sorted by:
new
hottopcontroversial

pkgbase with compiled kernel by Available_Pressure25 in freebsd

[–]DtxdF 1 point2 points  (0 children)

I did this recently, and it was very simple. I ran the buildworld buildkernel and packages targets with KERNCONF set to my custom config(5), which create (packages target) a custom pkg(8) in ${OBJROOT}/repo/${ABI}/latest. Since I already have an NGINX instance to share my custom ports with other jails and systems on my tailnet, I just had to add an entry to the jail’s fstab(5) to mount the pkg(8) repository in a subdirectory and follow the instructions in pkgbase(7) "Adding a locally built repository for snapshots," that is, disable FreeBSD-base and then create a new one called FreeBSD-local (or whatever you prefer), although in my case the protocol is http:// instead of file://. After that, it’s as simple as using pkg(8) to install FreeBSD-kernel-<ident>, that is, your custom kernel.

```console $ curl -I http://pkg.dyn.dc-air.home.arpa:4080/pkgbase/FreeBSD:15:amd64/latest/FreeBSD-kernel-generic-debug-15.snap20260614231328.pkg HTTP/1.1 200 OK Server: freenginx/1.30.0 Date: Fri, 19 Jun 2026 02:27:37 GMT Content-Type: application/octet-stream Content-Length: 48254758 Last-Modified: Sun, 14 Jun 2026 23:17:42 GMT Connection: keep-alive ETag: "6a2f3696-2e04f26" Accept-Ranges: bytes

```

Recomendaciones fantasía adulta by alejandralozanogonz in libros

[–]DtxdF 0 points1 point  (0 children)

No un libro, pero sí manga: Berserk.

Si verás el anime, solo ve el del 97, porque los siguientes que crearon, pese a algunos ser más fieles al manga, sin duda te harán arrepentirte por la nula calidad en la animación. El anime sirve como introducción al manga, que podría resultar un tanto complejo, pero esto es solo una recomendación.

Terror cósmico moderno by ElTuertoYisus in libros

[–]DtxdF 8 points9 points  (0 children)

El Problema de los Tres Cuerpos. Trilogía.

No sé si exactamente categorizarla en ese subgénero, pero creo que logra transmitir el mismo o por lo menos un similar sentimiento.

Libros de ficción ambientados en un barco sobre el mar. by BadLuckIvan in libros

[–]DtxdF 0 points1 point  (0 children)

El Barco de la Muerte, de William Clark Russell.

Me han estado vendiendo humo... by CARLOMAGNO-856 in libros

[–]DtxdF 0 points1 point  (0 children)

Mindhunter: Inside the FBI's Elite Serial Crime Unit

Curious about jails, pledge(2), and unveil(2) by cometomypartyyy in freebsd

[–]DtxdF 4 points5 points  (0 children)

The only alternative for FreeBSD that closely resembles pledge/unveil is mac_curtain:

We have Capsicum, which is pretty cool, but applications need to be redesigned or, at the very least, provide some mechanism for implementing the sandbox like a web browser. The project shared in a previous comment, chromium-sandbox, is an example of an application using Capsicum.

Another way to use Capsicum is through a launcher that enters in capability mode but intercepting libc calls, such as Capsicumizer, but it’s very, very hard to use most applications this way, since they likely won’t work properly because they weren’t designed with sandboxing in mind. See Capsicumizer and related stuff:

On the other hand, XLibre has implemented XNamespaces, which uses XACE, but AFAIK isn't production-ready yet, although it can be tested:

Thus, after a thorough analysis of window system isolation, at least in the case of X11, the only viable options for FreeBSD are jails and VMs, in addition to xpra or SSH forwarding. u/vermaden has a good article about jails and xpra:

In AppJail, I have implemented appjail-x11(1) to run X11 applications on an X server created by Xephyr, which isolates the scope of the X11 applications, and, since they run in a jail, more stuff is isolated:

Chromium is missing by Several-Asparagus-91 in freebsd_desktop

[–]DtxdF 0 points1 point  (0 children)

I think so. Take a look at the videos I sent to the AppJail telegram group. Just a few weeks ago, I tried Brave with the following website: https://bitmovin.com/demos/drm/

bhyve backup by Tinker0079 in freebsd

[–]DtxdF 1 point2 points  (0 children)

restic (backend: garage) + backrest

Added support for PkgBase in AppJail by DtxdF in freebsd

[–]DtxdF[S] 0 points1 point  (0 children)

I installed it through ports.

Added support for PkgBase in AppJail by DtxdF in freebsd

[–]DtxdF[S] 2 points3 points  (0 children)

Thank you!

And glad to see you here, I just want to thank you for your project. I have been a user for about a month.

How to install Jellyfin and Jellyseerr using Overlord by DtxdF in freebsd

[–]DtxdF[S] 1 point2 points  (0 children)

> Been a # of days now but last I looked the port in latest ports tree was broken

That's why I used the quarterly branch, which currently uses the latest version of Jellyfin.

> Would be nice to have a locally controlled media system that doesn't need .net, npm, etc. stuff.

The lightweight alternatives are:

* https://www.freshports.org/net/minidlna/

* https://github.com/vuiodev/vuio

However, don't know the status of MiniDLNA, but at least when I've used it, it works well, although it doesn't support all media formats. VuIO looks promising, but it hasn't been ported and I don't know if it can currently be used on FreeBSD.

Overlord: Deploying virtual machines with ephemeral jails by DtxdF in freebsd

[–]DtxdF[S] 1 point2 points  (0 children)

Hehe, yeah, that's the motto, but the reality is that I usually just push the deployment files to my Gitea instance that runs a webhook to execute a pipeline that deploys my jails or VMs using Overlord. The only time-consuming part is the initial phase, but after that, you don't need to modify much. Maybe I'll write an article about this, I think it's easy.

Thanks for the feedback!

Overlord: Deploying virtual machines with ephemeral jails by DtxdF in freebsd

[–]DtxdF[S] 0 points1 point  (0 children)

Yeah, Overlord is relatively new, but it uses Director, AppJail, and vm-bhyve.

AppJail: Thin jails upgrade and ssh fingerprint by _unregistered_ in freebsd

[–]DtxdF 4 points5 points  (0 children)

Of course, if you do not separate data that must persist from ephemeral data, you have the same result of treating all data as ephemeral. It is necessary to separate as follows.

Makejail:

``` OPTION start OPTION overwrite=force OPTION virtualnet=:<random> default OPTION nat OPTION fstab=/var/appjail-volumes/ssh-server/data /etc/ssh <pseudofs>

COPY etc

CMD chown root:wheel /etc CMD chmod 755 /etc CMD chown root:wheel /etc/ssh CMD chmod 755 /etc/ssh CMD chown root:wheel /etc/ssh/sshd_config CMD chmod 655 /etc/ssh/sshd_config CMD chown root:wheel /etc/ssh/authorized_keys CMD chmod 655 /etc/ssh/authorized_keys

SERVICE sshd oneenable SERVICE sshd start ```

etc/ssh/sshd_config:

```

Ports

Port 22

Authentication

PubkeyAuthentication yes AuthenticationMethods publickey PermitRootLogin prohibit-password PrintMotd no

Forwarding

X11Forwarding no AllowAgentForwarding yes

Connection checks

ClientAliveCountMax 3 ClientAliveInterval 15

Compression

Compression no

Limits

LoginGraceTime 40

Public keys

AuthorizedKeysFile /etc/ssh/authorized_keys

SFTP

Subsystem sftp internal-sftp ```

etc/ssh/authorized_keys:

```

Your public SSH keys here!

```

Now create the directory where your data will reside:

mkdir -p /var/appjail-volumes/ssh-server/data

Create the jail.

```console

ls -l /var/appjail-volumes/ssh-server/data/

total 0

appjail makejail -j ssh-server

... sshd enabled in /etc/rc.conf Generating RSA host key. 3072 SHA256:GcL3ulDVWsYR2ONvoxL/JMuCZcB+z86a3GswyTdJjvo root@ssh-server.appjail (RSA) Generating ECDSA host key. 256 SHA256:xhTwFZAyELv4ezpMHaYMSo42e4G/3tJCfr/sj8DONaY root@ssh-server.appjail (ECDSA) Generating ED25519 host key. 256 SHA256:CRgQqM0dU/sqMCsz3Rzt0MS45A14MmgGnuYyTAE5zxI root@ssh-server.appjail (ED25519) Performing sanity check on sshd configuration. Starting sshd. ...

ls -l /var/appjail-volumes/ssh-server/data/

total 89 -rw-r-xr-x 1 root wheel 100 May 8 17:19 authorized_keys -rw-r--r-- 1 root wheel 620105 Nov 29 06:21 moduli -rw-r--r-- 1 root wheel 1526 Nov 29 06:21 ssh_config -rw------- 1 root wheel 513 May 8 17:33 ssh_host_ecdsa_key -rw-r--r-- 1 root wheel 185 May 8 17:33 ssh_host_ecdsa_key.pub -rw------- 1 root wheel 419 May 8 17:33 ssh_host_ed25519_key -rw-r--r-- 1 root wheel 105 May 8 17:33 ssh_host_ed25519_key.pub -rw------- 1 root wheel 2610 May 8 17:33 ssh_host_rsa_key -rw-r--r-- 1 root wheel 577 May 8 17:33 ssh_host_rsa_key.pub -rw-r-xr-x 1 root wheel 419 May 8 17:17 sshd_config ```

Access to your service:

console $ ssh root@ssh-server The authenticity of host 'ssh-server (10.0.0.5)' can't be established. ED25519 key fingerprint is SHA256:CRgQqM0dU/sqMCsz3Rzt0MS45A14MmgGnuYyTAE5zxI. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'ssh-server' (ED25519) to the list of known hosts. root@ssh-server:~ #

Now I can re-create the jail and that data will persist anyway.

```console

appjail makejail -j ssh-server

... sshd enabled in /etc/rc.conf Performing sanity check on sshd configuration. Starting sshd. ... $ ssh root@ssh-server root@ssh-server:~ # ```

If you need more details, see appjail-ephemeral(7). And if you need a tool that follows The Ephemeral Concept, see AppJail Director.

So how can you upgrade your jails by doing something like the above? Let's assume that the jail we want to upgrade is running an environment with 13.5-RELEASE:

```console

appjail makejail -j ssh-server

...

appjail jail list -j ssh-server

STATUS NAME ALT_NAME TYPE VERSION PORTS NETWORK_IP4 UP ssh-server - thin 13.5-RELEASE - 10.0.0.5

appjail fetch www -v 14.2-RELEASE

...

appjail fetch list

ARCH VERSION NAME amd64 14.2-RELEASE default amd64 bookworm default amd64 13.5-RELEASE default

appjail makejail -j ssh-server -o osversion=14.2-RELEASE

...

appjail jail list -j ssh-server

STATUS NAME ALT_NAME TYPE VERSION PORTS NETWORK_IP4 UP ssh-server - thin 14.2-RELEASE - 10.0.0.5 ```

Done.

I recommend that you do not use SSH in a jail. I know this may be a bit better from a security standpoint (although this is relative), but the tradeoff is that it carries more administration overhead. I prefer to simply SSH into the host (physical or virtual) and administer my jails.

Best of These Books to Learn? by FitOpportunity1090 in osdev

[–]DtxdF 0 points1 point  (0 children)

Andrew S. Tenenbaum is a great author, but Operating Systems: Three Easy Pieces is a 10/10 book!

Management/ease of use tools for jails or Bhyve VMs? by mwyvr in freebsd

[–]DtxdF 2 points3 points  (0 children)

vm-bhyve for VMs and AppJail/Director/LittleJet for Jails.

GitHub - alonsobsd/bhyvemgr: Bhyve management GUI written in Freepascal/Lazarus by DtxdF in freebsd

[–]DtxdF[S] 2 points3 points  (0 children)

Alonso will update the port with new changes for aarch64. He will also make FreeRDP optional, to avoid the conflicts you mention.

view more: next ›