Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

Articles

Sat 30 May 2026
Linux

Two Sites, One Cluster: My Hetzner Proxmox VE Setup - A low-cost two-node cluster with VXLAN, ZFS replication and an external quorum vote

How I run a single quorate Proxmox VE cluster across two cheap Hetzner dedicated servers in two different datacentres, glued together with Hetzner vSwitches, a VXLAN overlay, an external QDevice for quorum, and one OPNsense firewall per node.

Sun 24 May 2026
Linux

Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman

A walk through the MastoSum deployment pipeline: a version tag triggers Forgejo Actions, builds and signs a UBI-based image, then hands deployment to a rootless systemd/Podman host via a path unit and explicit cosign verification.

Mon 18 May 2026
FreeBSD

mdo on FreeBSD 15: Base-System Privilege Delegation with mac_do

FreeBSD 15 ships mdo(1) and the mac_do(4) policy module in the base system. It replaces sudo and doas for most of my hosts, needs no ports, and configures with a single sysctl. This article walks through enabling it, the rule syntax, a few real examples, and a short detour into the security sysctls I run on every box.

Sat 16 May 2026
Linux

Fedora Hummingbird: Distroless, Container-Native Linux and a Slim mastogreet

Fedora Hummingbird brings the distroless container model to a full, image-based rolling operating system, and it ships a catalog of hardened language images alongside it. I rebuild the mastogreet bot’s Containerfile on top of registry.access.redhat.com/hi/python to see what changes, what shrinks, and where the commercial Red Hat Hardened Images downstream fits in.

Thu 14 May 2026
Linux

Red Hat Offline Knowledge Portal: All the Docs, Air-Gapped, On Your Laptop

The entire Red Hat documentation site and the full Knowledgebase fit into a single OCI container that updates weekly, runs locally with a web UI and Solr search, and is included in every RHEL subscription that bundles Satellite. I have it on my laptop. I use it daily. Almost nobody I talk to knows it exists. This post is my small contribution to fixing that.

1 of 11
Next