end of post rc but pre release state? Just waiting for mirror updates? 22:11:09 At least you want 'vnet;' but really there's more config to port, including with ifconfig 22:11:35 yes I realise that now 22:11:45 I do not know how 22:12:02 My gist would be a good start, probably. Do you have a bridge? 22:12:30 no bridge config - is that implicit in using the old ezjail system? 22:12:43 maybe I did not realize that happened 22:13:22 I'm not sure how ezjail does it, but in my setup, I have bridge0 and each jail has its own interfaces (eg e0a, e0b, etc) that are added to the bridge for internet access. 22:13:46 I just want local net access behind the fw 22:14:10 like from the browser I seek to login with to the endpoint the oauth2 process forwards me to 22:14:20 does that make sense? 22:14:42 Yeah. This is on your LAN, right? So maybe you want dhcpd to assign an IP for you? 22:15:11 this is fixed IP 22:15:22 Okay, that's easier. 22:15:40 never assign ips to servers via dhcp 22:15:49 not even ipv6 22:16:55 I think what happened with ezjails was a true vnet jail assignment. with broadcast and all 22:17:02 My LAN assigns IPs based on the ether/mac address. Your setup sounds simpler. 22:17:15 and now with vanilla jails I need to somehow specify it 22:17:26 yes mac addr is not considered 22:17:57 I have a hw police guard on my net looking for intruders 22:18:08 aka unknown macs 22:18:20 they will never get an ip 22:18:39 and the alert will sound 22:19:23 To start, you should add vnet; to your jail's config, and then start the jail, see what interfaces are available, iterate until you can assign an IP to the interface and reach other computers 22:19:48 ok 22:20:06 I have, unfortunately, grown accustomed to ezjails 22:20:20 but given the state - I am trying to move on 22:20:43 I like bastille for this. Very good abstraction. 22:21:09 I think I have to go bare bones - or I will just replace one problem with another? 22:21:27 aka understand the core tools in FreeBSD 22:22:18 I started with vanilla jails, and while it was good to learn things the hard way, it's not really sustainable unless you write your own scripts to automate the process, and bastille does a better job of that than me 22:22:34 BarnabasDK: here is an example of vnet jails https://pastebin.com/sLwNBzMW 22:22:35 ok 22:22:48 voy4g3r2, reading 22:22:53 follows the handbook and added some specific things, in particular the $id 22:23:24 brings up epairs and adds to my bridge.. 22:23:35 this is not (yet) on zfs though 22:23:45 it might be very quickly 22:24:21 that is possible, you were asking about ip address and not using ezjails.. to have vnet 22:24:34 you may need to tweak to your environment but the stuff at the bottom is the key 22:24:43 yes this is not really about zfs 22:25:01 just why I see a difference between what I did with ezjails and now vanilla jails 22:25:06 i would focus on line 28 - 41 22:25:14 voy4g3r2, check 22:25:45 and the service does work, and start, it is the authentication part that fails 22:26:14 (eg, I ran the daemons with the corect switches ouside of the jail to find out) 22:27:25 so ezjail implicitly configured a bridge? 22:28:35 If you still have the config try start the jail and then run 'ifconfig' 22:28:35 I am just trying to understand the differences 22:28:59 yes but before that - I would like to learn what I am changing 22:29:14 so I can verify 22:29:28 I mean, if you still have the ezjail config, you can start the jail the old way and then run ifconfig, you might see bridge0 and a couple of epair interfaces 22:30:06 hmm 22:31:07 I do not recall ever seing that on the jail, but also cannot say I ever looked for it 22:31:18 It's also visible on the host 22:31:25 yes it should be 22:32:18 I do not recall ever having setup a full bridge in order to run this in ezjails 22:33:03 It might be done behind the scenes. I have no experience with ezjail though. 22:34:38 I have another jail host on my network running a mdns server, seems to work just fine - I do not understand why - also migrated from ezjails to just jails 22:34:55 if this is aproblem 22:35:16 a normal dns/mdns host 22:35:37 this is a mystery to me 22:36:10 it answers broadcast on 5353 like it is supposed to 22:37:58