Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles

Fri 24 April 2026
Networking

Joining DN42: A MikroTik Border, Three WireGuard Peerings, and a FreeBSD Jail in the Hobbyist Internet

Building a DN42 node from scratch - registering AS4242422539 and fdce:73f7:a2dc::/48 in the registry, configuring a MikroTik border router with three WireGuard peerings and BGP filters, running a FreeBSD bastille jail as authoritative DNS for chofstede.dn42, and reaching the rest of the hobbyist mesh in two hops.

Thu 16 April 2026
Networking

Running Your Own AS: Direct Hetzner Peering, a Fourth Edge, and Bringing the Home LAN into the Fabric

Part 4 of the AS201379 journey: adding a fourth FreeBSD edge router at iFog with FogIXP peering, establishing direct BGP sessions with Hetzner, bringing the home network into the AS via an iBGP-speaking MikroTik, and a little traffic engineering to steer Deutsche Telekom traffic over Vultr.

Sun 12 April 2026
FreeBSD

Automating FreeBSD Jails with cdist - Zero Dependencies Inside the Jail

cdist is refreshingly minimal - the target only needs POSIX sh, and the control machine speaks ssh. But cdist expects one ssh endpoint per host, and FreeBSD jails are not normally their own ssh targets. Two small Python wrappers plug cdist into jexec on the host, so configuration state flows into every jail without running a single daemon, agent, or Python interpreter inside the jail itself.

Sat 11 April 2026
Linux

Replacing Lenovo’s WWAN Unlock Blob with a 100-Line Bash Script

My ThinkPad T14s shipped with an Intel XMM7560 LTE modem that would not register on the network until Lenovo’s proprietary FCC-unlock helper ran. I replaced it with a roughly 100-line bash script from a ModemManager merge request, and along the way learned that the “unlock” is just a small challenge-response handshake that is easy to explain in plain shell.

Mon 06 April 2026
FreeBSD

Podman on FreeBSD: OCI Containers Without systemd

Podman runs on FreeBSD too - but without systemd, the workflow is different. This follow-up to my Linux Podman deep dive covers how to run both native FreeBSD and Linux OCI containers on FreeBSD, how container lifecycle management works without Quadlets, and how Podman complements Jails rather than replacing them.

1 of 9
Next