From 8ffe3912e89651973964754dfd9c8c1acf3cf40b Mon Sep 17 00:00:00 2001 From: Jerry Jacobs Date: Sun, 26 Jan 2025 20:03:13 +0100 Subject: [PATCH] vault backup: 2025-01-26 20:03:13 --- .obsidian/workspace.json | 3 +- ...sync-conflict-20250126-182018-OZPPIBC.json | 211 ++++++++++++++++++ ...5.sync-conflict-20250126-182027-OZPPIBC.md | 196 ++++++++++++++++ 3 files changed, 409 insertions(+), 1 deletion(-) create mode 100644 .obsidian/workspace.sync-conflict-20250126-182018-OZPPIBC.json create mode 100644 2025/xg-infra-upgrade-2025.sync-conflict-20250126-182027-OZPPIBC.md diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index a9d047c..9b4dc5e 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -164,9 +164,10 @@ }, "active": "316987f51496a482", "lastOpenFiles": [ + "2025/xg-infra-upgrade-2025.sync-conflict-20250126-182027-OZPPIBC.md", + "2025/xg-infra-upgrade-2025.md", "2025/goede-voornemens-2025.md", "2025/uitnodiging-jerry-maria-verjaardag-dinnerparty-2025.png", - "2025/xg-infra-upgrade-2025.md", "2024/ggz-poh-mijnpositievegezondheid.net/Mijn Positieve Gezondheid - 2024-11-08.pdf", "2024/ggz-poh-mijnpositievegezondheid.net", "2024/freebsd/Proxmox vs FreeBSD_ Which Virtualization Host Performs Better_ - IT Notes - https___it-notes.dragas.net_.mhtml", diff --git a/.obsidian/workspace.sync-conflict-20250126-182018-OZPPIBC.json b/.obsidian/workspace.sync-conflict-20250126-182018-OZPPIBC.json new file mode 100644 index 0000000..0d72c04 --- /dev/null +++ b/.obsidian/workspace.sync-conflict-20250126-182018-OZPPIBC.json @@ -0,0 +1,211 @@ +{ + "main": { + "id": "80dfc042c640b15d", + "type": "split", + "children": [ + { + "id": "0ad06b0c6fda37c6", + "type": "tabs", + "children": [ + { + "id": "a56ea6335de7aaa4", + "type": "leaf", + "state": { + "type": "empty", + "state": {}, + "icon": "lucide-file", + "title": "New tab" + } + } + ] + } + ], + "direction": "vertical" + }, + "left": { + "id": "590610b14e29519d", + "type": "split", + "children": [ + { + "id": "af92d155439dd2e9", + "type": "tabs", + "children": [ + { + "id": "a6af6521d0a87290", + "type": "leaf", + "state": { + "type": "file-explorer", + "state": { + "sortOrder": "alphabetical" + }, + "icon": "lucide-folder-closed", + "title": "Files" + } + }, + { + "id": "783320241c5007e2", + "type": "leaf", + "state": { + "type": "search", + "state": { + "query": "infra", + "matchingCase": false, + "explainSearch": false, + "collapseAll": false, + "extraContext": false, + "sortOrder": "alphabetical" + }, + "icon": "lucide-search", + "title": "Search" + } + }, + { + "id": "9fd1befacbc60855", + "type": "leaf", + "state": { + "type": "bookmarks", + "state": {}, + "icon": "lucide-bookmark", + "title": "Bookmarks" + } + } + ], + "currentTab": 1 + } + ], + "direction": "horizontal", + "width": 300 + }, + "right": { + "id": "a604f67a04e15115", + "type": "split", + "children": [ + { + "id": "5aa370a223f7373d", + "type": "tabs", + "children": [ + { + "id": "e898fba6fc2202a4", + "type": "leaf", + "state": { + "type": "backlink", + "state": { + "file": "2025/xg-infra-upgrade-2025.md", + "collapseAll": false, + "extraContext": false, + "sortOrder": "alphabetical", + "showSearch": false, + "searchQuery": "", + "backlinkCollapsed": false, + "unlinkedCollapsed": true + }, + "icon": "links-coming-in", + "title": "Backlinks for xg-infra-upgrade-2025" + } + }, + { + "id": "59e072f96f7cae77", + "type": "leaf", + "state": { + "type": "outgoing-link", + "state": { + "file": "2025/xg-infra-upgrade-2025.md", + "linksCollapsed": false, + "unlinkedCollapsed": true + }, + "icon": "links-going-out", + "title": "Outgoing links from xg-infra-upgrade-2025" + } + }, + { + "id": "332de545256273fd", + "type": "leaf", + "state": { + "type": "tag", + "state": { + "sortOrder": "frequency", + "useHierarchy": true + }, + "icon": "lucide-tags", + "title": "Tags" + } + }, + { + "id": "e4063ef042af97c0", + "type": "leaf", + "state": { + "type": "outline", + "state": { + "file": "2025/xg-infra-upgrade-2025.md" + }, + "icon": "lucide-list", + "title": "Outline of xg-infra-upgrade-2025" + } + } + ] + } + ], + "direction": "horizontal", + "width": 300, + "collapsed": true + }, + "left-ribbon": { + "hiddenItems": { + "switcher:Open quick switcher": false, + "graph:Open graph view": false, + "canvas:Create new canvas": false, + "daily-notes:Open today's daily note": false, + "templates:Insert template": false, + "command-palette:Open command palette": false + } + }, + "active": "a56ea6335de7aaa4", + "lastOpenFiles": [ + "2025/xg-infra-upgrade-2025.md", + "2024/freebsd/Proxmox vs FreeBSD_ Which Virtualization Host Performs Better_ - IT Notes - https___it-notes.dragas.net_.mhtml", + "2024/freebsd/nginx remove header from upstream - Server Fault - https___serverfault.com_.mhtml", + "2024/freebsd/Solved - Howto save freebsd-update, portsnap, and pkg files to a fresh installation_ _ The FreeBSD Forums - https___forums.freebsd.org_.mhtml", + "2024/freebsd/Setting Up a Package Mirror on FreeBSD _ lastsummer.de - https___lastsummer.de_.mhtml", + "2024/freebsd/Nginx pkg cache help _ The FreeBSD Forums - https___forums.freebsd.org_.mhtml", + "2024/freebsd/FreeBSD Jail Creation - Personal Site - https___omussell.github.io_.mhtml", + "2024/freebsd/Caching freebsd-update and pkg files - Personal Site - https___omussell.github.io_.mhtml", + "2024/freebsd/Bhyve VM Creation - Personal Site - https___omussell.github.io_.mhtml", + "2024/freebsd", + "2024/ggz-poh-mijnpositievegezondheid.net/Mijn Positieve Gezondheid - 2024-11-08.pdf", + "2024/Brouwsels 2024.md", + "2024/So you wanna do FreeBSD 14.1 and native Home Assistant?.md", + "2024/Screenshot 2024-04-10 at 11.17.04 - courage - FRVO.png", + "2025/goede-voornemens-2025.md", + "2024/doelen-2024.md", + "2024/photoprism.md", + "2024/git-svn mirror.md", + "2024/Gezonde routines boek review & notes.md", + "2024/freebsd-notes.md", + "2024/1gabba.pw-links.md", + "2024/happy-holidays-nye-2024-kaart/jerry-nero-cutout-cosy-holidays-2024-center-round.png", + "2024/Github multiple users and keys.md", + "2021/zfs-snapshots.md", + "2024/freebsd-jail-vanilla.md", + "2024/april-training-mental-physical-goede-voornemens.md", + "2022/Adimec R D Software Quality Working Group.md", + "2022/apc-forum-donate-copyleft-symbool-dat-is-gek.png", + "2022/chilli-hot-sauce-ingredients.png", + "2022/Ouderwetse limburgse koud schotel.md", + "2022/github-archievement.png", + "2022/computers-and-machines.md", + "2022/christmas-card-jerry-nero-2023.png", + "2022/euro-dollar-koers-20220908_04_45-manic-hypomanie.png", + "2024/Gitea build on FreeBSD 14.2.md", + "2021/A tale about open-source software experience.md", + "2024/Postgres Backups and ZFS snapshots.md", + "2024/verjaardag-uitnodiging-jerry-35j-23-mrt-2024.png", + "2024/verjaardags-feest-35-jaar-in-breugel.md", + "2024/happy-holidays-nye-2024-kaart/wishes-jerry-nero-2025.png", + "2024/nye-party-2025-at-breugel.png", + "2024/Why I am tasting colors?.md", + "2024/chlorate-cell.md", + "2024/piet-hein-state-gebouwbeheer.md", + "2024/Batterij apparaten voor opladen.md", + "Untitled.canvas" + ] +} \ No newline at end of file diff --git a/2025/xg-infra-upgrade-2025.sync-conflict-20250126-182027-OZPPIBC.md b/2025/xg-infra-upgrade-2025.sync-conflict-20250126-182027-OZPPIBC.md new file mode 100644 index 0000000..5a52d7b --- /dev/null +++ b/2025/xg-infra-upgrade-2025.sync-conflict-20250126-182027-OZPPIBC.md @@ -0,0 +1,196 @@ +--- +tags: + - freebsd + - homelab +--- + +# NAS + +* clean install newest FreeBSD 14.2 + * move OS /home into /data/home zpool/home + * mount ISO over IPMI +* Manage old zpool: + * (old OS) zpool export zpool + * (new OS) zpool import -N zpool + * zpool status + * zpool upgrade + * zpool upgrade zpool + * https://docs.freebsd.org/en/books/handbook/zfs/#zfs-zpool-upgrade +* Syncthing shares on separated ZFS subvolumes + * zfs autosnapshot retetion policies +* pyrotechnics & private data zfs copies=2? +* Applications in VMs + * Photoprism + * Homeassistant? or in jail? +* Applications in seperate freebsd jails + * Syncthing + * Transmission + * (existing -> upgrade) Gitea + * Template FreeBSD 14.2 + * Samba + * VTVBB sync + go tooling + * Cache: pkg + freebsd update (for jails) + * Reverse caddy HTTP + SSL proxy + * Bastion SSH host + * Simple DNS server + * Wireguard VPN + * https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/ +* Data partitioning + * zroot (ssd OS only) + * zpool (14TB hdd mirror) + * /data/home + +Host OS services: + * SSH + * sshguard + * pf firewall + +Improvements & things to not forget: +* ZFS disable atime https://www.unixtutorial.org/zfs-performance-basics-disable-atime/ +* backup settings from /etc and /usr/local/etc before SSD OS disk wipe +* private keychains daily snapshots (separate Syncthing share + copies=2?) +* Syncthing + * per-share zfs subvolume + * per-share needs .zfs ignore or else snapshots are propagated +* crontab(s) backup +* samba config +* gitea backup +* sshguard +* jails settings backup +* vanilla jails management with templates +* Migrate from zfstools auto-snapshot and prune to Python zfs-autobackup? + * See blog https://it-notes.dragas.net/2024/08/21/automating-zfs-snapshots-for-peace-of-mind/ +* URLs for (web)services with nanodash for homelab + quick access +* Upgrade gitea and migrate sqlite to postgres + * https://forum.gitea.com/t/migrate-from-sqlite-to-postgresql/2269/ + * https://tutorialinux.com/today-learned-migrating-sqlite-postgres-easy-sequel/ +* Migrate all automations Hue -> Home Assistant +* Samba network share + * AVAHI/Bonjour autodiscovery +* Automount network shares on macOS +* ZFS zpool scrub monthly cron +* Homeassistant in FreeBSD jail rc.d service file for auto-start on boot +* ZFS volumes are seen as block devices `zfs create -V` for use with VMs for better performance +* ZFS scrub & status report e-mail +* FreeBSD pkg cache for jails + * https://omussell.github.io/fbsd-update-cache/ + * https://forums.freebsd.org/threads/nginx-pkg-cache-help.85699/ + https://serverfault.com/a/1026574 +* VMs managed with https://github.com/churchers/vm-bhyve + * zvol (vdev) vm instead of file: https://github.com/churchers/vm-bhyve?tab=readme-ov-file#adding-custom-disks + * https://forum.level1techs.com/t/zvol-vs-file-as-vm-backing-huge-performance-difference-on-nvme-based-zpool/182074/15 + +# Syncthing share enrol on ZFS subvolume + +1. Create zfs subvolume: `zfs create ...` +2. Set zfs-auto-snapshot property (for zfstools) : `zfs set ..` +3. Create share in Syncthing web GUI +4. Ignore .zfs folder (to not propagate to connected peers): filter `.zfs` + +# Syncthing migrate to zfs subvolume + + +``` +# zfs create zpool/data/syncthing/shared/... +# zfs set snapdir=hidden zpool/data/syncthing/shared/... +(optional) # zfs set copies=2 zpool/data/syncthing/shared/... +# rsync --perms --archive --progress /data/syncthing/shares/... /data/syncthing/shared/... +# echo ".zfs" > /data/syncthing/shares/.../.stignore +# zfs set com.sun:auto-snapshot=true zpool/data/syncthing/shared/... +# zfs list -t snap zpool/data/syncthing/shared/... +``` +# ZFS dataset datablock copies + +For extra redundancy amount of datablock copies can be set and tested: + +``` +# zfs create data/test-dataset/dataset-1 +# zfs list +# zfs set copies=2 data/test-dataset/dataset-1 +# zfs get copies data/test-dataset/dataset-1 +root@mango:/data/test-dataset/dataset-1 # dd if=/dev/random of=testfile bs=64K count=1024 +1024+0 records in +1024+0 records out +67108864 bytes transferred in 0.609759 secs (110058049 bytes/sec) +root@mango:/data/test-dataset/dataset-1 # ls -lah +total 131146 +drwxr-xr-x 2 root wheel 3B Dec 19 19:56 . +drwxr-xr-x 3 root wheel 3B Dec 19 19:55 .. +-rw-r--r-- 1 root wheel 64M Dec 19 19:57 testfile +root@mango:/data/test-dataset/dataset-1 # zfs list | grep dataset-1 +data/test-dataset/dataset-1 128M 410G 128M /data/test-dataset/dataset-1 +``` + +## Automatic USB backup with devd + +* https://man.freebsd.org/cgi/man.cgi?devd.conf +# OpenZFS VM performance and database block size + +https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/ +https://github.com/openzfs/zfs/issues/7631 + +## Syncthing per-share zfs subvolume + +For important shares data we set copies=2 and checksum=sha256 +``` +# zfs create zpool/syncthing/shares/myshare +# zfs set copies=2 zpool/syncthing/shares/myshare +# zfs set checksum=sha256 zpool/syncthing/shares/myshare +``` + +Which shares: +* jerry/pyrotechnics +* jerry/private +## ZFS snapshot visibility + +Hide the `.zfs/snapshot` directory in the dataset so Syncthing doesn't sync it by accident when not ignored via `.stignore`: + +``` +# zfs list -t snapshot zpool/data/syncthing/shared/jerry/private +# zfs get snapdir zpool/data/syncthing/shared/jerry/private +# zfs set snapdir=hidden zpool/data/syncthing/shared/jerry/private +# ls /data/syncthing/shared/jerry/private/.zfs/snapshot +``` + +To make it visible again +``` +# zfs set snapdir=visible +``` + +See https://docs.oracle.com/cd/E78901_01/html/E78912/gprhq.html + +## Internal DNS server + +* https://blog.marcg.pizza/marcg/a-quick-and-dirty-dns-server-using-freebsd-100daystooffload-day-28 +* https://etherarp.net/dnsmasq/index.html +* https://vlads.me/post/setting-up-dns-adblocker-freebsd-jail/ +# See also + +* [[freebsd-notes]] +* [[freebsd-jail-vanilla]] +* [[zfs-snapshots]] +* [[So you wanna do FreeBSD 14.1 and native Home Assistant?]] +* [[computers-and-machines]] + +# External docs + +* https://klarasystems.com/articles/openzfs-understanding-zfs-vdev-types/ +* https://jrs-s.net/2018/03/13/zvol-vs-qcow2-with-kvm/ +* https://serverfault.com/questions/1075846/config-for-using-git-via-ssh-on-jump-host +* https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/ + +## Domains + +### Public services + +DNS at Transip + +* git.xor-gate.org +* homeassistant.xor-gate.org + +### Internal services + +Internal services use split-brain DNS + +* homelab.xor-gate.org +* git.xor-gate.org +* homeassistant.xor-gate.org \ No newline at end of file