Larvitz Blog
Mastodon

Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles

FreeBSD Foundationals: The Boot Process - From the Loader to Boot Environments

The third in the FreeBSD Foundationals series. This one covers how FreeBSD actually boots: the stages from power-on to login, BIOS vs UEFI, the loader and loader.conf, the difference between read-only tunables and runtime sysctls, the modern way to load kernel modules with kld_list, managing it all safely with sysrc, a practical security-hardening baseline, and - the headline act - boot environments with bectl, the undo button that turns a broken upgrade into a thirty-second reboot.

Monitoring a FreeBSD Mastodon Instance with Prometheus, Grafana, and Loki

How I watch burningboard.net, my multi-jail FreeBSD Mastodon instance, from a separate observer host. A pull-based Prometheus stack reaching exporters across my own AS201379 backbone (locked down at the perimeter firewall, not by binding to unroutable addresses), Loki and Promtail for nginx logs, a textfile collector that fills the gaps FreeBSD exporters leave (ZFS, S3, pkg audit, Mastodon API stats), one Grafana dashboard that tells me at a glance whether the instance is healthy, and an Alertmanager ruleset that emails me before users notice.

Leaving the Apple Ecosystem: One Fairphone Instead of Two iPhones

For years I carried two iPhones, a personal iPhone 12 and a work iPhone SE, and neither ever felt at home in my Linux and BSD centric life. I finally collapsed both into a single Fairphone Gen6 running Android with separate personal and work profiles. Here is why I picked the Fairphone, how Android slots into a desktop Linux workflow far better than iOS ever did, which apps I kept, which I swapped, why finally being able to read GPG encrypted mail on my phone is a real upgrade, and where the device falls short.

IPv6 Foundations: The Internet Protocol You Should Already Be Using

A laid-back tour through the basics of IPv6: how the addresses are built, how to shorten them without losing your mind, how they map onto the IPv4 you already know, and how hosts configure themselves with SLAAC. Plus a short sidebar on NDP and why blocking ICMP on an IPv6 network is a self-inflicted wound. The premise throughout: IPv6 is the current internet protocol, IPv4 is a relic we are still dragging around, and dual-stack is a burden, not a destination. Updated 2026-06-12 with reader Q&A on privacy addresses, banning abusive clients, NAT64/DNS64, and port forwarding.
  • Sun 07 June 2026
  • DIY

A Monoblock AC Is Only as Good as Its Window Seal

I moved into a top-floor 1970s apartment in one of the warmest corners of Germany, work from home, and needed the office to stay below “thinking is hard now”. A single-hose portable AC is a thermodynamically compromised machine, but most of what makes it bad happens at the window. Here is the personal story, a short detour into why these units leak, and the cheap XPS panel I cut to fix the part that actually matters.