FreeBSD (and Linux), Podman containers and Large Receive Offload.
By @tara
https://www.tara.sh/posts/2023/2023-09-07_freebsd_linux_podman_and_lro/
freebsd
**BSD Mail Project Update!**
Hello everyone! I wanted to share some exciting updates about the development of BSD Mail, our privacy-focused email service designed with robustness, security, and transparency in mind. Here’s a deep dive into the technical choices I've made, focusing on my use of open source solutions and open protocols:
🌍 **Servers & Location**
- We're running on two physical servers:
- One hosted by OVH in France
- Another by Hetzner in Germany
- Both servers operate on FreeBSD with NVMe drives in a ZFS mirror configuration for speed and data integrity.
🔒 **Virtualization & Security**
- We utilize jails on both servers to ensure isolated environments for different services, managed via BastilleBSD. On one server, jails are set up directly on the hardware, whereas the other server employs nested jails.
- Each server hosts a bhyve VM running OpenBSD with OpenSMTPD for handling SMTP duties securely.
🔗 **Networking**
- A Wireguard setup connects the two servers, facilitating routing capabilities so that jails and VMs can communicate seamlessly, supporting both IPv4 and IPv6.
📧 **Email Services**
- **Dovecot** is configured for maildir replication across the servers using Dovecot sync, ensuring email availability and redundancy.
- **Rspamd** instances are tied to local KeyDB jails, set up in master-master replication for consistent and reliable spam detection and greylisting.
- **ClamAV** runs in corresponding jails for virus scanning, maintaining a high level of security.
- **SOGo** provides a web interface for email management, connected to MySQL databases in master-master replication to handle sessions and authentication smoothly.
💾 **Data Management**
- Email data is stored on separate, encrypted ZFS datasets to secure emails at rest.
- MySQL databases are used for storing credentials and managing sessions for SOGo, also in a master-master replication setup. Importantly, all passwords are securely hashed using bcrypt, ensuring they are salted and safe.
🔎 **Monitoring & Reliability**
- Our DNS is managed through BunnyNet, which continuously monitors our server status. Should one server—or a specific service—become unavailable, DNS configurations are dynamically adjusted to avoid directing users to the affected IP until full service is restored.
🌐 **Commitment to Open Source and Open Protocols**
- Every component of BSD Mail is built exclusively using open source software and open protocols. This commitment is crucial for ensuring data freedom and the reliability of the solutions we use.
This setup not only emphasizes our commitment to privacy and security but also our dedication to maintaining an open and transparent platform.
We're excited to bring you a service where your privacy, data integrity, and freedom are prioritized. Stay tuned for more updates!
#BSDMail #OpenSource #Privacy #FreeBSD #OpenBSD #EmailHosting #Email
Recently got a cheap 128 GB SSD to see how BSD would run on my main machine, and this weekend threw FreeBSD on it. I'm sending this toot from the working system, and aside from the general configuration joy of being an Unix nerd, finding almost everything I need to know in the FreeBSD Handbook is a great perk on the second joy: reading docs and being able to flow acting on them.
Thanks to the #FreeBSD Handbook on Ports and the following page, I finally got around to building the drm-kmod port and dependencies so that amdgpu runs properly on 14.2. 
https://forums.freebsd.org/threads/freebsd-14-2-graphics-fix.96365/
Edited 2d ago
Why Dell’s ThinOS runs on FreeBSD
https://freebsdfoundation.org/freebsd-case-studies/dell-case-study-why-dells-thinos-runs-on-freebsd
I've been meaning to do this for a while, and tonight I finally supported @mwl for his new book: Run Your Own Mail Server: A Book for Independence & Privacy
- https://www.kickstarter.com/projects/mwlucas/run-your-own-mail-server
Every book I've read by mwl has gifted me with smiles, laughter, knowledge, awareness, and a desire to experiment.
Can't wait to dive into this new work!
#FreeBSD #NewBook #Excited #Reading #inspiration #EmailHosting #SelfHosting
Edited 253d ago
One of the most fundamental yet little-known features of FreeBSD is its ability to be used in read-only mode very easily. By installing the system on a UFS file system, you just need to modify the fstab file, change "rw" to "ro," and reboot. On the next boot, the system will automatically create mount points in RAM for the main directories (/tmp, log, etc.), and it will run perfectly.
This was the main reason why, many years ago, I chose FreeBSD for almost all my embedded systems. Even today, on my Raspberry Pies, I keep the SD cards in read-only mode and use external storage in read-write mode. This ensures that, in case of an unexpected poweroff, the system will come back up, and there will be no wear on the memory card.
#FreeBSD #EmbeddedSystems #RaspberryPi #ReadOnly #SysAdmin #Tech #OpenSource
Proxmox vs FreeBSD: Which Virtualization Host Performs Better?
Since migrating many servers from Proxmox to FreeBSD, we have consistently felt that the VMs are more responsive. It's time to conduct some concrete tests.
https://it-notes.dragas.net/2024/06/10/proxmox-vs-freebsd-which-virtualization-host-performs-better/
#FreeBSD #Proxmox #Linux #Virtualization #kvm #bhyve #IT #SysAdmin #ITNotes #NoteHUB
Blocking Access From or to Specific Countries Using FreeBSD and pf
Learn how to block access from specific countries on your FreeBSD server using pf and ipdbtools to enhance security and manage traffic efficiently.
https://it-notes.dragas.net/2024/06/16/freebsd-blocking-country-access/
I'm thrilled to announce that my talk for EuroBSDcon 2024 has been accepted! I am incredibly happy and honored. It will be a fantastic experience. Thank you to the team for your trust!
#EuroBSDcon #TechConference #OpenSource #BSDCommunity #RunBSD #FreeBSD #OpenBSD #NetBSD #DragonFlyBSD
The slides, the video, and the text behind my presentation at EuroBSDCon 2024 - 'Why and how we're migrating many of our servers from Linux to the BSDs.'
https://it-notes.dragas.net/2024/10/03/i-solve-problems-eurobsdcon/
#ITNotes #FreeBSD #OpenBSD #NetBSD #RunBSD #IT #SysAdmin #EuroBSDCon #EBC24 #EuroBSDCon24 #EuroBSDCon2024 #NoteHUB
Escape the cloud: Own your e-mail.
Make your own E-Mail server - FreeBSD, OpenSMTPD, Rspamd and Dovecot included - Part 1
Edited 336d ago
Announcing FediMeteo – Weather in the Fediverse!
UPDATE: I have created an account for updates and other information on FediMeteo - follow the account @admin to stay updated!
UPDATE: Ireland, Poland, Portugal and Switzerland have just been added
Weather has always influenced our lives: from agriculture to outdoor activities, to extreme events that, thanks to modern technology, can now be predicted with greater reliability. Personally, weather plays a significant role in my daily decisions, which is why I decided to create a service tailored for the Fediverse.
FediMeteo uses Open-Meteo data to publish updates every 6 hours, including current weather conditions, forecasts for the next 12 hours, and predictions for the upcoming days. Each country is served by its own dedicated instance (e.g., it.fedimeteo.com for Italy), managed through snac to ensure simplicity and efficiency in publishing.
You can follow FediMeteo directly in the Fediverse (on Mastodon and compatible platforms), via RSS, or by visiting the dedicated page for your city (e.g., fr.fedimeteo.com/paris).
Currently supported countries include:
Austria, Germany, France, Ireland, Italy, Netherlands, Poland, Portugal, Spain, Switzerland and the United Kingdom, – with many more regions coming soon!
FediMeteo is hosted on a FreeBSD-based VPS, with each country isolated in its own jail to ensure security and scalability.
Visit the main site to explore the national instances and start following your local weather updates today:
https://fedimeteo.com
Happy weather monitoring to all! 🌦️
FediMeteo is dedicated to my grandfather, who every evening would give me the weather forecast based on TV, radio, and his personal experience. He would convince me that the weather would be bad, so he had an excuse to accompany me to school instead of me going alone.
#FediMeteo #Announcements #FreeBSD #FediMeteo #WeatherForecasts #Weather #Meteo #snac #Fediverse #Mastodon
Edited 34d ago
To reaffirm my #ThankYouTuesday today - following my post earlier about FreeBSD freezing if a laptop doesn't have the battery installed (https://mastodon.bsd.cafe/@stefano/112280720122710027), @jeffpc has prepared a patch and suggested I try it (https://reviews.freebsd.org/P636).
I did, and it worked.
This is the spirit that characterizes the open-source community and the fantastic members who comprise it.
Weekly BSD Pub
*BSD friends, just remember that on Thursday there'll be the first Weekly BSD Pub virtual meeting, organized by @gyptazy
More information here: https://wiki.bsd.cafe/docs:weekly-bsdpub
CHERI Alliance officially launches, adds major partners including Google, to tackle cybersecurity threats at the hardware level
From the November 2024 press release, <https://semiiphub.com/news/cheri-alliance>:
"… Previously announced founding members of the CHERI Alliance include Capabilities Limited, Codasip, CyNam, the FreeBSD Foundation, lowRISC, OpenHW Group, SCI Semiconductor, Swansea University, and the University of Cambridge. Following its initial formation in June 2024, the CHERI Alliance’s new additions reinforce the collaborative effort to protect against memory-related vulnerabilities, a critical security challenge that constitutes approximately 70% of the vulnerabilities exploited in cyberattacks. …"
– via <https://semiiphub.com/industryexpertblogs/cheri-alliance-1> and <https://old.reddit.com/r/freebsd/comments/1ho911c/cheri_alliance_officially_launches_adds_major/>
FreeBSD Project-provided repositories for kernel modules in the ports collection: usage
<https://blendit.bsd.cafe/post/821622>
14.1-RELEASE to 14.2-RELEASE
… an interim approach to avoiding the DRM graphics issue that was noted for 14.2-RELEASE before the release announcement …
#FreeBSD #upgrade #FAQ #Ludwig #LDWG #CFT #callfortesting #DRM #graphics #kmods #kernel
Progress!! I managed to get the #PinePhonePro screen working on #FreeBSD 🎉 Long way to go yet, but this is a massive step forward for making FreeBSD usable on the device.
https://tobykurien.com/images/microblog/post-1736141510-0.jpg
Some technical details for those interested:
The entire FediMeteo setup runs on a FreeBSD VM costing around 4 euros per month. It supports almost all major EU countries (plus the UK), with just a few left to complete. Currently, there are 25 separate jails, each running its own instance of snac, totaling 25 instances. The VM load typically stays around 10%, which increases to 30% when updates are published for countries with larger numbers of cities (currently Germany and Italy). The only time the load spikes is when new countries are announced; during that time, all remote instances connect to all cities to download their details.
As for RAM usage, excluding the ZFS cache, it's currently a total of 213 MB. Yes, MB.
@dvl can Seriously Motivate a person.