00:21:41 <aGaTHoS> where can i suggest a package request?
00:33:54 <o0x1eef> bugs.freebsd.org
06:51:59 <mns> Has anyone used pkgbasify to move from 14.3 to 15.0?  I moved to 14.4 but wanted to see about moving to 15.0.
07:00:08 <nimaje> well, https://wiki.freebsd.org/WantedPorts is more appropriate if it is just a request without any work to create the port
07:11:15 <o0x1eef> I maintain an unofficial code-server port fwiw, in case anyone wants it - just updated to v4.111.0 https://github.com/0x1eef/myports/tree/main/freebsd/www/code-server
09:10:37 <crb> is there a latex package in packages?  doing a pkg search latex doesn't seem to show one
09:14:43 <nimaje> pkg which tells me that the latex executable was installed by tex-formats I just installed texlive-full as that is less hassle then thinking about what parts of texlive I could need
11:05:31 <ialokin> anyone has any good tips on getting ipv6 working on a freebsd guest (proxmox) on "#"(/")#=( OVH ? :P
11:07:24 <nimaje> normal   ifconfig_<interface>_ipv6="inet6 accept_rtadv"   doesn't work?
11:10:29 <nimaje> wait, they give you one ipv6 address that changes sometimes instead of SLAAC?
11:10:47 <ialokin> the OVH routing is a mess..
11:11:14 <ialokin> basically the gateway is outside of the allocated /64
11:12:54 <ialokin> nimaje: https://pastebin.com/C7jZkMHb
11:13:34 <ialokin> works from time to time, but mostly NOT :/
11:20:36 <nimaje> no idea, looks correct to me if the addresses and prefix len is correct, ask them why they don't do SLAAC
11:37:32 <dvl> ek / ivy : look what I found https://cgit.freebsd.org/ports/tree/security/openvpn/Makefile#n84
11:38:15 <dvl> .ifdef (LOG_OPENVPN) <== by default, in the OpenVPN code, this is set to LOG_DAEMON
11:39:13 <dvl> Now, for poudriere, I could just define LOG_OPENVPN=LOG_LOCAL6 (for example, as shown on line 132 (same file).
11:41:15 <dvl> I had this thought earlier today: why not modify openvpn to do this...?
11:44:28 <nimaje> hm, but why is that not configurable via the config and only via compile time options? I expect most users to install a package via their package manager
11:52:36 <dvl> https://services.unixathome.org/poudriere/data/150amd64-default-primary/2026-03-15_11h46m11s/logs/openvpn-2.6.19.log
11:53:16 <dvl> Success. OpenVPN is now logging via facility local6 - no more duplicate log enties.
11:54:09 <dvl> nimaje: Yes, the way it is configured, it must be set at built time. Perhaps it is a security consderation.
12:19:51 <dvl> https://dan.langille.org/2026/03/15/hacking-openvpn-to-use-syslog-with-something-other-than-facility-daemon/
12:37:50 <dvl> That logging knob has been there since at least 2009: https://cgit.freebsd.org/ports/commit/security/openvpn/Makefile?id=b222799b625902dec465377894fb3265c7ec0a49
12:42:02 <ek> dvl: Very nice find! I am surprised it's a compile-time option. But, perhaps you're right in the security consideration (although, I'm hard-pressed to think of a good reason behind it.)
12:42:27 <dvl> ek: Don't allow an intruder to change the logging.
12:42:41 <ek> I suppose so.
12:43:13 <ek> I also don't see why this couldn't easily be a port config option either. Surprised that's not a thing, actually. Super easy patch.
12:49:13 <nimaje> which facilities would you then expose as an option? at least LOG_SECURITY LOG_DAEMON and LOG_LOCAL<0-7>
12:51:57 <ek> nimaje: Good question. I suppose that could be entirely up for debate. Or, as dvl did, just specify whatever you'd like in make.conf.
12:53:41 <ek> dvl: Did you end up finding a reasonable solution for the log rotation? Something that doesn't require disconnects each time?
13:30:01 <dvl> nimaje: I uses LOG_LOCAL6 (see bog post above).
13:30:21 <dvl> ek: Yes, specified it in a poudriere make.conf file (see blog post).
13:31:15 <dvl> ek: Yes, the log rotation... is not in the blog post.
13:32:57 <dvl> ek: Log rotation added to that blog post.
13:33:24 <dvl> FYI, I emailed the author of the patch to thank them. So useful and just what was needed.
13:33:28 <dvl> cccccbkvnbghuflftvutkcnkcnjiudegfhfkkcltgneg
13:34:13 <nimaje> dvl: the question was: if exposing LOG_OPENVPN as an option instead as ek suggested, which facilities should be exposed there then? and mostly to show that those 9 you obviously would want to expose are likely the reason it was made into a variable instead of a big list of mutally exclusive options
14:09:22 <dvl> ek: I follow, I would allow any facility usually valid. Let the user decide at run time.
14:09:47 <dvl> ek: Sorry, I follow now. I rushed through your original question; I was about to go out, and now I'm back.
17:04:41 <ek> dvl: Very nice! Blog post is most certainly helpful (as always). Thank you!
17:23:17 <_shard> :b 5
17:38:24 <rwp> ialokin, If the router gateway is not in the subnet then you must add a host route to the network device for it.  That's a typical OVH configuration. Something like ifconfig_vtnet0_ipv6="inet6 2606:4700::6812:46a/128" ipv6_static_routes="lan" ipv6_route_lan="-host 2604:2dc0:202:300::1 -interface vtnet0" ipv6_defaultrouter="2604:2dc0:202:300::1"
20:07:34 <rtprio> those who use poudriere, can you build multiple variants of the same package? how are they identified to be installed after?
20:24:50 <nimaje> you mean with diffrent options? not in the same repo
20:28:32 <rtprio> that sounds like it would get complicted rathre quickly
20:52:48 <nimaje> with sets you can easily have multiple repos, but what is the same between them would still be build multiple times
20:56:24 <skladnayazebra> Ahem, hello guys
21:00:48 <skladnayazebra> join #freebsd-pulse
21:03:06 <dvl> ek: thank you.
21:03:25 <dvl> ek: Next deploy that logging solution to each client.
21:04:47 <dvl> jjil
21:05:31 <skladnayazebra> First time IRC user here, this is so cool yet so disorienting
21:17:10 <heston76> rtprio: I use sets as well, for example I have desktop and servers as individual sets.
23:08:05 <rtprio> what i'm finding a drag is the icinga2 requires postgres, but that hoses the other places i use postgres
23:08:37 <rtprio> except for the one system that needs icinga2 with postgres.
23:15:18 <ek> rtprio: Yeah. Same. :(
23:16:29 <ek> Although, I have been looking for an icinga2 replacement recently. It's pretty crappy how little FBSD is supported by full-fledged monitoring. I also use nagios but I wish it had some sort of historical data. Graphs or something.
23:18:21 <ek> I do kinda like Zabbix but it is one HUNGRY beast.
23:18:33 <ek> And, again, FBSD support isn't all that fantastic.
23:31:20 <rtprio> i find icinga2 works well enough; adding a few of my own plugins is rather effortless
23:32:04 <rtprio> the 'default' nagios checks are.. yeah, don't support freebsd very well
23:32:09 <rwp> I never warmed up to Ichinga2 because it is so Javascript heavy.  I prefer (love and hate) Nagios over Ichinga2.  But all of the cool kids these days are using Prometheus and Grafina which I find to be quite a different thing.
23:32:48 <rtprio> i like that i can manage it with puppet
23:33:01 <rwp> Can't you manage all of them with puppet?
23:33:23 <rtprio> there was something that turned me off to zabbix
23:34:01 <rtprio> i don't know, we used icinga at an old job and i liked it well ehough
23:35:04 <ek> rwp: I like Prometheus with Grafana, but also VERY resource hungry (in my experience). Especially if the DB isn't set to dump data. More than 2 weeks of historical data would take like 2 minutes to load via Grafana. Drove me nuts.
23:35:53 <ek> Not to mention the lack of FBSD templates available. Some work, some don't, but there's only like 5 (3 or which are for FreeNAS/TrueNAS which also only partially work.)
23:36:21 <ek> I've tried Munin, no dice there. Monit kind of works, but not what I'm looking for.
23:36:22 <rtprio> iirc i found grafana really frustrating to add graphs / do useful inquriries
23:36:30 <ek> I need to check out Netdata, apparently.
23:36:43 <rtprio> netdata seemed to consume quite a few resources
23:36:46 <ek> rtprio: Yes. For sure. It was a ton of work for very little return.
23:37:01 <ek> Yeah. It's next on my list to poke around on.
23:38:00 <rwp> ek, I use Monit everywhere I need to monitor and take action upon conditions.  It could be better but it is not terrible.
23:38:03 <rtprio> but thanks to dvl i have a warning in icinga because of pkg audit
23:38:18 <ek> The old pisg/php4nagios/nagiosgraph thing used to work pretty great but it hasn't been maintained in so long PHP8 breaks it.
23:38:24 <rwp> I use Munin for resource trends but if you have a lot of systems then cactus is better.
23:39:12 <rtprio> oh, i remember cacti... i liked it at the time but i do not enjoy keeping php scripts running anymore
23:39:59 <ek> Yep. Cacti was alright. Simple little RRD graphs. Worked okay.
23:40:00 <rwp> It's just the scaling thing.  Too many graphs all on one machine makes Munin bog down.
23:40:14 <ek> rwp: That's what I was seeing.
23:40:40 <ek> Same with Prometheus/Grafana as well as Zabbix.
23:40:47 <rwp> Newer Munin installations use an on-demand graph creation to avoid generating graphs all of the time that are not being viewed.  It's a good direction to go.
23:41:04 <ek> That would be nice.
23:41:20 <dvl> rtprio: there was a discussion about muting certain pkg-audit alerts. I haven't implemented it yet. There was talk on bsd.network about it.
23:41:29 <rwp> I have not used Zabbix and know nothing about it.
23:41:33 <ek> I think it had more to do with the amount of data that being graphed. Gotta find a good mid point.
23:42:17 <ek> If I kept 3+ months of data, it would take tons of time to load stuff.
23:43:16 <rtprio> yes, i'm observing it would be nice to only keep the alert active if there's a package to upgrade to