Welcome to Larvitz Blog! I’m Christian, a Cloud Consultant by day and FreeBSD enthusiast by night, with over 20 years in enterprise IT. Here I write about FreeBSD jails, PF firewalling, self-hosting, Linux system administration, and anything that’s cleanly engineered. Most articles are hands-on guides born from running my own infrastructure, from dual-stack networking and Ansible automation to hosting a Mastodon instance on FreeBSD.

Have a question or want to discuss something? Find me on the Fediverse at @Larvitz@burningboard.net. I’m always happy to chat!

FreeBSD Articles

Thu 25 June 2026
FreeBSD

FreeBSD Foundationals: The Boot Process - From the Loader to Boot Environments

The third in the FreeBSD Foundationals series. This one covers how FreeBSD actually boots: the stages from power-on to login, BIOS vs UEFI, the loader and loader.conf, the difference between read-only tunables and runtime sysctls, the modern way to load kernel modules with kld_list, managing it all safely with sysrc, a practical security-hardening baseline, and - the headline act - boot environments with bectl, the undo button that turns a broken upgrade into a thirty-second reboot.

Sun 21 June 2026
FreeBSD

Monitoring a FreeBSD Mastodon Instance with Prometheus, Grafana, and Loki

How I watch burningboard.net, my multi-jail FreeBSD Mastodon instance, from a separate observer host. A pull-based Prometheus stack reaching exporters across my own AS201379 backbone (locked down at the perimeter firewall, not by binding to unroutable addresses), Loki and Promtail for nginx logs, a textfile collector that fills the gaps FreeBSD exporters leave (ZFS, S3, pkg audit, Mastodon API stats), one Grafana dashboard that tells me at a glance whether the instance is healthy, and an Alertmanager ruleset that emails me before users notice.

Mon 18 May 2026
FreeBSD

mdo on FreeBSD 15: Base-System Privilege Delegation with mac_do

FreeBSD 15 ships mdo(1) and the mac_do(4) policy module in the base system. It replaces sudo and doas for most of my hosts, needs no ports, and configures with a single sysctl. This article walks through enabling it, the rule syntax, a few real examples, and a short detour into the security sysctls I run on every box.

Tue 12 May 2026
FreeBSD

FreeBSD Resource Monitoring, Accounting, and Troubleshooting

A practical tour of FreeBSD’s built-in tools for watching CPU, memory, disk I/O, and network activity, finding the process or jail that is eating your server, and applying per-jail accounting and limits with kern.racct and rctl.

Sun 12 April 2026
FreeBSD

Automating FreeBSD Jails with cdist - Zero Dependencies Inside the Jail

cdist is refreshingly minimal - the target only needs POSIX sh, and the control machine speaks ssh. But cdist expects one ssh endpoint per host, and FreeBSD jails are not normally their own ssh targets. Two small Python wrappers plug cdist into jexec on the host, so configuration state flows into every jail without running a single daemon, agent, or Python interpreter inside the jail itself.

1 of 5
Next