🧵 [3/3] Fortunately, all user data was protected by ZFS (mounted over NFS to the VM on Proxmox VE), so nothing was lost. To prevent such mishaps in the future, the datasets containing the jail and the data now have hourly snapshots as well as daily offsite backups.

🧵 [2/3] MySQL on the old Nextcloud got borked during an attempted upgrade from version 27 to 28 because it was running an old, incompatible version. Unfortunately, the backup I made before the upgrade was for a different VM, so the damage was permanent.

🧵 [1/3] Today I replaced my old (and broken) Nextcloud server with a brand new one, running in an IPv6-only FreeBSD VNET jail, with Nginx as webserver, PostgreSQL as database and Redis for caching.

🧵[2/2] The only drawback is that the usable MTU for IPv4 has been reduced by 40 bytes, but for a backup link that only has an #IPv6 prefix, I think that's a fair tradeoff. 😎.

🧵[1/2] I just set up a backup Internet connection on a customer's firewall, and since their applications require IPv4 while the connection is #IPv6only, I set up a CLAT on the backup router since the ISP does #464XLAT. 😁.

I just finished installing Zabbix Server 7 LTS in a FreeBSD jail running on an HP t610 thin client. This Mini-PC will replace the Zabbix Server 6 LTS FreeBSD VM that I temporarily installed on my Proxmox VE ~5 years ago.

I have just written another blog post, this time about building a reverse proxy on #FreeBSD using #HAProxy and CARP for fault tolerance:. This is what I currently use to access my internal services.

I thought I would write a post about how I replaced the old 4 TB hard drives in my second FreeBSD NAS with some larger 18 TB drives:. Maybe this could even be useful to someone, who knows. 😉.

And now it's time to replace the second drive in the ZFS mirror. Command used: doas zpool replace data-pool /dev/gpt/HDD10 /dev/gpt/HDD23. I am curious to see if ZFS will automatically grow the available size of the pool, we will see in another three and a half hours. 🤔

It's time to replace the old 4TB HDDs in this zpool with new, bigger ones :). Command used: doas zpool replace data-pool /dev/gpt/HDD09 /dev/gpt/HDD22. The drives "HDD09" and "HDD10" are 4TB, the drive "HDD22" is 18TB.

Today I shut down my TrueNAS CORE NAS, swapped the disks and it's now running #FreeBSD 14.2 with all services in bastille jails. There are still a few things I need to document or set up (e.g. zfs replication, monitoring, firewall rules), but all in all it is up and running. 😎

🧵[2/2] The "UP" flags on my VLAN interfaces were missing the whole time, so the bridge interfaces couldn't pass traffic in the first place. 🤡. After fixing this very obvious layer 8 problem by adding ifconfig_igb0_<VLAN-ID>="up" to rc.conf, everything now works as expected. 🥴.

🧵[1/2] I've just spent the last couple of hours debugging my new VLAN bridge network setup for my VNET jails, reading man pages, searching my notes, googling the web, tcpdump, disabling pf, even swapping network cards, only to find that I've managed to overlook one tiny detail:.

🧵 [2/2] In the last 7 weeks, they have all relayed a total of 212TB, which is almost exactly 10MB/s of 24/7 traffic.

🧵 [1/2] Today I've upgraded all my #FreeBSD VMs running my Tor relay jails from 14.1 to 14.2, which only required running freebsd-update, rebooting, editing the fstabs of the bastille jails, and then running freebsd-update again with another reboot.

[2/2].cloned_interfaces="bridge0".ifconfig_re0="up".ifconfig_bridge0_ipv6="inet6 auto_linklocal accept_rtadv addm re0".cloned_interfaces="lo1" #🤡 .ifconfig_lo1_name="bastille0". Reminded me of what a teacher of mine used to say:."The problem usually sits in front of the screen".

[1/2] Yesterday evening I spent over an hour trying to diagnose why FreeBSD wouldn't create the bridge0 interface I specified in /etc/rc.conf not matter what I did. Today I've took another look at it and noticed the following error in my /etc/rc.conf:.

[3/3] Maybe someone at Vodafone finally took a look at the RIPE-690 Best Common Practices document?.

[2/3] This is great new as it allowed me to set up an OpenVPN remote access VPN to their firewall behind the Vodafone router and switch the site-to-site IPSec VPN to my network from IPv4 to IPv6.

[1/3] I just found out that the #IPv6 prefix assigned via DHCPv6 to the firewall behind my parents' ISP router hasn't changed once in the last 2 months. I was under the impression that the IPv6 prefix would change every 24 hours since this is a residential DS-Lite Internet plan.