Ever wonder what happens when you outgrow a single BGP router? I wrote a deep dive on building a multi-homed, two-PoP distributed network using FreeBSD, FRR, and iBGP.
Includes the stateless PF rules you need to survive asymmetric routing!
blog.hofstede.it/running-your...
#BGP #IPv6 #FreeBSD
The page of our Mastodon instance burningboard.net is now bilingual, offering english for international visitors.
It features introductions to Mastodon as well as information about our philosophy, rules and more.
See it here:
meta.burningboard.net
#socialmedia #mastodon #fediverse
Got my own AS and IPv6 /48 from RIPE. Set up a FreeBSD BGP router with FRR, built tunnels to distribute prefixes to servers, and used dual-FIB policy routing so jails can speak from both provider and BGP addresses.
blog.hofstede.it/running-your...
#FreeBSD #BGP #IPv6 #Networking #SelfHosted
New post: PF Firewall on FreeBSD - A Practical Guide
Macros, tables, brute-force protection, NAT for jails, dual-stack rules, and authpf for bastion hosts. Real configs from production servers.
blog.hofstede.it/pf-firewall-on-freebsd-a-practical-guide/
#FreeBSD #PF #Firewall #SysAdmin #IPv6
I finally dove into the world of Immutable/Atomic Linux Desktops.
Universal Blue (Aurora/Bazzite) is doing for the desktop what CoreOS did for servers.
My analysis of the stack (OSTree, bootc) and why I think this is the future: blog.hofstede.it/immutable-li...
#linux #fedora #devops
I’ve documented a clean, native way to join FreeBSD 15 to a FreeIPA realm. Pure Kerberos (GSSAPI). Lightweight LDAP (nslcd). No local user management.
Keep your base system sane.
blog.hofstede.it/integrating-...
#FreeBSD #SysAdmin #FreeIPA #OpenSource
Self-hosting CryptPad on FreeBSD with VNET jails, PF, and Caddy.
End-to-end encrypted docs, isolated, selective port exposure, and hard-won lessons from a real deployment.
Privacy-first collaboration the FreeBSD way.
blog.hofstede.it/self-hosted-...
#FreeBSD #SelfHosting #Privacy #CryptPad
GeoIP-Aware Firewalling with PF on FreeBSD
My mail server now filters client ports by geography - SMTP stays global, but IMAP only accepts connections from Central Europe.
Result: 90% fewer brute-force attempts.
blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
#freebsd #devops #admin
New blog post: I wrote an Ansible connection plugin for FreeBSD jails. Manage jails without SSH inside each one - connects to the host and uses jexec, just like you would manually.
blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
#freebsd #ansible #devops
Running FreeBSD 15 on Proxmox? If your static IPs are failing, it's a version mismatch: Proxmox speaks cloud-init v1, but FreeBSD's new nuageinit expects v2.
I wrote a script to generate the correct v2 config ISOs and bridge the gap.
blog.hofstede.it/freebsd-15-c...
#FreeBSD #Proxmox #SysAdmin
New post: AI-assisted Linux troubleshooting with linux-mcp-server
Your AI can now directly query system info, services, logs & network state instead of you copy-pasting outputs back and forth.
blog.hofstede.it/interactive-...
#Linux #AI #MCP #RHEL #Fedora #SysAdmin #OpenSource
A split-screen view of a developer workspace. Right side: A Neovim code editor showing an Ansible playbook. The highlighted task uses the containers.podman.podman_container module with state: quadlet to deploy a rootless UBI9 web server. Left side: A terminal window showing the playbook execution. The output shows successful tasks (green and yellow) and ends with a cat command displaying the generated systemd Quadlet file, confirming 'AutoUpdate=registry' is set.
Stop scripting podman run.
I switched my RHEL ops to Ansible + Podman Quadlets. Instead of managing containers manually, Ansible defines them as native systemd services (state: quadlet).
Result? Rootless, auto-updating, and zero drift. This is the modern standard.
#RHEL #Ansible #Linux #Podman
New post: Self-hosting a static blog on FreeBSD 15.0 with Bastille, Caddy, PF, and CI/CD deployment.
Covers the full stack, from jail isolation to restricted rsync. Simpler than containers.
blog.hofstede.it/hosting-a-static-blog-on-freebsd-with-bastille-jails-and-automated-deployment/
#freebsd
Just migrated my blog (blog.hofstede.it) to a native BSD stack!
- #BastilleBSD (Jails)
- Caddy (TLS, Reverse-Proxy)
- Nginx (Blog / Static files)
- PF (Firewall)
My Forgejo runner deploys via rrsync into an "transport" jail, which nullfs mounts the web root.
#freebsd #it #devops #sysadmin
FreeBSD + BastilleBSD + Mastodon = ❤️
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
blog.hofstede.it/migrating-bu...
#freebsd #mastodon #jails #bastillebsd #pf
If you want to build production level container deployment without @kubernetesio, Quadlets might be the answer! Check out this blog from @hofstede.io :
blog.hofstede.it/production-g... #podman #opensource
Fedora Linux 43 was released: fedoraproject.org
I run the beta/rc since early September and so far, it's absolutely rock-solid and stable!
Amazing release. I tip my fedora for all the people at @fedora.fosstodon.org.ap.brid.gy
#linux #fedora #fedora43 #linux #foss
Just published a FreeBSD Cheat Sheet for Linux Admins with 100+ command translations.
Covers hardware info, networking (sockstat is so much cleaner than ss!), ZFS operations, and those little differences that trip you up.
codeberg.org/Larvitz/gist...
#FreeBSD #Linux #SysAdmin #DevOps
Ever wondered which SSH keys are lurking on your servers?
Just published an Ansible playbook that audits your servers for SSH keys!
- Detects unprotected private keys
- Lists all pubkeys for root and users
- Comprehensive reporting
codeberg.org/Larvitz/gist...
#linux #ansible #devops #itsec
Released my Ansible JailExec Plugin for FreeBSD! Effortlessly automate jails via host SSH with jls & jexec, no direct jail SSH required.
📂 GitHub: github.com/chofstede/an...
📂 Codeberg: codeberg.org/Larvitz/ansi...
#FreeBSD #Ansible #DevOps
There goes my weekend 😆
Nice. Put that on my todo list. Thank you
After months of tweaking, I've got my Neovim setup dialed in for Ansible work. Complete LSP support, auto-linting, and zero-config startup. Sharing it in case other DevOps folks find it useful: codeberg.org/Larvitz/nvim...
#linux #ansible #devops #python #vim
Windows hackers, unite! Red Hat Enterprise Linux 10 blasts into WSL2 - enterprise stability meets Windows flexibility. Podman, systemd, all in your backyard. No dual-boot drama! Get started: developers.redhat.com/articles/202... #RHEL10 #WSL2 #RedHat #LinuxDev #Linux #Windows
Diving into RHEL 10's enhanced podman with quadlet: Define systemd units for containers via .container files—immutable, auto-restart on boot. Hack: Layer in custom seccomp profiles for zero-trust. Enterprise meets edge computing finesse! #RHEL10 #RedHat #Containers #LinuxHacks
Screenshot von der Deutschen Bahn (Buchungssystem). Das Sparpreis Ticket ist teuerer als der Flex-Preis, trotz deutlich schlechterer Bedingungen.
Was zur Hölle, Deutsche Bahn?!
Der Sparpreis mit Zug-Bindung und ohne City-Ticket ist **teuerer** als das Flex-Ticket, mit dem ich den ganzen Tag fahren kann und ein City-Ticket inklusive habe?!!!!
#db #bahn #zug #reisen #allebekloppt
Why did the global IT system break down a year ago on 19/July/2024?
Because CrowdStrike released an update that was so good at finding threats, it found a threat in itself and decided to take a much-needed, worldwide coffee break! 🤣
"Gem Pack Vol. 2" Pokemon card booster in simplified chinese from mainland China 🇨🇳
Pokemon Cards: - 1x Umbreon V - 1x Vaporeon Holo (Star-Pattern) - 1x Flareon Holo (Pokeball Pattern) - 1x Umbreon Holo (Type Pattern)
This weeks Pokémon booster opening is something different. Not Destinied Rivals like the past weeks.
"Gem Pack Vol. 2" in simplified chinese from mainland China 🇨🇳
Not the best pull in the wold, but two new cards, that were still missing. Gonna catch em all!
#pokemon #pokemontcg #tcg #games #fun
Tony Hawk’s Pro Skater 1 (Remake) running on the Steam-Deck. Just having some old school fun, rocking tricks with the board :)
Amazing, how much of the tricks is still in my muscle memory. I played that game and its successor *a lot* in the late 1990s on […]
[Original post on burningboard.net]
welche KI fehlt noch in meiner App Sammlung?
