Mastodon

Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles


chana_masala.sh: A Recipe as a Shell Script

Some years ago a chana masala arrived in a HelloFresh box and never left the household again. It has since been refactored, hardened, and put under version control. Here is the current release: a chickpea curry for hungry IT people, documented the only way I know how - as a bash script with a proper runbook attached.

A Caching FreeBSD Mirror for DN42: nginx proxy_store, pf, and a Dual-Homed VM

Patching FreeBSD machines inside the DN42 overlay network without giving them clearnet access - a dual-homed VM that lazily caches pkg.freebsd.org, update.freebsd.org, and release tarballs from ftp.freebsd.org with nginx proxy_store, follows CDN redirects server-side, and serves everything over IPv6 into the mesh. Now also available as a public DN42 service at bsdmirror.chofstede.dn42.

Upgrading FreeBSD 15.0-RELEASE to 15.1-RELEASE: The Official Paths

FreeBSD 15.1-RELEASE is here, and the official upgrade instructions depend on whether your system uses distribution sets or packaged base. This guide walks through both supported paths, covers the boot-loader update, and explains the configuration merging process - all based on the official 15.1 upgrading documentation.

FreeBSD Foundationals: The Boot Process - From the Loader to Boot Environments

The third in the FreeBSD Foundationals series. This one covers how FreeBSD actually boots: the stages from power-on to login, BIOS vs UEFI, the loader and loader.conf, the difference between read-only tunables and runtime sysctls, the modern way to load kernel modules with kld_list, managing it all safely with sysrc, a practical security-hardening baseline, and - the headline act - boot environments with bectl, the undo button that turns a broken upgrade into a thirty-second reboot.

Monitoring a FreeBSD Mastodon Instance with Prometheus, Grafana, and Loki

How I watch burningboard.net, my multi-jail FreeBSD Mastodon instance, from a separate observer host. A pull-based Prometheus stack reaching exporters across my own AS201379 backbone (locked down at the perimeter firewall, not by binding to unroutable addresses), Loki and Promtail for nginx logs, a textfile collector that fills the gaps FreeBSD exporters leave (ZFS, S3, pkg audit, Mastodon API stats), one Grafana dashboard that tells me at a glance whether the instance is healthy, and an Alertmanager ruleset that emails me before users notice.