where can i suggest a package request?

bugs.freebsd.org

Has anyone used pkgbasify to move from 14.3 to 15.0? I moved to 14.4 but wanted to see about moving to 15.0.

well, wiki.freebsd.org/WantedPorts is more appropriate if it is just a request without any work to create the port

I maintain an unofficial code-server port fwiw, in case anyone wants it - just updated to v4.111.0 github.com/0x1eef/myports/tree/main/freebsd/www/code-server

is there a latex package in packages? doing a pkg search latex doesn't seem to show one

pkg which tells me that the latex executable was installed by tex-formats I just installed texlive-full as that is less hassle then thinking about what parts of texlive I could need

anyone has any good tips on getting ipv6 working on a freebsd guest (proxmox) on "#"(/")#=( OVH ? :P

normal ifconfig_<interface>_ipv6="inet6 accept_rtadv" doesn't work?

wait, they give you one ipv6 address that changes sometimes instead of SLAAC?

the OVH routing is a mess..

basically the gateway is outside of the allocated /64

nimaje: pastebin.com/C7jZkMHb

works from time to time, but mostly NOT :/

no idea, looks correct to me if the addresses and prefix len is correct, ask them why they don't do SLAAC

ek / ivy : look what I found cgit.freebsd.org/ports/tree/security/openvpn/Makefile#n84

.ifdef (LOG_OPENVPN) <== by default, in the OpenVPN code, this is set to LOG_DAEMON

Now, for poudriere, I could just define LOG_OPENVPN=LOG_LOCAL6 (for example, as shown on line 132 (same file).

I had this thought earlier today: why not modify openvpn to do this...?

hm, but why is that not configurable via the config and only via compile time options? I expect most users to install a package via their package manager

Success. OpenVPN is now logging via facility local6 - no more duplicate log enties.

nimaje: Yes, the way it is configured, it must be set at built time. Perhaps it is a security consderation.

That logging knob has been there since at least 2009: cgit.freebsd.org/ports/commit/secur…99b625902dec465377894fb3265c7ec0a49

dvl: Very nice find! I am surprised it's a compile-time option. But, perhaps you're right in the security consideration (although, I'm hard-pressed to think of a good reason behind it.)

ek: Don't allow an intruder to change the logging.

I suppose so.

I also don't see why this couldn't easily be a port config option either. Surprised that's not a thing, actually. Super easy patch.

which facilities would you then expose as an option? at least LOG_SECURITY LOG_DAEMON and LOG_LOCAL<0-7>

nimaje: Good question. I suppose that could be entirely up for debate. Or, as dvl did, just specify whatever you'd like in make.conf.

dvl: Did you end up finding a reasonable solution for the log rotation? Something that doesn't require disconnects each time?

nimaje: I uses LOG_LOCAL6 (see bog post above).

ek: Yes, specified it in a poudriere make.conf file (see blog post).

ek: Yes, the log rotation... is not in the blog post.

ek: Log rotation added to that blog post.

FYI, I emailed the author of the patch to thank them. So useful and just what was needed.

cccccbkvnbghuflftvutkcnkcnjiudegfhfkkcltgneg

dvl: the question was: if exposing LOG_OPENVPN as an option instead as ek suggested, which facilities should be exposed there then? and mostly to show that those 9 you obviously would want to expose are likely the reason it was made into a variable instead of a big list of mutally exclusive options

ek: I follow, I would allow any facility usually valid. Let the user decide at run time.

ek: Sorry, I follow now. I rushed through your original question; I was about to go out, and now I'm back.

dvl: Very nice! Blog post is most certainly helpful (as always). Thank you!

:b 5

ialokin, If the router gateway is not in the subnet then you must add a host route to the network device for it. That's a typical OVH configuration. Something like ifconfig_vtnet0_ipv6="inet6 2606:4700::6812:46a/128" ipv6_static_routes="lan" ipv6_route_lan="-host 2604:2dc0:202:300::1 -interface vtnet0" ipv6_defaultrouter="2604:2dc0:202:300::1"

those who use poudriere, can you build multiple variants of the same package? how are they identified to be installed after?

you mean with diffrent options? not in the same repo

that sounds like it would get complicted rathre quickly

with sets you can easily have multiple repos, but what is the same between them would still be build multiple times

Ahem, hello guys

join #freebsd-pulse

ek: thank you.

ek: Next deploy that logging solution to each client.

jjil

First time IRC user here, this is so cool yet so disorienting

rtprio: I use sets as well, for example I have desktop and servers as individual sets.

what i'm finding a drag is the icinga2 requires postgres, but that hoses the other places i use postgres

except for the one system that needs icinga2 with postgres.

rtprio: Yeah. Same. :(

Although, I have been looking for an icinga2 replacement recently. It's pretty crappy how little FBSD is supported by full-fledged monitoring. I also use nagios but I wish it had some sort of historical data. Graphs or something.

I do kinda like Zabbix but it is one HUNGRY beast.

And, again, FBSD support isn't all that fantastic.

i find icinga2 works well enough; adding a few of my own plugins is rather effortless

the 'default' nagios checks are.. yeah, don't support freebsd very well

I never warmed up to Ichinga2 because it is so Javascript heavy. I prefer (love and hate) Nagios over Ichinga2. But all of the cool kids these days are using Prometheus and Grafina which I find to be quite a different thing.

i like that i can manage it with puppet

Can't you manage all of them with puppet?

there was something that turned me off to zabbix

i don't know, we used icinga at an old job and i liked it well ehough

rwp: I like Prometheus with Grafana, but also VERY resource hungry (in my experience). Especially if the DB isn't set to dump data. More than 2 weeks of historical data would take like 2 minutes to load via Grafana. Drove me nuts.

Not to mention the lack of FBSD templates available. Some work, some don't, but there's only like 5 (3 or which are for FreeNAS/TrueNAS which also only partially work.)

I've tried Munin, no dice there. Monit kind of works, but not what I'm looking for.

iirc i found grafana really frustrating to add graphs / do useful inquriries

I need to check out Netdata, apparently.

netdata seemed to consume quite a few resources

rtprio: Yes. For sure. It was a ton of work for very little return.

Yeah. It's next on my list to poke around on.

ek, I use Monit everywhere I need to monitor and take action upon conditions. It could be better but it is not terrible.

but thanks to dvl i have a warning in icinga because of pkg audit

The old pisg/php4nagios/nagiosgraph thing used to work pretty great but it hasn't been maintained in so long PHP8 breaks it.

I use Munin for resource trends but if you have a lot of systems then cactus is better.

oh, i remember cacti... i liked it at the time but i do not enjoy keeping php scripts running anymore

Yep. Cacti was alright. Simple little RRD graphs. Worked okay.

It's just the scaling thing. Too many graphs all on one machine makes Munin bog down.

rwp: That's what I was seeing.

Same with Prometheus/Grafana as well as Zabbix.

Newer Munin installations use an on-demand graph creation to avoid generating graphs all of the time that are not being viewed. It's a good direction to go.

That would be nice.

rtprio: there was a discussion about muting certain pkg-audit alerts. I haven't implemented it yet. There was talk on bsd.network about it.

I have not used Zabbix and know nothing about it.

I think it had more to do with the amount of data that being graphed. Gotta find a good mid point.

If I kept 3+ months of data, it would take tons of time to load stuff.

yes, i'm observing it would be nice to only keep the alert active if there's a package to upgrade to