Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles

Wed 03 June 2026
Meta

The AI Stack I Actually Run in 2026: A Laptop iGPU and Four Rented Frontiers

The most interesting thing about AI in 2026 is not which frontier model wins this month’s benchmark. It is that the frontier became a commodity you rent through near-interchangeable clients, while the part with actual craft in it moved onto the integrated Radeon 780M in my laptop. Here is the tiered stack I actually run, with the local layer in detail because that is the unusual part, and the cloud layer kept brief because the pricing is on the vendors’ own pages and will be wrong by autumn.

Mon 01 June 2026
Linux

bcachefs on RHEL 10.2: The Kernel That Said No

A few months ago I bullied RHEL onto a ZFS root and it worked. This time I tried to get bcachefs running on RHEL 10, lost a whole evening to compile errors, and the kernel won. Here is the autopsy, plus what bcachefs actually is and why an out-of-tree filesystem and a conservative enterprise kernel are a terrible couple.

Sat 30 May 2026
Linux

Two Sites, One Cluster: My Hetzner Proxmox VE Setup - A low-cost two-node cluster with VXLAN, ZFS replication and an external quorum vote

How I run a single quorate Proxmox VE cluster across two cheap Hetzner dedicated servers in two different datacentres, glued together with Hetzner vSwitches, a VXLAN overlay, an external QDevice for quorum, and one OPNsense firewall per node.

Sun 24 May 2026
Linux

Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman

A walk through the MastoSum deployment pipeline: a version tag triggers Forgejo Actions, builds and signs a UBI-based image, then hands deployment to a rootless systemd/Podman host via a path unit and explicit cosign verification.

Mon 18 May 2026
FreeBSD

mdo on FreeBSD 15: Base-System Privilege Delegation with mac_do

FreeBSD 15 ships mdo(1) and the mac_do(4) policy module in the base system. It replaces sudo and doas for most of my hosts, needs no ports, and configures with a single sysctl. This article walks through enabling it, the rule syntax, a few real examples, and a short detour into the security sysctls I run on every box.

1 of 12
Next