6.4 KiB
6.4 KiB
| tags | ||
|---|---|---|
|
NAS
- clean install newest FreeBSD 14.2
- move OS /home into /data/home zpool/home
- mount ISO over IPMI
- Manage old zpool:
- (old OS) zpool export zpool
- (new OS) zpool import -N zpool
- zpool status
- zpool upgrade
- zpool upgrade zpool
- https://docs.freebsd.org/en/books/handbook/zfs/#zfs-zpool-upgrade
- Syncthing shares on separated ZFS subvolumes
- zfs autosnapshot retention policies
- pyrotechnics & private data zfs copies=2?
- Applications in VMs
- Photoprism
- Homeassistant? or in jail?
- Applications in seperate freebsd jails
- Syncthing
- Transmission
- (existing -> upgrade) Gitea
- Template FreeBSD 14.2
- Samba
- VTVBB sync + go tooling
- Cache: pkg + freebsd update (for jails)
- Reverse caddy HTTP + SSL proxy
- Bastion SSH host
- Simple DNS server
- Wireguard VPN
- Data partitioning
- zroot (ssd OS only)
- zpool (14TB hdd mirror)
- /data/home
Host OS services:
- SSH
- sshguard
- pf firewall
Improvements & things to not forget:
- ZFS disable atime https://www.unixtutorial.org/zfs-performance-basics-disable-atime/
- backup settings from /etc and /usr/local/etc before SSD OS disk wipe
- private keychains daily snapshots (separate Syncthing share + copies=2?)
- Syncthing
- per-share zfs subvolume
- per-share needs .zfs ignore or else snapshots are propagated
- crontab(s) backup
- samba config
- gitea backup
- sshguard
- doas (alternative for sudo)
- jails settings backup
- vanilla jails management with templates
- Migrate from zfstools auto-snapshot and prune to Python zfs-autobackup?
- URLs for (web)services with nanodash for homelab + quick access
- Upgrade gitea and migrate sqlite to postgres
- Migrate all automations Hue -> Home Assistant
- Samba network share
- AVAHI/Bonjour autodiscovery
- Automount network shares on macOS
- ZFS zpool scrub monthly cron
- Homeassistant in FreeBSD jail rc.d service file for auto-start on boot
- ZFS volumes are seen as block devices
zfs create -Vfor use with VMs for better performance - ZFS scrub & status report e-mail
- FreeBSD pkg cache for jails
- VMs managed with https://github.com/churchers/vm-bhyve
- https://apps.apple.com/us/app/wireguard
Syncthing share enrol on ZFS subvolume
- Create zfs subvolume:
zfs create ... - Set zfs-auto-snapshot property (for zfstools) :
zfs set .. - Create share in Syncthing web GUI
- Ignore .zfs folder (to not propagate to connected peers): filter
.zfs
Syncthing migrate to zfs subvolume
# zfs create zpool/data/syncthing/shared/...
# zfs set snapdir=hidden zpool/data/syncthing/shared/...
(optional) # zfs set copies=2 zpool/data/syncthing/shared/...
# rsync --perms --archive --progress /data/syncthing/shares/... /data/syncthing/shared/...
# echo ".zfs" > /data/syncthing/shares/.../.stignore
# zfs set com.sun:auto-snapshot=true zpool/data/syncthing/shared/...
# zfs list -t snap zpool/data/syncthing/shared/...
ZFS dataset datablock copies
For extra redundancy amount of datablock copies can be set and tested:
# zfs create data/test-dataset/dataset-1
# zfs list
# zfs set copies=2 data/test-dataset/dataset-1
# zfs get copies data/test-dataset/dataset-1
root@mango:/data/test-dataset/dataset-1 # dd if=/dev/random of=testfile bs=64K count=1024
1024+0 records in
1024+0 records out
67108864 bytes transferred in 0.609759 secs (110058049 bytes/sec)
root@mango:/data/test-dataset/dataset-1 # ls -lah
total 131146
drwxr-xr-x 2 root wheel 3B Dec 19 19:56 .
drwxr-xr-x 3 root wheel 3B Dec 19 19:55 ..
-rw-r--r-- 1 root wheel 64M Dec 19 19:57 testfile
root@mango:/data/test-dataset/dataset-1 # zfs list | grep dataset-1
data/test-dataset/dataset-1 128M 410G 128M /data/test-dataset/dataset-1
Automatic USB backup with devd
OpenZFS VM performance and database block size
https://klarasystems.com/articles/openzfs-storage-best-practices-and-use-cases-part-3-databases-and-vms/ https://github.com/openzfs/zfs/issues/7631
Syncthing per-share zfs subvolume
For important shares data we set copies=2 and checksum=sha256
# zfs create zpool/syncthing/shares/myshare
# zfs set copies=2 zpool/syncthing/shares/myshare
# zfs set checksum=sha256 zpool/syncthing/shares/myshare
Which shares:
- jerry/pyrotechnics
- jerry/private
ZFS snapshot visibility
Hide the .zfs/snapshot directory in the dataset so Syncthing doesn't sync it by accident when not ignored via .stignore:
# zfs list -t snapshot zpool/data/syncthing/shared/jerry/private
# zfs get snapdir zpool/data/syncthing/shared/jerry/private
# zfs set snapdir=hidden zpool/data/syncthing/shared/jerry/private
# ls /data/syncthing/shared/jerry/private/.zfs/snapshot
To make it visible again
# zfs set snapdir=visible
See https://docs.oracle.com/cd/E78901_01/html/E78912/gprhq.html
Internal DNS server
- https://blog.marcg.pizza/marcg/a-quick-and-dirty-dns-server-using-freebsd-100daystooffload-day-28
- https://etherarp.net/dnsmasq/index.html
- https://vlads.me/post/setting-up-dns-adblocker-freebsd-jail/
See also
- freebsd-notes
- freebsd-jail-vanilla
- zfs-snapshots
- So you wanna do FreeBSD 14.1 and native Home Assistant?
- computers-and-machines
External docs
- https://klarasystems.com/articles/openzfs-understanding-zfs-vdev-types/
- https://jrs-s.net/2018/03/13/zvol-vs-qcow2-with-kvm/
- https://serverfault.com/questions/1075846/config-for-using-git-via-ssh-on-jump-host
- https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/
Domains
Public services
DNS at Transip
- git.xor-gate.org
- homeassistant.xor-gate.org
Internal services
Internal services use split-brain DNS
- homelab.xor-gate.org
- git.xor-gate.org
- homeassistant.xor-gate.org