G's Blog

Reader

Read the latest posts from G's Blog.

from G's Blog

Keeping FreeBSD up-to-date on Raspi-B from Linux (#100DaysToOffload Day31)

So if you follow my blog/fediverse account you know that i've started using FreeBSD on some RapberryPi Model B's i had around(that's down to 1 now...) as some in home servers. The remaining one hosts my gopher space and a disposable mailbox service. The trouble I've had was that the only way to upgrade between releases was to either build from source on the Pi(haha who's got time for that) or start from scratch with a new image every time. Had to come up/find another option.

Thanks to @mpts@mastodon.social who pointed me to an article about just this. Mind you the article is about FreeBSD 11 but same process applies. So i set off to get this going. First attempt was to do it from my little Dell laptop. While it worked it took like 2 and a half hours to build world+kernel. Had to be a faster way. Not that this needs to be done often but still. Then it hit me. I can use Qemu on my linux PC to setup and use FreeBSD. So i did just that. This post will detail the steps i took to get this accomplished. The time savings are well worth it in my case. So lets get started.

Step 1 is to create the disk image. This is done like so

qemu-img create -f qcow2 -o preallocation=full FreeBSD.img 64G

Since i only plan on using this to build for the Raspberry Pi 64gb should be more than enough. Preallocation will speed things up a little by having the file at it's max size and not having it take time to expand as it needs.

Step 2 is to grab the 64-bit installer image for FreeBSD 12.2 and use that to install FreeBSD in our VM.

We start Qemu like so to boot the installer.

qemu-system-x86_64 -vga std -smp cores=8 -machine accel=kvm -m 4096 -hda FreeBSD.img -cdrom FreeBSD-12.2-RELEASE-amd64-disc1.iso -name "FreeBSD" -rtc base=localtime -boot d

This will create/boot a VM with 8 processors/cores and 4g of ram using our image created above as the hard disk. We can then step through the installation as normal. The defaults are good enough for this use.

After the install is finished we can power down the VM and start it back up without the cd mounted like so

 qemu-system-x86_64 -vga std -smp cores=8 -machine accel=kvm -m 4096 -hda FreeBSD.img -name "FreeBSD" -rtc base=localtime 

The rest of this is taken directly from the article linked above and adapted to build 12.2 instead of 11.

So Step 3 is to grab the FreeBSD source.

cd /usr/src
svn checkout https://svn.freebsd.org/base/releng/12.2

Once this has completed we can start the build

make -j9 TARGET_ARCH=armv6 UBLDR_LOADADDR=0x2000000 buildworld

It is important to set the UBLDR_LOADADDR variable otherwise the system wont boot.

On my system this took about about 30 minutes.

Once that is down we build the kernel

make -j9 TARGET_ARCH=armv6 KERNCONF=RPI-B buildkernel

This took about 5 minutes for me.

Now came the next part i knew i would have to figure out. How to mount the Pi's SD card in Qemu. After some searching i found how to do this using USB pass-throught. First step is to find the device by using lsusb

Bus 004 Device 003: ID 0480:0212 Toshiba America Inc External USB 3.0
Bus 004 Device 002: ID 0480:0212 Toshiba America Inc External USB 3.0
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 1058:1230 Western Digital Technologies, Inc. My Book (WDBFJK)
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 17f6:0821 Unicomp, Inc R6_0_Trackball_v3_45
Bus 001 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver
Bus 001 Device 009: ID **1908:0226** GEMBIRD 
Bus 001 Device 004: ID 1058:0827 Western Digital Technologies, Inc. My Passport 0827
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Note the bolded vendor/product ID above. The resulting command is then

qemu-system-x86_64 -vga cirrus -smp cores=8 -machine accel=kvm -m 4096 -hda FreeBSD.img -device usb-ehci,id=ehci -device usb-host,bus=ehci.0,vendorid=0x**1908**,productid=0x**0226** -name "FreeBSD" -rtc base=localtime

Notice the same bolded vendor/product id's. This will allow access to that USB device from the FreeBSD VM just as if it was connected to a physical pc.

Now we keep going with the install of the kernel/world we just built.

First we mount the SD card

mount /dev/da0s2a /mnt

Device name might differ.

Then the install steps

make TARGET_ARCH=armv6 KERNCONF=RPI-B DESTDIR=/mnt installkernel
mergemaster -p -A armv6 -D /mnt
make TARGET_ARCH=armv6 DESTDIR=/mnt installworld
mergemaster -iF -A armv6 -D /mnt
make TARGET_ARCH=armv6 DESTDIR=/mnt delete-old
make TARGET_ARCH=armv6 DESTDIR=/mnt delete-old-libs

This takes very little time overall. The biggests steps in a way are the 2 mergemaster commands as you have to pay attention to the files so you don't wipe your configurations.

Once that is all done we simply unmount the SD card, put it in the Pi and power it on. If all went well we should have a Pi booted up with the latest release of FreeBSD-12.2.

That's all for now.

Until next time. Be Safe!

@mgrondin@youdabomb.social

#Tech #FreeBSD

 
Read more...

from G's Blog

Weekly Music Review ( #100DaysToOffload Day 30)

So this one is a little late again. Sorry about that.

For the past week or so i've been listening to Calypso Drip FM by Gryff. There was no surprise here to be honest. Based on the album cover and the description it was pretty much exactly what i expected. It very much reminded me of driving around playing GTA: Vice City or something. All around a great album to drive to for real. Upbeat all the way with just the right vibe. Really check it out.

For the next album i have chosen Why Don't You Dance by PanicBasket. This looks like a fun little album and based on the first song along i think i will enjoy very much. It's a return to some Metal after a few Synthwave offerings. Lets see what it brings.

On another note i'm not sure how much longer i will keep these weekly reviews going. As much as i enjoy them they add up at the end of the month. And i'm not sure i can really call them “reviews” since they are mostly very short. So i will also spend the next week considering if i'm going to keep these going or maybe make them bi-weekly or drop them all together.

I started doing this for a few reasons. First to give me something to blog about and secondly because i truly love music and am always looking for something new. While doing these has satisfied both those things the money each week adds up.

Anyways that is all for now.

Until next time. Be Safe!

@mgrondin@youdabomb.social

 
Read more...

from G's Blog

Weekly Music Review and Fixing an error ( #100DaysToOffload Day 29)

So this “review” is technically a week late. After the last post i neglected to pick up the new album and did not realize until the end of the week.

So for the last week i've been listening to Daze of the Future by Mr. 45. If you recall i picked this album from the surprise me section of Bandcamp and i must say i was very pleased with it. It's a bit more on the dark side which is part of what i enjoyed about it. I guess i don't have much else to say about it than that. It's some good (dark)synthwave music which is just what i'm into these days.

Onto the next one which i've already picked up to avoid the same situation as last time. This week i'll be listening to Calypso Drip FM by Gryff. This is a debut album which makes it that much more worth a listen. I picked it for 2 reasons.

  1. The cover is very inviting.
  2. The description of the inspiration for this album is something i can really appreciate.

Lets see where it goes.


As some of you may know i run my own Git using Sourcehut. See Part 1 and Part 2 of my adventure getting it setup.

Well a little while ago i messed up the actual Git part. What caused the mess up was letting it fall too many versions behind and got me to this mess. You can see my posts and “solution” at the bottom of that. I'll summarize. When the latest version was trying to apply the DB migrations it was running into a situation of needing a later migration applied before the “next” one. So my “solution to this was to force re-order the process. This did get everything to apply but left me in such a state that i needed to re-force that order with each update. It would result in this

upgrading git.sr.ht 100%
INFO  [alembic.runtime.migration] Context impl PostgresqlImpl.
INFO  [alembic.runtime.migration] Will assume transactional DDL.
INFO  [alembic.runtime.migration] Context impl PostgresqlImpl.
INFO  [alembic.runtime.migration] Will assume transactional DDL.
ERROR [alembic.util.messaging] Requested revision d42e577c5dcd overlaps with other requested revisions c167cf8a1271
FAILED: Requested revision d42e577c5dcd overlaps with other requested revisions c167cf8a1271
error: command failed to execute correctly

I lived with this for a while then it hit me. That revision must be stored somewhere in the DB and i just need to correct that and all should be good. It was truly that simple. In the git.sr.ht DB there is a alembic_version table. This table should only contain 1 row. The latest migration applied. In my case it contained 2. So the real solution was to delete the 2nd row(the one not matching up with the latest revision). Once this was done everything went just fine with the next update of git.sr.ht. So the moral of this story is to keep things up-to-date. Especially when something is considered in alpha status.

That is all for now.

Until next time. Be safe!

@mgrondin@youdabomb.social

#Music #Tech #SelfHost

 
Read more...

from G's Blog

A Quick and Dirty DNS server using FreeBSD ( #100DaysToOffload Day 28)

In today's post i'm going to show you how to setup up something i should have done a long time ago. Knowing now how easy it could be. What is this thing? Setting up a in-home DHCP/DNS server. At first i was just looking for a DNS server thinking like a Pi-Hole but i knew i wanted to use FreeBSD as the OS. I want to use BSD's more mainly just to learn about them not because i think they are better(yet). FreeBSD is my choice simply because i've had the best experience with it. This would work from any of the BSD's but some step might differ a little. So Looking around i found out that the “Pi-Hole” only runs on linux. Looking a little further i found out that a Pi-Hole really is just a DNS server plus a block list. Doing this also means i don't have to maintain a host file on each device i own.

Enter dnsmasq

This little piece of software is just what i was looking for. Plus it's also a DHCP and TFTP server. And it's native to BSD's(It can also be found on linux).

The setup was quite easy. I am using a Raspberry Pi Model B rev 2(A second one i had laying around) for now but this is going to be upgraded to something else as it does struggle a little. But it is very usable and any slow downs are only noticeable when the TTL of the DNS record expires.

So step one was to flash the SD card with the FreeBSD image this i did using dd from my linux PC

dd if=FreeBSD-12.1-RELEASE-arm-armv6-RPI-B.img of=/dev/sdX

Pop that in the Pi and boot it up. I always do the initial Pi boot up with it connected to a display just in case something goes wrong and plus then i don't have to try and look at DHCP lease tables to find out what the IP address of it is.

After initial boot next task should be to change the default password(s) for root account and freebsd account. You can do that using the same passwd command as on linux.

Next you really should set a static IP on any server and also set a hostname to do that on FreeBSD you edit /etc/rc.confand add these lines

hostname="hyperion"
ifconfig_ue0="inet 192.168.2.6 netmask 255.255.255.0"
defaultrouter="192.168.2.1"

ue0 above is the name of the network interface. This could be different on your system. You can find the interface name using the ifconfig command.

Now i know i could have these changes take effect with a few command but i always reboot when making changes like this.

What i always do next is somewhat optional but HIGHLY recommended. Make SSH use public key authentication. I'll assume you know how to do this and move onto the setup of the actual DHCP/DNS server. At this point i would also disconnect the Pi from the display, Place it in it's final resting place and do the rest of the setup over SSH.

The only package we need to install is dnsmasq

pkg install dnsmasq

Once that is installed it's a matter of configuring it. dnsmasq is a caching DNS server by default but can also be a DHCP and TFTP server. I decided to also use it as the DHCP server on my network to ensure that all clients use it as DNS server. dnsmasq parses /etc/hosts and turns those into DNS records/responses.

Here is my config


# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

no-resolv
server=9.9.9.10
server=149.112.112.10
dhcp-range=192.168.2.20,192.168.2.150,24h
dhcp-option=3,192.168.2.1
dhcp-authoritative

# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i

cache-size=300
conf-dir=/usr/local/etc/dnsmasq.d

# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore

# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers

Most of those options are explained or self-explanatory so i'll explain the less obvious ones.

no-resolv by default dnsmasq gets it's list of upstream dns servers to pass onto clients by reading /etc/resolv.conf this disables that and makes it get it's upstream server from it's own config file.

server=9.9.9.10
server=149.112.112.10

These are the 2 upstream DNS server i use. They are provided by Quad9. These are the unsecured non-blocking servers as i will supply my own blocking list.

So then in /etc/resolve.conf you just need to have nameserver 127.0.0.1

and then disable resolvconf by creating /etc/resolvconf.conf with the following content

resolvconf=NO

dhcp-option=3,192.168.2.1 this sets DHCP option 3(Default gateway) for all clients to 192.168.2.1 dhcp-authoritative This makes dnsmasq forcefully become the only DHCP server on the network so it will takeover leases from other servers(if i understand that correctly)

I've left the addresses reservation lines because i may use them someday.

conf-dir=/usr/local/etc/dnsmasq.d this makes dnsmasq parse all files under that folder

in that folder i have the block list found here

This list get updated everyday and is a large list blocking AD and malware domains.

So with that all in place all that is left to do is to enable/start the service

To enable add this to /etc/rc.conf

dnsmasq_enable="YES"

Then to start it right now

service dnsmasq start

That's it the server is now running and will answer DHCP and DNS requests. Any clients you have set with static network configurations you will need to update the DNS server on those to point to this newly setup server.

The other thing i did was create a small script to update the block list everyday and restart dnsmasq.


#!/usr/local/bin/bash
wget -O /usr/local/etc/dnsmasq.d/dnsmasq.blacklist.txt https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnsmasq/dnsmasq.blacklist.txt
service dnsmasq restart

and add that to /etc/crontab

0 1 * * * root /root/upblocklist.sh >/dev/null 2>&1

I have that set to go at 1AM every day as the blocklist repo is updated right around 12am in my time zone. You'll have to adjust this so you grab it after it's been updated.

And that is it. Like i said the Pi model B is not the best deivce to do this with. I think anything more recent with more than 1 CPU core would work just fine. My plan is to get a Rock64.

Well i hope this post was helpful to someone.

Until next time Stay safe!

@mgrondin@youdabomb.social

#Tech #BSD #Selfhost

 
Read more...

from G's Blog

Weekly music review ( #100DaysToOffload day 27)

So this past week i have been listening to Floppy Disk Overdrive by Master Boot Record and oh boy did i have no clue what i was in for.

This album stands on its own. I found it in the Synthwave listings but calling it that is a stretch. I would go as far as defining a new genre. Call it MetalWave or SythMetal or something. The songs have the structure and feel of metal with some very Synth elements. On first listen you just don't know what to expect. Every song takes unexpected turns for the better. It does take more than one listen to really appreciate it but now I can't stop listening to it. It's going to be hard to move on from this one. Highly recommend this one. You should not pass it up.

Moving on i must.

Next we shall check out Daze of the Future by Mr. 45. This one is a little older but i went to the Surprise Me listings of bandcamp and this one caught my eye. Lets see what surprises it holds.

That is all for today.

Until next time be safe!

@mgrondin@youdabomb.social

#Music

 
Read more...