00:03:55 ohh, now I get it 00:03:56 thanks 00:04:09 That makes it perfectly clear for me 00:04:12 thank you very much! 00:50:13 so i got feedback from some hackers last few days that my FreeBSD server is a fortress >:D 00:58:40 wsky: Nice! 00:59:05 thanks to the dev team brilliance :D 00:59:40 Anything can be broken, but sane defaults save face xD 02:15:43 I'm wondering, is it cron's default behavior to email error messages from jobs it runs? I have a bunch of junk in my mail because of it 02:20:46 Aye. You can turn it off for the entire crontab by making the MAILTO environment variable empty, or use shell redirection to send the output to a file or /dev/null 02:22:05 ah, I see. they seem like normal warnings, and the cron job is functioning as its supposed to. just hate all that junk in my mail. will do that 02:26:22 A fancier way of dealing with it is provided by a script called 'cronic' - it's in pkg - which collects output but only emits it if the program exits with an error code 02:51:08 i should export /etc/periodic, not sure what i want it for, but 02:53:11 mquin: thats pretty interesting, ill look into that. thanks 11:36:41 Should I set quotas or reservations for my datasets when using zfs? 11:39:35 Liaf: you can do it 11:39:51 But is it best practice? :-D 11:40:11 hhe... the practice is - do it if you need it 11:40:17 :-D 11:43:39 I am thinking about how to backup my system. As far as I learned I would zfs snapshot -r zroot@something and then I could zfs send it. But as I don't have a zfs file system on my remote server I would first need to write it to a file and rsync this I guess. Now as this needs some space, I was thinking of creating a backup dataset and reserving some space there. 11:43:53 Or is there a better way? 11:45:00 you can send it to different fs 11:45:13 I can? 11:46:10 All I found needed an zfs receive on the other side. 11:48:43 zfs send -R zpool@snapshot | xz -T0 | dd of=/zfs.backup.snapshot.xz 11:49:03 zfs.backup.snapshot.xz is your backup 11:50:14 zstdmt with adaptive compression ratio works as good as xz, or even better 11:51:18 zstdmt and xz are preferred over gzip? 11:51:20 dd of=/mnt/thumb_drive/zfs.backup.snapshot.xz looks better 11:51:43 gzip runs in one thread 11:52:54 Okay 11:53:03 (why do you use dd to pipe to a file, does normal redirection not work with xz?) 11:54:21 nimaje: I don't know, I was guiding Liaf 11:55:25 Can I do something like zfs send -R zpool@snapshot | xz -T0 | ssh backupuser⊙re cat > zfs.backup.snapshot.xz? 11:56:06 zfs send -R zpool@snapshot | zstdmt --adapt --long | of=/remote_NFS/zfs.backup.snapshot.zst will be best for the first try 11:56:27 Liaf: sure, you can 11:56:45 "| of" missing "dd"? 11:57:10 I am sending my zfs backups this way for 10+ years, ssh is reliable 11:57:32 lts: thanks 11:57:42 zfs send -R zpool@snapshot | zstdmt --adapt --long | dd of=/remote_NFS/zfs.backup.snapshot.zst 11:57:54 Liaf: ^^^ this one 11:58:09 or use ssh, and you will be fine 11:58:42 I think I would prefer ssh over NFS as I don't want to expose the NFS ports over the internet. Even if I could limit it to certain IPs. 11:59:41 now we have opportunity to use secure NFS, in the past it wasn't safe, so ssh was the best solution 11:59:55 I like to pipe NFS through wireguard 12:01:29 Liaf: using zfs send you can also do incremental backups 12:02:19 take a look at zfs-send(8) 12:03:21 and for ssh you can use different ciphers, check for robust one 12:04:55 for sending using ssh over internet xz will be better than zstd 12:30:21 Why will xz be better with ssh? 12:38:24 zstd might give you better bang for the buck 12:38:51 proxmox uses a similar method for backups .. where it pipes it to zstd to make archives off zfs snapshots 12:40:10 it's probably better to do that in case you have to take these archives and put it on something else that doesn't already ahve compression .. like if you had an emergency "put it on an external usb drive and physically restore" type of situation 12:55:03 i wonder why my ryzen is stuck at 3.6GHz even though there isn't much going on with its cores. at least that is what btop is reporting. maybe it just takes the highest. 12:56:01 Macer: Yeah, pretty sure btop reports the highest core speed and highest core temp in its overview 12:56:03 seems like htop reports 3600MHz for all the cores / threads too... think i'll have to see if that's normal. i'd expect it to be fluctuating a lot more 12:56:30 Macer: you on 15? 13:07:41 Liaf: it will give you better compression 13:34:20 * Remilia just uses mbuffer over wireguard or IPsec for zfs sends 13:35:00 I kind of want to back up my pool but I cannot install a backup OS in Hyper-V because of the boot-time panic in hv_hid :D 13:35:27 at least my existing VMs usually manage to start after 5-10 panics 13:36:16 mzar: so just to understand you correctly, xz gives better compression when sending over ssh and zstdmt is better when it's a local usb-drive? 13:37:26 compression ratio does not depend on medium 13:37:27 Liaf: zstd is fastest, xz guarantees best compression 13:37:44 but xz will happily destroy your CPU yeah 13:40:11 Remilia: sup there ? are you still running FreeBSD ? 13:40:27 ?? what do you mean 13:40:59 no worries, you don't have to answer 13:41:46 mzar: got it, okay :-) 13:41:48 I don't think I ever indicated I stopped running it on my servers, but I do admit I have only been using it since 1997 13:42:07 I have updated poudire stable/15 jails, now LLVM is supposed to be faster 13:43:03 Remilia: Good job; same here, but in my case it could be 1998 ;-) 13:43:13 Liaf: you can also use ssh -C 13:43:41 that will gzip your entire ssh connexion 13:43:53 Macer: is it a 3.6GHz CPU with 4.2GHz turbo? i don't believe freebsd can report the turbo speed right now, only the configured speed 13:44:19 you made me think of the turbo button 13:44:36 the one that flipped your SX-33 between 16 and 33 MHz 13:44:47 I started using zfs send over ssh somewhere after 2010, but now, considering that we have NFSv4 with TLS support, using NFS would be better 13:45:13 NFS is never great with high latency, even v4 13:45:30 not over the Internet, in LAN 13:45:41 oh 13:55:32 I am having a silly time 13:56:02 I turned off vlan filtering, but now I cannot remove the setting: 13:56:05 # ifconfig br0 iftagged re0 none 13:56:18 However, this works: 13:56:19 # ifconfig br0 vlanfilter iftagged re0 none -vlanfilter 14:03:16 zip: when you say you cannot remove the setting, what do you mean exactly? 14:03:18 ifconfig br0 -vlanfilter would be my guess 14:04:50 Ivy: ifconfig: BRDGSIFVLANSET 2: Invalid argument (extended error VLAN filtering not enabled) 14:05:41 ivy: incidentally I'm currently following your bridge tutorial to move from trying to run a bridge-per-vlan to running a bridge-with-vlans 14:06:00 zip: hmm, indeed. but this is only cosmetic, because iftagged has no effect if vlanfilter is disabled. could you file a PR and cc ivy⊙fo please? 14:06:15 sure. And yes, it's cosmetic 14:07:40 which component do I want? 14:07:46 kern 14:08:17 got it 14:12:15 there you go 14:12:43 so far I've filed two bugs and both of them are kind of in the "don't do that then" kind of category 14:59:10 Liaf, my use cases for reservations and quotas: I have reservations on my mysql and postgresql jails, and quotas on a share for my NVR and my sabnzbd server. If I decide to use a dataset for timemachine purposes (backup of my macbooks) then it certainly will get a quota (probably user based) 15:08:21 the hellish part of this project, it seems, is now I can't use `jib` I need to rethink how to make sure my stuff gets consistent IP addresses 15:08:33 I suppose I should simply number my jails and use the number, nice and simple 15:16:00 I use the old variables approach for jail IPs 15:17:05 https://pastee.dev/p/O1X62Sqw like so 15:45:28 Hm. The pi hole blocks that as malicious, but the list I use is pretty sloppy 15:45:43 Like "this site hosted a bad ad once" 15:47:32 Recommendation for blocklists: https://oisd.nl/ 15:49:54 The wider project is to replace dockerised home assistant on a pi with a VM, and to move IoT to its own vlan 15:50:51 I just run unbound 15:51:20 But first I must make sure I can put a VM or a jail on arbitrary vlans 15:52:59 SponiX: yes 15:53:03 15.0p1 15:56:12 afterglow: i definitely had issues upgrading. for instance if it can't pull the file fast enough in the web ui then it will timeout and put it in maintenance mode and make it impossible to fix without shell intervention 15:56:36 i had to use updater.phar 15:57:30 it was a lot worse when nc was younger :) you pretty much could wreck it on every update 15:57:30 What exactly did you try to upgrade, Macer? Is this still about Nextcloud? 15:57:40 yes. sorry. i was busy and scrolled up. 15:58:19 Okay, I never upgraded through the ui. Always used the package 15:58:54 so: pkg upgrade, php occ upgrade, done 15:58:54 ivy: it's a ryzen 3700x. i'd have to check. my concern isn't the faster speed. it's the slower speed. i wouldn't expect it to run so high right now being relatively idle 15:59:12 Macer: do you have powerd running? 15:59:18 ivy: yes 15:59:43 you may need to adjust the tuning, iirc powerd only considers highest single core load when scaling, so it can scale earlier than you'd expect 16:00:19 oh. it doesn't do per core? 16:01:06 i don't think the cpu can scale per core (you may test this by setting the sysctl manually and see what happens) 16:01:41 hm 16:02:11 homeassistant became such a massive pain after they went 'nope lol we're home asssistant OS now' 16:02:52 even the docker (which I hate) is now the inferior option because you do not get their 'addons' → no way to get Thread or MultiPAN working 16:03:13 the docker image* 16:03:53 I used to just run it on my home router (an apu4d4) but now it's like, you're on your own and they keep upgrading Python version dependency 16:04:17 ivy: not sure exactly where powerd pulls its options from 16:04:31 Macer: command line options, $powerd_flags in rc.conf 16:05:19 oh 16:05:30 so it would be $powerd_flags="-a adaptive ..." ? 16:06:05 That's why I keep HA running on a PI, Remilia :-) 16:06:12 Macer: you don't include the $ when setting a variable, but otherwise yes 16:06:58 afterglow: I did not have a Pi at the time and they were notoriously expensive and hard to buy in the country where I worked at the time 16:07:30 yeah .. i'm trying that now 16:07:39 seeing if i can change it to adaptive to see if that will change anything 16:07:41 and even now when I do have a Pi 4 I am running hass as a docker image there because my Raspbian runs ADS-B 16:09:10 /etc/rc.conf: powerd_flags -n min: not found 16:09:34 did you forget the '=' ? 16:09:42 variables, ser 16:09:55 rc.conf is just a shell script 16:10:03 Without $ 16:11:03 yeah. not sure what happened there. i didn't have the $ lol... 16:11:09 powerd_flags="-a hiadaptive -i 25 -r 85 -N" <- that worked though 16:11:24 and it seems like the cores are dropping a lot faster 16:12:19 but yeah it definitely looks like it is all or nothing. 16:14:35 that's usually better, the cpu can finish the task as quickly as possible and go back to idle sooner 16:52:44 afterglow: i was worried about HA burning up my SD card, i was planning on moving it to a vm 17:40:49 rtprio, me too, but nowadays it runs of a sdd, and recorder goes to my postgresql. 18:05:22 I missed out on that conversation. So is home assistant an “OS” now or something? 18:05:38 Is it going to be oracled? :) 18:15:09 Hi there, is there a specific channel to get some assistance with PF. I have a working pf.conf since ages, but I recently found an need to include NFSv3 and NFSv4 file sharing on my home network and cannot get PF to play nice. 18:23:22 Macer: basically; linux host with docker. not a huge fan 18:23:46 Oh. Nextcloud is doing the same thing pretty much. 18:24:02 Their future apps will require docker and a proxy. 18:27:04 linXea, you just have the one NFS server? 18:27:51 CrtxReavr, yea, it is a local NAS. 18:28:19 I can't find any articles saying that NextCloud is going to require docker and a proxy. Got a link? 18:28:25 I've not actually NFSv4. .. 18:29:01 Though I used to deal a lot with getting NFSv3 working over firewalls that I didn't controll. . . that was tedious AF. 18:29:28 Nothing like repeatedly trying to explain SunRPC protocols to a neophyte firewall admin. 18:30:09 I cannot change the config of the NAS, hence the need to adjust my quite restrictive PF to allow access. Jumping RPC ports got my head spinning etc 18:30:10 "What do you mean the ports change all the time?" 18:30:43 You have to allow a range. . . can prolly setup a trigger port. 18:30:55 CrtxReavr: i got tired of it to, so i asked for a copy of the rules so i can refer to NETWORK_GROUPS explictly 18:31:00 really streamlined things 18:31:20 'rpcinfo -p ' is your friend. 18:31:32 just another reason not to use NFSv3... (i know, some shitty vendors still haven't added NFSv4 after 20 years) 18:32:04 NFSv4 would have been nice. Just need to apply rules for port 2049 18:33:15 Does NFSv4 support a network encryption layer? 18:33:32 two: Kerberos or TLS 18:33:41 or ofc you can run it over IPsec 18:43:31 anyway, I really enjoy the upgrade to fBSD 15.0 19:00:25 oh wow HAProxy has ACME support now 19:01:49 about damn time 19:06:21 and now I wonder why does my poudriere show options for haproxy-3.2.9 but bulk builds 3.0.3 19:06:47 poudriere% options lunatear net/haproxy \ ===> Setting user-specified options for haproxy-3.2.9 and dependencies 19:07:08 poudriere% bulk lunatear net/haproxy \ [00:00:04] [01] [00:00:00] Building net/haproxy@default | haproxy-3.0.3 19:07:13 I'm lost 19:08:15 the Makefile seems fine… 19:08:41 Remilia: are those shell aliases? perhaps you have -p on one of them but not the other 19:09:04 I don't 19:09:32 hmm I think I figured it out (massive facepalm) 19:10:19 for some reason I had an overlay specified… wow, thanks past me 19:10:38 nice to be an idiot 19:11:26 rtprio: comes with some… quirks 19:11:52 i'm using caddy for now, there are some things i like about it, but a few things i'm not keen on 19:12:11 basically you have to enable the socket interface if you want to save your certs 19:12:37 since haproxy is designed to never touch disk I/O after forking the event loop 19:20:32 my needs are very simple, so I use Caddy for my static web hosting and reverse proxy stuff (like Plex/Jellyfin) 19:21:17 I ignored Caddy for years for no apparent reason, and then a month or two ago tried it for some internal stuff where I wanted a wildcard cert for internal-only stuff and used DNS-01 challenge to get it 19:21:23 definitely seemed simpler than the alternatives 19:23:00 and I have really liked the trend lately of "just use Go/Rust and make it a single static binary", seemingly in backlash to "it's so easy to run! just use this docker-compose.yml" and then the software equivalent of going "yes I cleaned my room, why?" while everyone can see things 3 feet high piled under the carpet 19:28:55 hmm how do I properly boot off the install media (bootonly.iso) while not letting it load hv_hid.ko at rc stage… 19:29:59 because https://i.koumakan.jp/2025-12-29/1767036584.png is not going away :| 19:38:14 Can you boot it in single user mode? 19:38:22 yes 19:38:52 but it's not like I can edit its rc.conf to add the line I need there 19:39:10 since it's iso9660 19:40:00 maybe I could overlay tmpfs somehow... since if you exit the single user shell it runs rc 19:41:21 I had the same problem with my poudriere VM after 15.0-RELEASE upgrade, where disabling hv_hid at least means I get a chance to boot w/o a panic once in 5-10 attempts 19:41:46 which is better than this permanent boot/panic loop with hv_hid :D 19:43:15 Sounds like new .iso is needed 19:49:43 Remilia: blocklist kld's go in loader.conf i thought 19:50:05 rtprio: not when they are loaded during rc stage 19:51:03 rtprio: I am extremely sure that devmatch_blocklist goes in rc.conf and not loader.conf 19:51:22 and you can pretty much see in the screenshot I posted when the panic occurs 19:51:38 can you remove the module? 19:52:10 how do I remove it from bootonly.iso? 19:53:01 what's the host os? 19:53:16 Windows 11 Enterprise 19:53:30 if you were on freebsd it would be mdconfig and mount_cd9660 19:53:44 regrettably I have to be able to do work 19:56:46 TommyC: https://docs.nextcloud.com/server/stable/admin_manual/exapps_management/AppAPIAndExternalApps.html 19:57:10 For the exapps. I’d have to look a little harder for the one tha said they were going to discontinue the old method. 19:59:49 hm. new problem… it seems like the network cuts out for about 3-4 seconds while a vm-bhyve VM is coming up or going down. I wonder if that's a bridge setting 20:01:18 Remilia: module_blacklist is a loader variable tho 20:01:38 rtprio: it does not affect post-boot module loading 20:02:03 what a pain in the ass 20:03:18 (in fact if you check loader.conf(5) it tells you that dependencies present in that list will still be loaded, and you can use loader prompt to load these anyway) 20:03:51 plus it's not like hv_hid is the only issue, something else is horribly wrong when running 15 in Hyper-V 20:04:15 hm, more like 2 seconds really 20:04:22 though interestingly enough, I only get panics at rc stage, once the system gets to the login prompt, it is stable 20:04:51 like, 3-5 hours of poudriere bulk with no issues 20:10:21 Macer: Meh, that's just ExApps. 20:45:33 that's too bad; i ran 14 in hyperv for quite a while... until i formatted windows11 with frewbsd 22:55:03 afterglow: thanks for the example :-) 23:44:27 Remilia: what kind of issues are you seeing on hyperv? also gen1 or gen2? just booted/installed 15.0, not seeing any problems