ohh, now I get it

thanks

That makes it perfectly clear for me

thank you very much!

so i got feedback from some hackers last few days that my FreeBSD server is a fortress >:D

wsky: Nice!

thanks to the dev team brilliance :D

Anything can be broken, but sane defaults save face xD

I'm wondering, is it cron's default behavior to email error messages from jobs it runs? I have a bunch of junk in my mail because of it

Aye. You can turn it off for the entire crontab by making the MAILTO environment variable empty, or use shell redirection to send the output to a file or /dev/null

ah, I see. they seem like normal warnings, and the cron job is functioning as its supposed to. just hate all that junk in my mail. will do that

A fancier way of dealing with it is provided by a script called 'cronic' - it's in pkg - which collects output but only emits it if the program exits with an error code

i should export /etc/periodic, not sure what i want it for, but

mquin: thats pretty interesting, ill look into that. thanks

Should I set quotas or reservations for my datasets when using zfs?

Liaf: you can do it

But is it best practice? :-D

hhe... the practice is - do it if you need it

:-D

I am thinking about how to backup my system. As far as I learned I would zfs snapshot -r zroot@something and then I could zfs send it. But as I don't have a zfs file system on my remote server I would first need to write it to a file and rsync this I guess. Now as this needs some space, I was thinking of creating a backup dataset and reserving some space there.

Or is there a better way?

you can send it to different fs

I can?

All I found needed an zfs receive on the other side.

zfs send -R zpool@snapshot | xz -T0 | dd of=/zfs.backup.snapshot.xz

zfs.backup.snapshot.xz is your backup

zstdmt with adaptive compression ratio works as good as xz, or even better

zstdmt and xz are preferred over gzip?

dd of=/mnt/thumb_drive/zfs.backup.snapshot.xz looks better

gzip runs in one thread

Okay

(why do you use dd to pipe to a file, does normal redirection not work with xz?)

nimaje: I don't know, I was guiding Liaf

Can I do something like zfs send -R zpool@snapshot | xz -T0 | ssh backupuser⊙re cat > zfs.backup.snapshot.xz?

zfs send -R zpool@snapshot | zstdmt --adapt --long | of=/remote_NFS/zfs.backup.snapshot.zst will be best for the first try

Liaf: sure, you can

"| of" missing "dd"?

I am sending my zfs backups this way for 10+ years, ssh is reliable

lts: thanks

zfs send -R zpool@snapshot | zstdmt --adapt --long | dd of=/remote_NFS/zfs.backup.snapshot.zst

Liaf: ^^^ this one

or use ssh, and you will be fine

I think I would prefer ssh over NFS as I don't want to expose the NFS ports over the internet. Even if I could limit it to certain IPs.

now we have opportunity to use secure NFS, in the past it wasn't safe, so ssh was the best solution

I like to pipe NFS through wireguard

Liaf: using zfs send you can also do incremental backups

take a look at zfs-send(8)

and for ssh you can use different ciphers, check for robust one

for sending using ssh over internet xz will be better than zstd

Why will xz be better with ssh?

zstd might give you better bang for the buck

proxmox uses a similar method for backups .. where it pipes it to zstd to make archives off zfs snapshots

it's probably better to do that in case you have to take these archives and put it on something else that doesn't already ahve compression .. like if you had an emergency "put it on an external usb drive and physically restore" type of situation

i wonder why my ryzen is stuck at 3.6GHz even though there isn't much going on with its cores. at least that is what btop is reporting. maybe it just takes the highest.

Macer: Yeah, pretty sure btop reports the highest core speed and highest core temp in its overview

seems like htop reports 3600MHz for all the cores / threads too... think i'll have to see if that's normal. i'd expect it to be fluctuating a lot more

Macer: you on 15?

Liaf: it will give you better compression

I kind of want to back up my pool but I cannot install a backup OS in Hyper-V because of the boot-time panic in hv_hid :D

at least my existing VMs usually manage to start after 5-10 panics

mzar: so just to understand you correctly, xz gives better compression when sending over ssh and zstdmt is better when it's a local usb-drive?

compression ratio does not depend on medium

Liaf: zstd is fastest, xz guarantees best compression

but xz will happily destroy your CPU yeah

Remilia: sup there ? are you still running FreeBSD ?

?? what do you mean

no worries, you don't have to answer

mzar: got it, okay :-)

I don't think I ever indicated I stopped running it on my servers, but I do admit I have only been using it since 1997

I have updated poudire stable/15 jails, now LLVM is supposed to be faster

Remilia: Good job; same here, but in my case it could be 1998 ;-)

Liaf: you can also use ssh -C

that will gzip your entire ssh connexion

Macer: is it a 3.6GHz CPU with 4.2GHz turbo? i don't believe freebsd can report the turbo speed right now, only the configured speed

you made me think of the turbo button

the one that flipped your SX-33 between 16 and 33 MHz

I started using zfs send over ssh somewhere after 2010, but now, considering that we have NFSv4 with TLS support, using NFS would be better

NFS is never great with high latency, even v4

not over the Internet, in LAN

oh

I am having a silly time

I turned off vlan filtering, but now I cannot remove the setting:

# ifconfig br0 iftagged re0 none

However, this works:

# ifconfig br0 vlanfilter iftagged re0 none -vlanfilter

zip: when you say you cannot remove the setting, what do you mean exactly?

ifconfig br0 -vlanfilter would be my guess

Ivy: ifconfig: BRDGSIFVLANSET 2: Invalid argument (extended error VLAN filtering not enabled)

ivy: incidentally I'm currently following your bridge tutorial to move from trying to run a bridge-per-vlan to running a bridge-with-vlans

zip: hmm, indeed. but this is only cosmetic, because iftagged has no effect if vlanfilter is disabled. could you file a PR and cc ivy⊙fo please?

sure. And yes, it's cosmetic

which component do I want?

kern

got it

there you go

so far I've filed two bugs and both of them are kind of in the "don't do that then" kind of category

Liaf, my use cases for reservations and quotas: I have reservations on my mysql and postgresql jails, and quotas on a share for my NVR and my sabnzbd server. If I decide to use a dataset for timemachine purposes (backup of my macbooks) then it certainly will get a quota (probably user based)

the hellish part of this project, it seems, is now I can't use `jib` I need to rethink how to make sure my stuff gets consistent IP addresses

I suppose I should simply number my jails and use the number, nice and simple

I use the old variables approach for jail IPs

pastee.dev/p/O1X62Sqw like so

Hm. The pi hole blocks that as malicious, but the list I use is pretty sloppy

Like "this site hosted a bad ad once"

Recommendation for blocklists: oisd.nl

The wider project is to replace dockerised home assistant on a pi with a VM, and to move IoT to its own vlan

I just run unbound

But first I must make sure I can put a VM or a jail on arbitrary vlans

SponiX: yes

15.0p1

afterglow: i definitely had issues upgrading. for instance if it can't pull the file fast enough in the web ui then it will timeout and put it in maintenance mode and make it impossible to fix without shell intervention

i had to use updater.phar

it was a lot worse when nc was younger :) you pretty much could wreck it on every update

What exactly did you try to upgrade, Macer? Is this still about Nextcloud?

yes. sorry. i was busy and scrolled up.

Okay, I never upgraded through the ui. Always used the package

so: pkg upgrade, php occ upgrade, done

ivy: it's a ryzen 3700x. i'd have to check. my concern isn't the faster speed. it's the slower speed. i wouldn't expect it to run so high right now being relatively idle

Macer: do you have powerd running?

ivy: yes

you may need to adjust the tuning, iirc powerd only considers highest single core load when scaling, so it can scale earlier than you'd expect

oh. it doesn't do per core?

i don't think the cpu can scale per core (you may test this by setting the sysctl manually and see what happens)

hm

homeassistant became such a massive pain after they went 'nope lol we're home asssistant OS now'

even the docker (which I hate) is now the inferior option because you do not get their 'addons' → no way to get Thread or MultiPAN working

the docker image*

I used to just run it on my home router (an apu4d4) but now it's like, you're on your own and they keep upgrading Python version dependency

ivy: not sure exactly where powerd pulls its options from

Macer: command line options, $powerd_flags in rc.conf

oh

so it would be $powerd_flags="-a adaptive ..." ?

That's why I keep HA running on a PI, Remilia :-)

Macer: you don't include the $ when setting a variable, but otherwise yes

afterglow: I did not have a Pi at the time and they were notoriously expensive and hard to buy in the country where I worked at the time

yeah .. i'm trying that now

seeing if i can change it to adaptive to see if that will change anything

and even now when I do have a Pi 4 I am running hass as a docker image there because my Raspbian runs ADS-B

/etc/rc.conf: powerd_flags -n min: not found

did you forget the '=' ?

variables, ser

rc.conf is just a shell script

Without $

yeah. not sure what happened there. i didn't have the $ lol...

powerd_flags="-a hiadaptive -i 25 -r 85 -N" <- that worked though

and it seems like the cores are dropping a lot faster

but yeah it definitely looks like it is all or nothing.

that's usually better, the cpu can finish the task as quickly as possible and go back to idle sooner

afterglow: i was worried about HA burning up my SD card, i was planning on moving it to a vm

rtprio, me too, but nowadays it runs of a sdd, and recorder goes to my postgresql.

I missed out on that conversation. So is home assistant an “OS” now or something?

Is it going to be oracled? :)

Hi there, is there a specific channel to get some assistance with PF. I have a working pf.conf since ages, but I recently found an need to include NFSv3 and NFSv4 file sharing on my home network and cannot get PF to play nice.

Macer: basically; linux host with docker. not a huge fan

Oh. Nextcloud is doing the same thing pretty much.

Their future apps will require docker and a proxy.

linXea, you just have the one NFS server?

CrtxReavr, yea, it is a local NAS.

I can't find any articles saying that NextCloud is going to require docker and a proxy. Got a link?

I've not actually NFSv4. ..

Though I used to deal a lot with getting NFSv3 working over firewalls that I didn't controll. . . that was tedious AF.

Nothing like repeatedly trying to explain SunRPC protocols to a neophyte firewall admin.

I cannot change the config of the NAS, hence the need to adjust my quite restrictive PF to allow access. Jumping RPC ports got my head spinning etc

"What do you mean the ports change all the time?"

You have to allow a range. . . can prolly setup a trigger port.

CrtxReavr: i got tired of it to, so i asked for a copy of the rules so i can refer to NETWORK_GROUPS explictly

really streamlined things

'rpcinfo -p <server>' is your friend.

just another reason not to use NFSv3... (i know, some shitty vendors still haven't added NFSv4 after 20 years)

NFSv4 would have been nice. Just need to apply rules for port 2049

Does NFSv4 support a network encryption layer?

two: Kerberos or TLS

or ofc you can run it over IPsec

anyway, I really enjoy the upgrade to fBSD 15.0

oh wow HAProxy has ACME support now

about damn time

and now I wonder why does my poudriere show options for haproxy-3.2.9 but bulk builds 3.0.3

poudriere% options lunatear net/haproxy \ ===> Setting user-specified options for haproxy-3.2.9 and dependencies

poudriere% bulk lunatear net/haproxy \ [00:00:04] [01] [00:00:00] Building net/haproxy@default | haproxy-3.0.3

I'm lost

the Makefile seems fine…

Remilia: are those shell aliases? perhaps you have -p on one of them but not the other

I don't

hmm I think I figured it out (massive facepalm)

for some reason I had an overlay specified… wow, thanks past me

nice to be an idiot

rtprio: comes with some… quirks

i'm using caddy for now, there are some things i like about it, but a few things i'm not keen on

basically you have to enable the socket interface if you want to save your certs

since haproxy is designed to never touch disk I/O after forking the event loop

my needs are very simple, so I use Caddy for my static web hosting and reverse proxy stuff (like Plex/Jellyfin)

I ignored Caddy for years for no apparent reason, and then a month or two ago tried it for some internal stuff where I wanted a wildcard cert for internal-only stuff and used DNS-01 challenge to get it

definitely seemed simpler than the alternatives

and I have really liked the trend lately of "just use Go/Rust and make it a single static binary", seemingly in backlash to "it's so easy to run! just use this docker-compose.yml" and then the software equivalent of going "yes I cleaned my room, why?" while everyone can see things 3 feet high piled under the carpet

hmm how do I properly boot off the install media (bootonly.iso) while not letting it load hv_hid.ko at rc stage…

because i.koumakan.jp/2025-12-29/1767036584.png is not going away :|

Can you boot it in single user mode?

yes

but it's not like I can edit its rc.conf to add the line I need there

since it's iso9660

maybe I could overlay tmpfs somehow... since if you exit the single user shell it runs rc

I had the same problem with my poudriere VM after 15.0-RELEASE upgrade, where disabling hv_hid at least means I get a chance to boot w/o a panic once in 5-10 attempts

which is better than this permanent boot/panic loop with hv_hid :D

Sounds like new .iso is needed

Remilia: blocklist kld's go in loader.conf i thought

rtprio: not when they are loaded during rc stage

rtprio: I am extremely sure that devmatch_blocklist goes in rc.conf and not loader.conf

and you can pretty much see in the screenshot I posted when the panic occurs

can you remove the module?

how do I remove it from bootonly.iso?

what's the host os?

Windows 11 Enterprise

if you were on freebsd it would be mdconfig and mount_cd9660

regrettably I have to be able to do work

TommyC: docs.nextcloud.com/server/stable/ad…nagement/AppAPIAndExternalApps.html

For the exapps. I’d have to look a little harder for the one tha said they were going to discontinue the old method.

hm. new problem… it seems like the network cuts out for about 3-4 seconds while a vm-bhyve VM is coming up or going down. I wonder if that's a bridge setting

Remilia: module_blacklist is a loader variable tho

rtprio: it does not affect post-boot module loading

what a pain in the ass

(in fact if you check loader.conf(5) it tells you that dependencies present in that list will still be loaded, and you can use loader prompt to load these anyway)

plus it's not like hv_hid is the only issue, something else is horribly wrong when running 15 in Hyper-V

hm, more like 2 seconds really

though interestingly enough, I only get panics at rc stage, once the system gets to the login prompt, it is stable

like, 3-5 hours of poudriere bulk with no issues

Macer: Meh, that's just ExApps.

that's too bad; i ran 14 in hyperv for quite a while... until i formatted windows11 with frewbsd

afterglow: thanks for the example :-)

Remilia: what kind of issues are you seeing on hyperv? also gen1 or gen2? just booted/installed 15.0, not seeing any problems