Mastodon

Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles


A Caching FreeBSD Mirror for DN42: nginx proxy_store, pf, and a Dual-Homed VM

Patching FreeBSD machines inside the DN42 overlay network without giving them clearnet access - a dual-homed VM that lazily caches pkg.freebsd.org, update.freebsd.org, and release tarballs from ftp.freebsd.org with nginx proxy_store, follows CDN redirects server-side, and serves everything over IPv6 into the mesh. Now also available as a public DN42 service at bsdmirror.chofstede.dn42.

Upgrading FreeBSD 15.0-RELEASE to 15.1-RELEASE: The Official Paths

FreeBSD 15.1-RELEASE is here, and the official upgrade instructions depend on whether your system uses distribution sets or packaged base. This guide walks through both supported paths, covers the boot-loader update, and explains the configuration merging process - all based on the official 15.1 upgrading documentation.

FreeBSD Foundationals: The Boot Process - From the Loader to Boot Environments

The third in the FreeBSD Foundationals series. This one covers how FreeBSD actually boots: the stages from power-on to login, BIOS vs UEFI, the loader and loader.conf, the difference between read-only tunables and runtime sysctls, the modern way to load kernel modules with kld_list, managing it all safely with sysrc, a practical security-hardening baseline, and - the headline act - boot environments with bectl, the undo button that turns a broken upgrade into a thirty-second reboot.

Monitoring a FreeBSD Mastodon Instance with Prometheus, Grafana, and Loki

How I watch burningboard.net, my multi-jail FreeBSD Mastodon instance, from a separate observer host. A pull-based Prometheus stack reaching exporters across my own AS201379 backbone (locked down at the perimeter firewall, not by binding to unroutable addresses), Loki and Promtail for nginx logs, a textfile collector that fills the gaps FreeBSD exporters leave (ZFS, S3, pkg audit, Mastodon API stats), one Grafana dashboard that tells me at a glance whether the instance is healthy, and an Alertmanager ruleset that emails me before users notice.

Leaving the Apple Ecosystem: One Fairphone Instead of Two iPhones

For years I carried two iPhones, a personal iPhone 12 and a work iPhone SE, and neither ever felt at home in my Linux and BSD centric life. I finally collapsed both into a single Fairphone Gen6 running Android with separate personal and work profiles. Here is why I picked the Fairphone, how Android slots into a desktop Linux workflow far better than iOS ever did, which apps I kept, which I swapped, why finally being able to read GPG encrypted mail on my phone is a real upgrade, and where the device falls short.