feat: UF archive

2 files changed, 205 insertions, 3 deletions

diff --git a/content-org/blog.org b/content-org/blog.org
index 5ca7201..b8df87c 100644
--- a/content-org/blog.org
+++ b/content-org/blog.org
@@ -8,7 +8,7 @@
 #+HUGO_SECTION: blog
 
 
-* 2024  [87/89]                                                       :@blog:
+* 2024  [87/90]                                                       :@blog:
 :PROPERTIES:
 :EXPORT_HUGO_SECTION: blog/2024
 :EXPORT_HUGO_CUSTOM_FRONT_MATTER+: :image_dir "blog/images" :image_max_width 600
@@ -122,6 +122,32 @@ It's small annoyance, but it shows the general direction.
 Microsoft GitHub is still not near the biggest sin an Open Source can commit when it comes to cooperation (that crown still goes to using Discord), but it's far from being "Open".
 
 
+** TODO RE: Michał Sapka’s new home
+:PROPERTIES:
+:EXPORT_FILE_NAME: re-michal-sapkas-new-home
+:EXPORT_HUGO_CUSTOM_FRONT_MATTER+: :Abstract Reply to Ruben's post
+:EXPORT_HUGO_CUSTOM_FRONT_MATTER+: :Listening Metallica - Garage, Inc.
+:END:
+
+If you read this site regularly, you may have noticed that I mention Rubenerd from time to time.
+Actually, I do it all the time.
+
+But this time, Ruben made me a bday surpriday and [[https://rubenerd.com/michal-sapkas-new-home/][wrote about me]].
+This post is a small reply.
+
+Yes, I am merging all my sites into one, once again.
+While it was cool to have 6 pages, the real question was: do I want multiple mediocre ones, or one ok-ish?
+Looking at this from this point, it makes sense.
+
+I changed the domains becasue I moves the site to my homelab and having DDNS on my mail domain seemed scary.
+Most likely nothing bad woudld happen, but better safe then sorry.
+Plus, "Crys Site" is a wordplay and no one has yet guessed it.
+
+The merging project is still in progress, as I am fixing some outstanding bugs.
+I love toying with this site, even if no one cares ;-)
+
+Ruben, you are a wonderful human being and creator of my favorite blog out there.
+
 ** DONE Bezos's fortune is too big to care about you
 CLOSED: [2024-10-26 Sat 21:17]
 :PROPERTIES:
@@ -148,11 +174,11 @@ In 2013.
 
 But in 2024, his net worth grew to 211000000000 (211 billion).
 Are you 10x richer than 10 years ago?
-But then, if you bought that BluRay 10 years ago for that 13,7USD, you would now 13700SD.
+But then, if you bought that BluRay 10 years ago for that 13,7USD, you would now  have 13700SD.
 Would you even care about that BluRay?
 I'm guessing you have already given it /for free/ to someone.
 
-So, he would not notice if Washington Post died today, he would not notice.
+So, if Washington Post died today, he would not notice.
 But what are some other things he owns some stake in, that you can stop using?
 #+attr_shortcode: :file dr-evil.jpg
 #+attr_shortcode: :alt Headshot of a bold, white man with a scar. This is a character Dr Evil from Austen Powers series of movies
diff --git a/content-org/bsd.org b/content-org/bsd.org
index 22cc903..37cec90 100644
--- a/content-org/bsd.org
+++ b/content-org/bsd.org
@@ -1397,7 +1397,183 @@ Monkey Island 2 running on ScummVM
 #+end_image
 
 
+** Homelab
+:PROPERTIES:
+:EXPORT_HUGO_MENU: :menu bsd :parent "freebsd-homelab"
+:EXPORT_HUGO_SECTION: bsd/freebsd-homelab
+:END:
+
+*** DONE Template for jail with external IP assigned via DHCP
+CLOSED: [2024-10-27 Sun 20:11]
+:PROPERTIES:
+:EXPORT_FILE_NAME: dhcp-vnet-jail
+:EXPORT_HUGO_CUSTOM_FRONT_MATTER+: :abstract Running old adventure games
+:END:
+
+The idea behind FreeBSD homelab is simple: to utilize the Jail system.
+Jails are great!
+
+What I want is to have jails with:
+- dedicated, external IP
+- IPs are assigned via DHCP server
+- I am able to access files outside if the jails
+
+I was able to achieve most of this by following [[https://docs.freebsd.org/en/books/handbook/jails/][FreeBSD handbook]], [[https://rubenerd.com/starting-with-freebsd-jails/][Rubenerd's post]], and [[https://wiki.freebsd.org/Jails][FreeBSD Wiki]], but I also received some help from different indiduals whose names I can't recall.
+
+I use classic jails created from ZFS snapshots, but (as to the best of my knowledge), any jail will work with the following configuration.
+Unless specified, all code here goes to =/etc/jails.conf=.
+
+Note, that any configuration outside jail definition, will also apply to all jails.
+For example for this structure:
+
+#+begin_src  shell
+  config1;
+
+  jail1 {
+      config2;
+  }
+
+  jail2 {
+      config3;
+  }
+#+end_src
+
+jail1 gets configured with =config1= and =config2=, while jail2 gets =config1= and =config3=.
+
+**** Jail configuration
+
+First, we start with standard configuration regarding starting, stopping and logging.
+Notice the =#{name}=.
+It's a variable which fill be filled the name of the jail.
+#+begin_src shell
+  # STARTUP/LOGGING
+  exec.clean;
+  exec.start = "/bin/sh /etc/rc";
+  exec.stop = "/bin/sh /etc/rc.shutdown";
+  exec.consolelog = "/var/log/jail_console_${name}.log";
+#+end_src
+
+Then we add permissions which will allow for =vnet= - the system allowing for jail to have their own, (virtual) network stack.
+Even though everything goes host's network, for all intends and purposes jails have their own NICs.
+
+#+begin_src shell
+  # PERMISSIONS
+  allow.raw_sockets;
+  exec.clean;
+  mount.devfs;
+  devfs_ruleset = 5;
+  vnet;
+#+end_src
+
+Note, that we need to configure this ruleset. Create =etc/defvs.rules=:
+
+#+begin_src shell
+[devfsrules_jails=5]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide
+#+end_src
+
+back to =jail.conf=, we set hostname and path for the container.
+Adjust to your liking.
+#+begin_src shell
+  host.hostname = "${name}.dune.local";
+  path = "/usr/local/jails/containers/${name}";
+#+end_src
+
+Now for the actual network configuration.
+We will configure for the shell to:
+- create an =epair(4)= and use for network communication
+- destroy this =epair= upon stopping
+
+#+begin_src shell
+  $epair = "epair${id}";
+  $bridge = "bridge0"; 
+  vnet.interface = "${epair}b";
+  exec.start += "dhclient ${epair}b";
+  exec.prestart  = "/sbin/ifconfig ${epair} create up";
+  exec.prestart += "/sbin/ifconfig ${epair}a up descr jail:${name}";
+  exec.prestart += "/sbin/ifconfig ${bridge} addm ${epair}a up";
+  exec.prestart += "/sbin/ifconfig ${epair}b ether ${mac}";
+
+  exec.poststop = "/sbin/ifconfig ${bridge} deletem ${epair}a";
+  exec.poststop += "/sbin/ifconfig ${epair}a destroy";
+#+end_src
 
+For this to work, we need to create a =if_bridge(4)= on our host machine.
+Make sure that your =rc.conf= has:
+
+#+begin_src shell
+cloned_interfaces="bridge0"
+ifconfig_bridge0="addm em0 up"
+#+end_src
+
+(replace =em0= with appropriate device)
+
+Ok, now we just need to have our jail ready.
+First, create it as it presented in the [[https://docs.freebsd.org/en/books/handbook/jails/][FreeBSD handbook]].
+
+Then, configure the jail:
+#+begin_src shell
+  jail {
+      $id=1;
+      $mac="2:bf:b9:4c:4f:0b";
+
+      exec.prestart += "mount -a -F /etc/fstab.$name";
+      exec.poststop += "umount -a -F /etc/fstab.$name";
+  }
+#+end_src
+
+Explanations:
+- =$id= will be used when creating matching =epair=
+- =$mac= will force a given mac address for the virtual network card.
+  This will ensure that FreeBSD won't change it, and we can assign fixed =IP= on the router level
+- This jail has attached network storage.
+  You don't want the jail itself to even know what it is, so we're forcing the host to execute =/etc/fstab.$name=, and mount the drives.
+  Note, that you need to mount the drives in directory relative to *host's* root, so something like:
+
+#+begin_src shell
+10.0.1.200:/volume2/movies /usr/local/jails/containers/servarr/mnt/movies nfs rw 0 0
+#+end_src
+
+(this attaches an NFS share in read-write mode)
+
+**** Putting it all together
+
+The entire =jail.conf= here looks like:
+
+#+begin_src shell
+    exec.clean;
+    exec.start = "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown";
+    exec.consolelog = "/var/log/jail_console_${name}.log";
+    allow.raw_sockets;
+    exec.clean;
+    mount.devfs;
+    devfs_ruleset = 5;
+    vnet;
+    host.hostname = "${name}.dune.local";
+    path = "/usr/local/jails/containers/${name}";
+    $epair = "epair${id}";
+    $bridge = "bridge0"; 
+    vnet.interface = "${epair}b";
+    exec.start += "dhclient ${epair}b";
+    exec.prestart  = "/sbin/ifconfig ${epair} create up";
+    exec.prestart += "/sbin/ifconfig ${epair}a up descr jail:${name}";
+    exec.prestart += "/sbin/ifconfig ${bridge} addm ${epair}a up";
+    exec.prestart += "/sbin/ifconfig ${epair}b ether ${mac}";
+    exec.poststop = "/sbin/ifconfig ${bridge} deletem ${epair}a";
+    exec.poststop += "/sbin/ifconfig ${epair}a destroy";
+
+    jail {
+        $id=1;
+        $mac="2:bf:b9:4c:4f:0b";
+
+        exec.prestart += "mount -a -F /etc/fstab.$name";
+        exec.poststop += "umount -a -F /etc/fstab.$name";
+    }
+#+end_src
 * WIP
 ** TODO OpenBSD: XMPP (Jabber) server
 /intro/