feat: move bsd files

12 files changed, 782 insertions, 0 deletions

diff --git a/content/bsd/desktop-freebsd-wont-improve-unless-people-are-using-it.md b/content/bsd/desktop-freebsd-wont-improve-unless-people-are-using-it.md
new file mode 100644
index 0000000..80e9402
--- /dev/null
+++ b/content/bsd/desktop-freebsd-wont-improve-unless-people-are-using-it.md
@@ -0,0 +1,66 @@
+---
+title: "Desktop FreeBSD won't improve unless people are using it"
+category: bsd
+abstract: I have hits from /r/bsd, but almost none of those people are using BSD
+date: 2023-03-29T21:15:51+02:00
+year: 2023
+draft: false
+tags: 
+- FreeBSD
+- Reddit
+---
+Shamelessly, I posted my previous post, [FreeBSD on a Thinkpad Extreme G2](https://d-s.sh/2023/freebsd-on-thinkpad-x1-extreme-g2/) on [/r/bsd Reddit](https://www.reddit.com/r/BSD/comments/124v5cm/freebsd_on_a_thinkpad_x1_extreme_g2/).
+
+The result, some 24 hours later, is 100 visitors. Out of that 100, 57 are using a desktop. Out of that 57, only 2 used FreeBSD—2%. No other BSDs are recorded.
+
+People who are into BSD don't use BSD. This seems to be a reason for lacking hardware support. If no one uses FreeBSD, no one will encounter those problems. If no one encounters them, no one will fix them.
+
+### Update 2023-04-14
+
+The article, got quite the round around the internets, gathering some interests from [Reddit](https://old.reddit.com/r/freebsd/comments/126fvkz/desktop_freebsd_wont_improve_unless_people_are/), [Hacker News](https://news.ycombinator.com/item?id=35378367), Twitter, Discover BSD or [Vermaden](https://vermaden.wordpress.com/2023/04/03/valuable-news-2023-04-03/). With all that interest come quite a few questions and comments. The following is an attempt to summarize it all.
+
+### People who use FreeBSD don't care about FreeBSD hardware
+
+This makes perfect sense. If your FreeBSD installation on X220 works flawlessly, you may not care about anything more modern. But there will come a time when you will need to replace the hardware. 
+
+{{<img-pull-right "freebsd-beastie.png">}}
+This comment, however, came as a proof that the sample from my blog is invalid. This may be the case, but I don't buy it. All traffic on the aforementioned post came from Reddit's BSD forum. It's the one place where you could expect that people using BSD would hang. It may also be that it's quite a random sample - it's small, and people who have yet to become into BSD but are BSD-curious opened my blog post. I am in no place to debunk or confirm this. I, however, know that many people presenting at FreeBSD conferences do it using Macs or Windows. So even if the numbers are dubious, the overall feeling remains sorrowful.
+
+To add to the above: there are also stats for the commented opinion piece. Two hundred forty-four people opened it from /r/freebsd. Of that, 24 people were using FreeBSD, and just 2 were using OpenBSD.
+
+### Your statistics may be invalid as people mask their browser agent.
+
+This also may be the case. Why, then, is the referer not spoofed? It's a much more invasive data point than the underlying OS. But I'm a simple Firefox user, never used Librewolf. 
+
+### FreeBSD is a server OS
+
+Yeah, this is the sentiment I've read before jumping aboard. My problem with this idea is that each and every FOSS OS is a value in itself. The current poster boy, Linux, also had huge problems getting to work on various machines. In my opinion, it's limiting OS to a single use case is a completely valid point - your use case for FreeBSD is on a server, and this is where it currently shines (or not, depending on your experience). Some folks despise allocating any FreeBSD dev time to the desktop as there are many server issues.
+
+But again, I don't see it this way. Limiting FreeBSD to the server only is short-lighted. Unless you are already powering your servers with BSD, there will always be a question, "Why not Linux. It's what everyone else is doing". And Linux got into its current position not by being a great server machine but rather by attracting the interest of some very skillful people. And it did it by allowing more and more people to free themselves from Windows on their machines.
+
+I see FreeBSD problems as having two primary causes: the [Unix wars](https://en.wikipedia.org/wiki/Unix_wars) of the past and limited resources now. If FreeBSD were easier to use on a wide range of end-user machines (which tend to be laptops), the easier it would for people to want to develop it. BSDs are now a far second choice. Why would someone invest time? They may fall in love with the OS, but unless they try it, it will never happen.
+
+### I like our small userbase
+
+I'm as elitist as the other person. [DWM](https://dwm.suckless.org/) stated that
+
+> "This keeps its userbase small and elitist. No novices asking stupid
+questions."
+
+I can't find this quote anymore, but the sentiment seems similar. However, there are two aspects here.
+
+FreeBSD comes with no graphical interface by default. This makes it much closer to minimalist distros than Ubuntu. This still allows anyone to feel like a hacker.
+
+The second, however, is that some problems are unsolvable by end-user. Writing drivers is EXTREMELY difficult, and, as I've recently learned (thanks, Jeff!), this is especially true when it comes to WiFi drivers, as there is no open implementation. This means that any progress requires a trial-and-error process based on reverse engineering. No one without deep knowledge of low-level programming will be able to make any progress, and even those few will need people with real hardware for testing.
+
+### Hardware support is years behind Linux
+
+Yes, and this is what I was referring to.
+
+### Why would anyone use BSD on a desktop?
+
+It's a great system, just needs a lot of work on hardware support :-)
+
+### Your post is worthless, and only the comments are interesting
+
+It's more than I anticipated. That post was small and written without any deeper research. But the discussion around it makes me believe that I hit something real.
diff --git a/content/bsd/early-freebsd-thoughts.md b/content/bsd/early-freebsd-thoughts.md
new file mode 100644
index 0000000..db5ebfb
--- /dev/null
+++ b/content/bsd/early-freebsd-thoughts.md
@@ -0,0 +1,40 @@
+---
+title: "Early FreeBSD Thoughts"
+category: BSD
+abstract: I've been using FreeBSD on my server for the last few weeks and I like it!
+date: 2023-02-15T20:50:01+01:00
+year: 
+draft: false
+tags:
+- FreeBSD
+- NIX
+- VPS
+- pkg
+- ports
+- rc
+---
+Early FreeBSD thoughts
+
+I'm leaning more and more towards joining the [FreeBSD](https://www.freebsd.org/) crowd. 
+
+The community is small and welcoming, and I'm driven towards more minor groups. But I was surprised to find out hoh welcoming it was. People seem to be actually happy to help a noob -something the Linux crowd forgot how to do.
+
+{{<img-pull-right "freebsd-beastie.png" "FreeBSD Bestie">}}
+Another aspect is the documentation. People say it's excellent, and I consider it to be selling short. I'm reading [The Official Handbook](https://docs.freebsd.org/en/books/handbook/). It starts with the assumption that the reader has close to 0 knowledge but never treats him as a moron. And chapter by chapter explains how and why things work this way. It may not be for everyone, as you are expected to want to learn - but it is invaluable if you are in the target group. It's worth reading even if you don't want to move to BSD, as a lot applies to other NIXs, like Linux.
+
+And, of course, the system itself. I've been using unix-inspired OSs exclusively for over a decade (and quite often before that). FreeBSD is so close, that from day 0, I am able to navigate it. And what I see is a very well-thought system without many pitfalls Linux fell into. Just two examples that strike me the most.
+
+In Linux, the root partition is a mess. System and userland are intertwined, and I wonder if anyone understands where things should go. Just look at how many explanations of the structure there are! Should this particular config be in /var/ or maybe in /etc/? AFAIK there are no generic guidelines, just tribal knowledge. If FreeBSD, there's a [dedicated chapter](https://docs.freebsd.org/en/books/handbook/basics/#dirstructure) in the documentation! There's also a strict rule where userland should live - in /usr. Everything you install goes to /usr - the executables, the configs, etc. Finally, a new user can experiment without fearing breaking the system!
+
+The other one is the `rc` subsystem. The Linux world has a neverending war between Systemd and, well, everything else. Here? The system itself dictates how to manage the cattle - elegantly and logically.
+
+{{<img-center "freebsd13-bootloader.png" "it even comes with bootloader baked in" "https://en.wikipedia.org/wiki/File:FreeBSD_13.0_boot_loader_screenshot.png">}}
+
+FreeBSD comes with two package managers: pkg and ports. Pkg is a standard replacement for brew/apt/pacman or whatever else is there. What is nice is that the user can configure to use packages updated quarterly or the latest. Want to have a stable infrastructure? Go with quarterly - bug fixes will be included in between updates. Want modern thingies? Go with the latest. My biggest issue with Ubuntu and its derivatives is how far behind the packages in apt are, as they are tied to the yearly distro update circle. You can mitigate this by using personal repositories, but those are a nuance to set up. FreeBSD comes prepared for servers and workstations at the same time.
+
+And then there are ports for the demanding crowd. Since BSD is semi-compatible with Linux, you can compile most of its software. But there are some differences, so it requires some manual configuration or looking for dependencies. Or rather, it would, as FreeBSD has you covered. Ports is a single repository with makefiles for different projects tailored for the system. You can either compile anything with default settings or adjust the parameters easily. Want Firefox without JS support? Why not! I have yet to use ports, as they seem excessive for my humble VPS, but I love the idea.
+
+So, you have the best features from Ubuntu (stable versions), Arch (cutting edge), and from Gentoo (compile from source code) right at your disposal. 
+
+I am **this** close to installing FreeBSD on my personal computer. My work-issued Macbook is [already running a BSD derivative](https://en.wikipedia.org/wiki/Darwin_(operating_system)#Kernel)... for better or worse.
+
diff --git a/content/bsd/first-time-the-zfs-saved-me.md b/content/bsd/first-time-the-zfs-saved-me.md
new file mode 100644
index 0000000..77a5cb9
--- /dev/null
+++ b/content/bsd/first-time-the-zfs-saved-me.md
@@ -0,0 +1,31 @@
+---
+title: "First Time the ZFS Saved Me"
+category: bsd
+abstract: Automatic snapshot saved me from a full system reinstalation
+date: 2023-03-18T06:04:33+01:00
+year: 2023
+draft: false
+tags:
+- FreeBSD
+- ZFS
+---
+{{<img-pull-right "zfs-logo.png">}}
+As I was recently trying to [enable auto-switching audio to headphones](/2023/switching-between-speakers-and-headphones-on-freebsd/), I borked my FreeBSD installation. Somehow the speakers stopped working, and the headphone output added a loud hiss. Unfortunately, I was unable to fix it.
+
+My first thought was to reinstall the system, but then I remembered that I've read about [ZFS Snapshots](https://docs.oracle.com/cd/E19253-01/819-5461/gbcya/index.html).
+
+```
+zfs list -t snapshot
+```
+
+revealed that FreeBSD has already created a few of those recently. I knew this OS and ZFS go hand in hand, but I was still pleasantly surprised.
+
+To return the system to a previous version, all I had to do was 
+
+```
+zfs snapshot <name>
+```
+
+and my system stopped responding. I was in X, so that's entirely on one. But the rollback was so instantaneous that my first thought was that something fried.
+
+After a good, old hard reset, everything worked as it was a few days ago. ZFS very well may be my new best friend.
diff --git a/content/bsd/freebsd-13-2-was-released-and-broke-my-resume.md b/content/bsd/freebsd-13-2-was-released-and-broke-my-resume.md
new file mode 100644
index 0000000..cb4434c
--- /dev/null
+++ b/content/bsd/freebsd-13-2-was-released-and-broke-my-resume.md
@@ -0,0 +1,20 @@
+---
+title: "FreeBSD 13.2 was released and broke my resume"
+category: BSD
+abstract: There's a new version and new problems for me
+date: 2023-04-11T16:10:29+02:00
+year: 2023
+draft: false
+tags:
+- FreeBSD
+- WiFi
+- iflwifi
+---
+{{<img-pull-right "freebsd-beastie.png">}}
+A new version of FreeBSD was released today, 13.2-RELEASE.
+
+The update went smoothly on my laptop, and there are a lot of updates in pkg. Unfortunately, my fix for [black screen after resume](/2023/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd/) stopped working. I had no time to debug it yet, so there is no bug report yet from my side.
+
+The drivers for iflwifi were updated, so I was hoping that maybe the [WiFi experience](https://d-s.sh/2023/freebsd-on-modern-intel-wifi-cards-and-resume/) would be better, but since the sleep/resume cycle is not working, I am unable to test it.
+
+Full release notes can be found on the [FreeBSD website](https://www.freebsd.org/releases/13.2R/relnotes/).
diff --git a/content/bsd/moved-to-openbsd.md b/content/bsd/moved-to-openbsd.md
new file mode 100644
index 0000000..e9a35fb
--- /dev/null
+++ b/content/bsd/moved-to-openbsd.md
@@ -0,0 +1,317 @@
+---
+title: "Live from OpenBSD in Amsterdam"
+category: "bsd"
+abstract: 
+date: 2023-07-19T12:27:54+02:00
+year: 
+draft: false
+tags:
+- OpenBSD
+- httpd
+- relayd
+- acme
+- lets-encrypt
+- vps
+- amsterdam
+- plausible
+- plaprox
+---
+
+
+This site, in its infancy, was running Debian on Linode. Then I moved [^fbsd] to [FreeBSD](https://freebsd.org)  on Vultr. Today marks a day of another migration: hello from [OpenBSD](https://www.openbsd.org/) running on [OpenBSD Amsterdam](https://openbsd.amsterdam/).[^bloggers]
+[^fbsd]: [Early FreeBSD Thoughts](https://michal.sapka.me/2023/early-freebsd-thoughts/) 
+[^bloggers]: for technical folks, tinkering with their sites is just as fun as making them. I still have to create a "Yet Another Blog System", but discovering BSD was a great award in itself.
+
+## OpenBSD
+
+{{<img-pull-right "openbsd.png" "OpenBSD logo">}}
+OpenBSD is one of the three most popular BSD distributions. While [NetBSD](https://www.netbsd.org/) focuses on running on obscure hardware[^netbsd], and [FreeBSD](https://freebsd.org) has ZFS as its killer feature, OpenBSD is all about security[^security]. I was very happy with FreeBSD, but at the same time, I was never fully confident in my ability to configure it securely. Not that my server hosts anything of real value[^mwl-mail], but I still wouldn't like a machine I administer to become a cog in some botnet. Between learning forensics and a new OS, the latter seems nicer.
+[^mwl-mail]: at least until "[Run Your Own Mail Server](https://www.tiltedwindmillpress.com/product/ryoms-esponsor/)" finally lands in my digital hands
+[^netbsd]: There is a semi-widely known story about running NetBSD on a [toaster](https://www.embeddedts.com/blog/netbsd-toaster-powered-by-the-ts-7200-arm9-sbc/). It may not support a modern WiFi card, but if the device is old, you can run NetBSD on it.
+[^security]: At least officially. In reality, I'm test-driving it on my laptop and have much fewer problems than with FreeBSD[^tphistory].
+[^tphistory]: You may want to check my writing about this epic fight - [FreeBSD on Thinkpad X1 Extreme G2](https://michal.sapka.me/2023/freebsd-on-thinkpad-x1-extreme-g2/).
+
+OpenBSD's official project goal[^goals] states that even though they aim to provide the most secure OS, each developer has their own goals and can freely pursue them as long as the project adheres to these goals. It's a very different approach to what we see anywhere else. There is no 10-year roadmap and constant consultations. Instead, we have a hacker-oriented[^hackathon] culture. This resulted in multiple projects having their inception in OpenBSD, like [OpenSSH](https://www.openssh.com/) or [LibreSSL](https://www.libressl.org/).
+[^goals]: [OpenBSD Project Goals](https://www.openbsd.org/goals.html)
+[^hackathon]: enough said that OpenBSD coined the term "Hackathon" before corporations stole it - like the internet.
+
+OpenBSD ships with a secure by-default mindset. All non-essential services are disabled, and those running are using sensible configurations. For example, I had huge problems configuring a firewall on FreeBSD, especially for IPv6[^ipv6]. On OpenBSD, it was much simpler.
+[^ipv6]: [Fixing IPv6 and securing the domain](https://michal.sapka.me/2023/fixing-ipv6-and-securing-the-domain/)
+
+OpenBSD being a BSD, provides a complete system - system and user space are developed together. No GNU tools are needed, as everything comes together. At the same time, BSDs come with a lot of surprising things out of the box. FreeBSD wowed me with Jails[^jail].
+[^jail]: Jails are FreeBSD containerization mechanisms based solely on chroot(8). Ever since I learned how simple it can be, I started vocalizing my disgust for Docker.
+
+All in all, a lot of things I've learned on FreeBSD are easily transplantable to OpenBSD. They say that all BSDs are separate OSes, a stark difference from distributions of GNU/Linux. I fail to see it, as so much works the same. The package manager of FreeBSD may be more modern, and the separation between system space and user sapce[^hier] is not so evident here, but so many things work the same. I can not pretend to be a pro-BSDer, but I fail to see evidence of them diverging so narrowly to call them completely different OSes. But then again, maybe it's just my poor judgment and love for POSIX.
+[^hier]: vide hier(7)of [OpenBSD](https://man.openbsd.org/hier) and of [FreeBSD](https://man.freebsd.org/cgi/man.cgi?hier(7))
+
+And still no SystemD(1) in sight. I don't have enough willpower to learn forensics or Rust, not even to mention an OS-level complex PID1 process.
+
+## OpenBSD Amsterdam
+
+{{<img-pull-right "openbsd-amsterdam.png" "OpenBSD Amsterdam logo">}}
+I had a similar exodus of server providers. First, it was Linode, then Vultr. Linode became useless when I wanted to try BSD. Vultr was great as it provided images of FreeBSD and OpenBSD for its VMs. But why stop halfway? Vultr doesn't use BSD as the base system. While it may not be a big deal, I've recently learned of [OpenBSD Amsterdam](https://openbsd.amsterdam/).[^aws]
+[^aws]: notice the lack of Amazon Web Services. Screw them. They have almost all of the interwebs in their server farm, but they will not have this blog!
+
+OpenBSD Amsterdam is a small company based in (to the surprise of everyone reading this) Amsterdam. What's even better is that they serve OpenBSD VMS from OpenBSD hosts via vmm(4) and vmd(8) - a small virtualization driver baked into OpenBSD. Cool.
+
+What's even cooler is that they give a significant part of their earnings to the [OpenBSD Fundation](https://www.openbsdfoundation.org/).
+
+I could not resist, and a day after learning about them, I had already paid for a full year.
+
+## Httpd(8) and Relayd(8)
+
+So here we are: OpenBSD VM. What now? Let's configure a webserver!
+
+OpenBSD comes with three great tools out of the box:
+
+- httpd(8) - an HTTP daemon
+- relayd(8) - a relay daemon
+- acme-client(1) - a client for Automatic Certificate Management Environment (ACME)
+
+With those free things, we can serve static webpages over TLS. While you most likely already use [NGINX](https://www.nginx.com/) or o[Apache](https://httpd.apache.org/)[^win], those solutions are complex. They work amazingly in enterprise environments where you have people with doctorates in NGINX configuration, but most real-world examples don't need that complexity. A static blog most likely doesn't.
+[^win]: because there is no fourth way. Please repeat after me: there is no webserver in Windows.
+
+Let's set it up.
+
+Due to security concerns, OpenBSD comes with doas(1) instead of sudo(1). Copy `/etc/examples/doas.conf` file to `/etc/doas.conf`. For all intends, and purposes, from now on doas(1) will work the same as sudo(1).
+
+When the system boots for the very first time, ports 80 and 443 are closed, and only the SSH port is open. This alone was a nice surprise for me. But it gets better: since all utilities are part of the OSes, they work together perfectly.
+
+Assuming your domain is already pointing at the correct IPs, let's start listening for unencrypted HTTP traffic. I will use "michal.sapka.me" as the domain in all examples.
+
+First, Open `/etc/httpd.conf` in your favorite editor and add
+
+{{<highlight shell "linenos=inline">}}
+server "michal.sapka.me" {
+   listen on * port 80
+   root "/htdocs/michal-sapka-me"
+}
+{{</highlight>}}
+
+Then create a simple HTML file under `/var/www/htdocs/michal-sapka-me/index.html`.
+
+Httpd(8) works chrooted to /var/www/, so it threats this directory as root. This makes the "root" option shorter to write, but it also means that the process doesn't have access to anything outside of /var/www/. Even if an attacker can break in via the daemon, he will be locked in the www folder, so there is no risk to the rest of the system. As I said, OpenBSD is secure by default[^nginx-sec].
+[^nginx-sec]: The ports collection of OpenBSD contains a fork of NGINX with a similar security treatment.
+
+All we need to do now it to enable the daemon via the handy rcctl(8) tool.
+
+{{<highlight shell>}}
+$ doas rcctl enable httpd
+{{</highlight>}}
+
+and to start it
+
+{{<highlight shell>}}
+$ doas rcctl start httpd
+{{</highlight>}}
+
+And boom. Opening http://michal.sapka.me shows on our site both on IPv4 and IPv6. One thing to note here is the limitation of up to HTTP 1.1. HTTP 2 is not supported.
+
+Let's add TLS, so we have this cute lock icon. For this, we will request a certificate from [Let's Encrypt](https://letsencrypt.org/) using acme-client(1). If you used certbot, this will look familiar - just tidier.
+
+First, let's add config to `/etc/acme-client.conf`
+
+{{<highlight shell "linenos=inline">}}
+authority letsencrypt {
+        api url "https://acme-v02.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+authority letsencrypt-staging {
+        api url "https://acme-staging.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-staging-privkey.pem"
+}
+
+domain michal.sapka.me {
+       domain key "/etc/ssl/private/michal.sapka.me.key"
+       domain full chain certificate "/etc/ssl/michal.sapka.me.crt"
+       sign with letsencrypt
+}
+{{</highlight>}}
+
+Lines 1-9 tell our acme-client(1) how to talk with Let's Encrypt, while lines 11-15 allow us to request a certificate for our domain. OpenBSD comes preconfigured for Let's Encrypt, so we just enable provided settings. 
+
+Nice! Next, we need to allow Let's Encrypt challenges. Acme-client(1) will manage all required files, and Let's Encrypt can read them via httpd(8). Again, like cogs in a well-oiled machine. By default, acme-client(1) will write to `/var/www/acme`, so we need to redirect `/.well-known/acme-challenge/*` there. Let's change our `httpd.conf`:
+
+{{<highlight shell "linenos=inline">}}
+server "michal.sapka.me" {
+   listen on * port 80
+   root "/htdocs/michal-sapka-me"
+   
+   location "/.well-known/acme-challenge/*" {
+      root "/acme"
+      request strip 2
+    }
+}
+{{</highlight>}}
+
+We can now either restart httpd(8) or reload it. Let's for the latter.
+
+{{<highlight shell>}}
+$ doas rcctl reload httpd
+{{</highlight>}}
+
+Now we can request the certificates
+
+{{<highlight shell>}}
+$ doas acme-client -v michal.sapka.me
+{{</highlight>}}
+
+OpenBSDs supplied tools don't print unnecessary information to the user, so we add the `-v` to see what's happening. Assuming everything went fine, let's start serving the page with TLS!
+
+For this, we will use relayd(8). We could use only httpd(8), but moving it one layer up is easier. Relayd(8) also gives us nice options for changing headers or moving some locations to a different process, like we will do with Plaroxy soon. This also shows us the big difference between this simple solution and NGINX: while NGINX shovels everything into one process and config, OpenBSD splits it into narrow focus areas.
+
+Let's open `/etc/relayd.conf` and add:
+
+{{<highlight shell "linenos=inline">}}
+table <httpd> { 127.0.0.1 }
+
+http protocol "https" {
+    tls keypair "michal.sapka.me"
+
+    match request quick header "Host" value "michal.sapka.me" forward to <httpd>
+}
+
+relay "https" {
+    listen on 0.0.0.0 port 443 tls
+    protocol https
+    forward to <httpd> port 8080
+
+}
+relay "https6" {
+    listen on :: port 443 tls
+    protocol https
+    forward to <httpd> port 8080
+}
+{{</highlight>}}
+
+Now, I won't go into much detail here, but what happens here is:
+1. We create two relays, one for ipv4 and one for ipv6. One relay can listen on a single port for given IP. Each relay uses protocol "https" to modify and steer the request to a given process.
+2. Both relays set up forwarding to httpd (IP taken from the table on the head of the file) on port 8080.
+3. https protocol adds a TLS key pair for the session. We've got the files from Let's Encrypt in the step above.
+4. We then test each request, and if the host matches "michal.sapka.me" it will be forwarded to httpd(8). 
+
+You can also see that relayd(8) can listen on a given IP or all IPs (:: in case of IPv6)
+
+But our httpd(8) listens only on port 80! Let's fix that by changing the `httpd.conf` file:
+
+{{<highlight shell "linenos=inline">}}
+server "michal.sapka.me" {
+   listen on * port 8080
+{{</highlight>}}
+
+We also need to redirect HTTP to HTTPS. Since we use Relayd(8) only for HTTPS, this will be done in httpd(8). Let's add a second server to our `httpd.conf`:
+
+{{<highlight shell "linenos=inline">}}
+server "michal.sapka.me" {
+        listen on * port 80
+        location * {
+                block return 301 "https://$HTTP_HOST$REQUEST_URI"
+        }
+}
+{{</highlight>}}
+
+Now, when the user enters the site, the flow will look like:
+
+1. httpd(8) will respond to :80 requests and return a 301 redirect to HTTPS
+2.  relayd(8) will catch the request to :443 and forward it on port :8080 to httpd(8)
+3.  httpd(8) will serve our site and pass the response to relayd(8) again
+4. relayd(8) can modify headers before returning the response to the client.
+
+Talking about modifying headers, let's apply some extra security! We can expand our https protocol with the following:
+
+{{<highlight shell "linenos=inline">}}
+ # Return HTTP/HTML error pages to the client
+    return error
+    match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
+    match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
+    match response header remove "Server"
+    match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains"
+    match response header append "X-Frame-Options" value "SAMEORIGIN"
+    match response header append "X-XSS-Protection" value "1; mode=block"
+    match response header append "X-Content-Type-Options" value "nosniff"
+    match response header append "Referrer-Policy" value "strict-origin"
+    match response header append "Content-Security-Policy" value "default-src https:; style-src 'self' \
+      'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'"
+    match response header append "Permissions-Policy" value "accelerometer=(), camera=(), \
+      geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
+
+    # set recommended tcp options
+    tcp { nodelay, sack, socket buffer 65536, backlog 100 }
+
+    # set up certs
+    tls { no tlsv1.0, ciphers "HIGH:!aNULL:!SSLv3:!DSS:!ECDSA:!RSA:-ECDH:ECDHE:+SHA384:+SHA256" }
+{{</highlight>}}
+
+I won't discuss details here as each header has a dedicated MDM webdoc. Most of the headers here are considered a standard.
+
+Besides adding headers, we configure TLS here, disabling weak ciphers and old TLS versions and adding some standard config.
+
+Lastly, we can automate refreshing the certificate via cron(8):
+
+{{<highlight shell>}}
+0~59 0~23 * * 1 acme-client michal.sapka.me &&  rcctl reload relayd
+{{</highlight>}}
+
+It looks almost like a normal cron. The "0~59" and "0~29" parts are unique to OpenBSD: Cron(8) will evenly split all tasks between specified time boxes so that no two jobs run simultaneously.
+
+We now have created a fully working web server without any 3rd party packages. All OpenBSD provided, all secure, all simple, all cool as ice.
+
+To further your knowledge, you can challenge the assumption that BSD has the best doc and read man pages for `httpd.conf(5)`, `relayd.conf(5)`, and `acme-client.conf(5)`.
+
+I also can't recommend enough "Httpd and Relayd Mastery" by Michael W. Lucas[^mwl2]
+[^mwl2]: yeah, the one from the top of this article. He's a household name and a staple of the BSD community. I'm primarily a software engineer, and all this sysadmin thing I am doing is a side quest for me. His books make it so much easier. I've already read four of his books, and I will read more as they are amazing. Even a dense person like yours truly comes out smarter after the lecture. While I'm not a [Full Michael](https://www.tiltedwindmillpress.com/product/full-michael-2023-06/) kind of person, it seems my library will soon have a very strong representation of his.
+
+## Plaprox
+
+One thing that OpenBSD doesn't provide (yet?) is an HTTP proxy. I use [Plausible](https://plausible.io/) for basic visitor analytics [^privacy] here, and one of the cool things you can do is to break all adblockers via serving Plausible from my own domain[^adblock]
+[^privacy]: Yes, I want to know what people are reading! For details, refer to my [two sence long privacy policy](https://michal.sapka.me/about/#privacy-policy).
+[^adblock]: yes, it's a dick move. But my reasoning was simple: Plausible gathers so little information that the harm is almost nonexistent, and I really want to know what people are reading.
+
+After two evenings of failed attempts, I reminded myself that I am a programmer, and I wrote one myself. You can find it on my [VCS page](https://vcs.sapka.me/plaprox/). It was a great learning exercise and  a chance to touch Golang[^ruby] for the first time.
+[^ruby]: I am a Ruby developer by trade and heart, but I will try anything that is not an IDE-driven language. LSP for Java/Scala is still a joke, and I refuse to pollute my system with Intellij. [Go](https://go.dev/), on the other hand, is a modern language designed for humans. I am not good at it, but I am infinitetly[^infinit] better than a week ago. 
+[^infinit]: Any positive number would be infinite progress compared to zero, or as an old wise man once said: "to have a nickel and to not a nickel is already two nickles".
+
+Assuming you have it running (it works on my machine!), let's adjust our relayd(8). Plaprox listens on port 9090, and we want to relay all requests to `/js/script.js` there.
+
+Let's add it to our relays in `relayd.conf`:
+
+{{<highlight shell "linenos=inline">}}
+table <plausibleproxyd> { 127.0.0.1 }
+
+http protocol "https" {
+    
+   # all our previous content omitted
+
+    match request quick path "/js/script.js"  forward to <plausibleproxyd>
+    match request quick path "/api/event"  forward to <plausibleproxyd>
+}
+
+
+relay "https" {
+    listen on 0.0.0.0 port 443 tls
+    protocol https
+    forward to <httpd> port 8080
+    forward to <plausibleproxyd> port 9090
+}
+relay "https6" {
+    listen on :: port 443 tls
+    protocol https
+    forward to <httpd> port 8080
+    forward to <plausibleproxyd> port 9090
+}
+{{</highlight>}}
+
+You can also move the port number to a table.
+
+Remember that in Relayd(8) last one wins. We already have a match for the domain and added another matcher for the path. The request will be forwarded to the last marching matcher - so we put our new matchers at the end of the protocol definition.
+
+## Next
+
+What are my next steps? It looks like OpenBSD much better supports the hardware of my laptop than FreeBSD, so I'll try to migrate it.
+
+## Updates
+
+2023-07-28: remove wrong information abot PF.
+2023-07-30: fix invalid cron format
+
diff --git a/content/bsd/open-bsd-7-3-was-released-today.md b/content/bsd/open-bsd-7-3-was-released-today.md
new file mode 100644
index 0000000..0e4c94c
--- /dev/null
+++ b/content/bsd/open-bsd-7-3-was-released-today.md
@@ -0,0 +1,18 @@
+---
+title: "Open Bsd 7 3 Was Released Today"
+category: bsd
+abstract: New version was released
+date: 2023-04-10T19:12:59+02:00
+year: 2023
+draft: false
+tags:
+- OpenBSD
+---
+{{<img-pull-right "open-bsd-7-3.png">}}
+A new version of OpenBSD was released today. OpenBSD is the security-focused BSD. 
+
+LibreSSH and OpenSSH were bumped.
+
+The full [changelog](https://www.openbsd.org/73.html) can be found on the official website.
+
+As always, there is a [cool artwork](https://www.openbsd.org/images/DryGarden.png).
diff --git a/content/bsd/thinkpad/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd.md b/content/bsd/thinkpad/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd.md
new file mode 100644
index 0000000..e30d3cf
--- /dev/null
+++ b/content/bsd/thinkpad/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd.md
@@ -0,0 +1,36 @@
+---
+title: "Fixing Resume on ThinkPad X1 Extreme G2 on FreeBSD due to integrated graphic card"
+category: bsd
+abstract: you need to load the driver
+date: 2023-02-27T10:27:55+01:00
+year: 2023
+draft: false
+tags: 
+- ThinkPad
+- FreeBSD
+- tutorial
+---
+*This applies to FreeBSD 13.1*
+
+Recently I [posted](/2023/freebsd-on-thinkpad-x1-extreme-g2/) about my problems with FreeBSD. One of them was resume. After installing FreeBSD, I was able to put my laptop to sleep via
+
+```
+acpiconf -s 3
+```
+
+And this worked fine. However, I was not able to resume it back from sleep. After pressing the power button laptop woke, but the screen was still black. I could `reboot`, and it would work, so only the screen was the problem.
+
+After asking about this on [FreeBSD Forums](https://forums.freebsd.org/threads/resume-on-thinkpad-x1-extreme-g2-ends-in-black-screen.88162/), [bsduck](https://forums.freebsd.org/members/bsduck.61635/) and [smithi](https://forums.freebsd.org/members/smithi.71028/) pointed me to dedicated drivers for the integrated Intel GPU. And it worked like a charm.
+
+All I had to do was:
+
+```
+# pkg install drm-kmod
+# sysrc -f /etc/rc.conf kld_list+=i915kms 
+# reboot
+```
+
+(via [FreeBSD wiki](https://wiki.freebsd.org/Graphics#Intel_Integrated_Graphics_.28aka_HD_Graphics.29)). 
+
+Now the computer can sleep and resume without any problems. At least when using [sleep mode 3](https://man.freebsd.org/cgi/man.cgi?acpiconf(8)). The 4th doesn't work for me at all.
+
diff --git a/content/bsd/thinkpad/fixing-thinkpad-x1-wifi-on-freebsd.md b/content/bsd/thinkpad/fixing-thinkpad-x1-wifi-on-freebsd.md
new file mode 100644
index 0000000..6945ff5
--- /dev/null
+++ b/content/bsd/thinkpad/fixing-thinkpad-x1-wifi-on-freebsd.md
@@ -0,0 +1,42 @@
+---
+title: "Fixing ThinkPad X1 Wifi on Freebsd"
+category: "bsd"
+abstract: replacing a wificard fixes everything
+date: 2023-08-03T09:35:36+02:00
+year: 2023
+draft: false
+tags:
+- ThinkPad
+- FreeBSD
+- Intel
+- WiFi
+---
+As much as I like FreeBSD, my laptop has mostly sat dormant for the last few weeks. It rocked an AX200, an excellent WiFi adapter unless you want to use it in FreeBSD. There were three reasons for this, with one primary cause:
+1. WiFi speeds up to WiFi 2,
+2. inability of the system to resume after suspend
+3. occasional kernel panics
+
+Long story short[^wifiart], the firmware is yet to be properly reverse-engineered, and the card is still unsupported[^lies]. The team can't simply copy the Linux driver due to BSD/GPL license incompabilities[^openbsd], so the work needs to continue.
+[^wifiart]: Vide [FreeBSD on modern Intel WiFi cards and resume](/2023/freebsd-on-modern-intel-wifi-cards-and-resume/)
+[^lies]: technically [it is](https://wiki.freebsd.org/WiFi/Iwlwifi), but no real use case is feasable.
+[^openbsd]: The OpenBSD team had no such problems, and the drivers are downloaded during installation and work out of the box.
+
+Luckily, ThinkPads are still good laptops, and the card was not soldered. So, there was a way: buy a better-supported card and just replace it.
+
+Unfortunately, Lenovo is not a good company. You can't simply buy any random card matching the port and be sure it will work. The BIOS has a whitelist of supported hardware, and if it detects anything outside of this list, the machine won't boot.
+
+Lenovo's support proved itself useless. I tried to contact them and get the list of whitelisted WiFi adapters, but at first, they had no idea what am I talking about, and when we finally got on the same page, they started to ignore me. After a few nags met with silence, I just gave up and ordered a used [Intel AC 9260](https://www.intel.com/content/www/us/en/products/sku/99445/intel-wirelessac-9260/specifications.html).
+
+Have I mentioned that ThinkPads are still good devices? Replacing the WiFi adapter was sparkly[^spark] but easy. Just pop the two antenna connectors, unscrew a single screw, remove the card, and do the same in reverse for the new one. Try to do that with a MacBook![^battery]
+[^spark]: don't be a moron like me and disable the internal battery in BIOS before randomly poking the motherboard with a metal screwdriver.
+[^battery]: or with battery. I'm replacing mine in a few days. If I went with Apple, I would need to go to a service station as my ungluing skills are nonexistent.
+
+{{<img-center "intel-ac9260.jpg" "Sitting and working nicely">}}
+
+Then, with a single reinstall[^reinstall] of the system, everything started working. I'm still limited to WiFi 2, but it works over 5GHz. It's a small problem because my system can finally suspend and resume. I no longer need to power off/power on all the time because it's no longer necessary. I no longer need to be annoyed by the booting speed[^systemd] because it will no longer be a constant sight for me. I also have a (not backed by any analysis) feeling that the laptop runs colder.
+[^reinstall]: I'm a simple bare metal guy and was toying with OpenBSD. I don't know if a reinstall would be required if I had a working FreeBSD.
+[^systemd]: Which is one of the few good things about [systemd](https://michal.sapka.me/2023/systemd-is-fast/)
+
+With this, I am now a two BSD[^golang] guy: [OpenBSD](/2023/moved-to-openbsd/) on the server and FreeBSD on the computer. Why not go fully into one? Mostly, BSDs are cool, and it's nice to get to know each other. But also each of them has its strengths and weaknesses. OpenBSD is secure, has httpd/relayd and modern PF[^pf] but a smaller number of ported software, no ZFS, and finding answers on the information highway is more difficult. For a server, those are non-issues, as I have no intention of installing random crap there. But for my computer, I want to experiment more. I will break the system so  ZFS will be a great addition. And having more applications ready to `pkg install` will make it this much nicer.
+[^golang]: I could have learned to Go, but I chose a totally unmarketable skill for a programmer. I think it makes it even cooler.
+[^pf]: I am currently reading "[The Book of PF](https://nostarch.com/pf3)" so I can have any benefit. Great book. Would recommend.
diff --git a/content/bsd/thinkpad/freebsd-configuring-nvidia-and-xorg-on-thinkpad-x1-extreme-g2.md b/content/bsd/thinkpad/freebsd-configuring-nvidia-and-xorg-on-thinkpad-x1-extreme-g2.md
new file mode 100644
index 0000000..68254d0
--- /dev/null
+++ b/content/bsd/thinkpad/freebsd-configuring-nvidia-and-xorg-on-thinkpad-x1-extreme-g2.md
@@ -0,0 +1,73 @@
+---
+title: "FreeBSD: configuring NVIDIA and Xorg on Thinkpad X1 Extreme G2"
+category: bsd
+abstract: A tutorial for making Nvidia work on FreeBSD 
+date: 2023-03-04T04:40:17+01:00
+year: 2023
+draft: false
+tags:
+- FreeBSD
+- NVIDIA
+- XOrg
+- tutorial
+---
+First, the bad news: I could not make FreeBSD work with Hybrid Graphics, so I use only the discrete one. To ensure this, open BIOS and 
+
+1. Configuration
+2. Display
+3. Graphics Device
+4. select `Discrete Graphics`
+
+Then, log in as root and install the drivers:
+
+```
+# pkg install nvidia-driver nvidia-xconfig
+```
+
+The next step is to enable the drivers.
+
+```
+# sysrc kld_list+=nvidia
+# sysrc kld_list+=nvidia-modeset
+```
+
+Some people advise adding Linux (`# sysrc kld_list+=linux`) to kld_list, but I got my GPU working without that.
+
+After that, either load the drivers manually or give the computer an old, good reboot.
+
+Login as root again and use the NVIDIA configurator to get Xorg configured.
+
+```
+# nvidia-xconfig
+```
+
+Then try starting your desktop environment, windows manager, or startx. You may be done, but I got an error about `Screen not found`. Tell Xorg where the NVIDIA GPU is if you have the same problem. Try probing the system for GPUs
+
+```
+# pciconf -l | grep vga
+```
+
+You will see one on more elements on the list. The critical part is in the first column, for example:
+
+```
+vgapci0@pci0:1:0:0
+```
+
+Our GPU is available under BUS 1:0:0 (we skip the first 0). You may need to try different elements from the list.
+
+> For PCI/AGP cards, the bus−id string has the form PCI:bus:device:function (e.g., “PCI:1:0:0” might be appropriate for an AGP card).
+>
+> [xorg documentation](https://www.x.org/releases/X11R7.7/doc/man/man5/xorg.conf.5.xhtml#heading10)
+
+Open `/etc/X11/xorg.conf`, look for `Section "Device"` and add:
+
+``` 
+BusID      "PCI:1:0:0"
+```
+
+In my case, everything worked fine after that.
+
+Notes:
+
+I learned the BUS trick from [Nude Systems](https://nudesystems.com/how-to-fix-no-screen-found-xorg-error-on-freebsd/)
+
diff --git a/content/bsd/thinkpad/freebsd-on-modern-intel-wifi-cards-and-resume.md b/content/bsd/thinkpad/freebsd-on-modern-intel-wifi-cards-and-resume.md
new file mode 100644
index 0000000..f5c402b
--- /dev/null
+++ b/content/bsd/thinkpad/freebsd-on-modern-intel-wifi-cards-and-resume.md
@@ -0,0 +1,25 @@
+---
+title: FreeBSD on modern Intel WiFi cards and resume.
+category: bsd
+abstract: FreeBSD has a lot of problems with WiFi card
+date: 2023-03-15T09:19:52+01:00
+year: 2023
+draft: false
+tags:
+- FreeBSD
+- Thinkpad
+- WiFi
+- resume
+- Intel
+- AX200
+---
+{{<img-pull-right "freebsd-beastie.png" "FreeBSD Bestie">}}
+I'm enjoying FreeBSD on my Thinkpad X1 Extreme G2 (and I say the full name just for SEO), but I've encountered my first unsolvable problem. This laptop uses an AX200 WiFi card, which drivers are still far from stable. I don't care much for WiFi AC, even though I'd love to be able to use it.
+
+The problem is that after resuming (which I assumed I [have already fixed](/2023/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd/)), the connection dies, and it's impossible to reconnect. It is a [known bug](https://wiki.freebsd.org/WiFi/Iwlwifi), and developers are addressing it, but as it stands, all attempts to reestablish connection end in kernel panic.
+
+Also, this driver is the reason my laptop's fans are doing overwork.
+
+This situation is something I knew could happen when I first installed FreeBSD. It's far less popular than Linux and therefore has much worse driver support. It is, however, an important factor for any other new joiner to the BSD user group.
+
+Gambare, [Bjoern A. Zeeb!](https://wiki.freebsd.org/BjoernZeeb)
diff --git a/content/bsd/thinkpad/freebsd-on-thinkpad-x1-extreme-g2.md b/content/bsd/thinkpad/freebsd-on-thinkpad-x1-extreme-g2.md
new file mode 100644
index 0000000..c037c68
--- /dev/null
+++ b/content/bsd/thinkpad/freebsd-on-thinkpad-x1-extreme-g2.md
@@ -0,0 +1,63 @@
+---
+title: "FreeBSD on a Thinkpad Extreme G2"
+category: bsd
+abstract: it works, but there are some drawbacks
+date: 2023-02-25T06:06:18+01:00
+year: 2023
+draft: false
+tags: 
+- FreeBSD
+- ThinkPad
+- NVIDIA
+- ax200
+---
+
+My wife got a new computer, so I can easily break my laptop whenever I want - so it's time for FreeBSD!
+
+*All this applies to FreeBSD 13.1 at the time of publishing. I'll add links to any additions and errata in the future*
+
+### Installation
+
+The installation process is great. It's more involved than something like Fedora, and some concepts were foreign to me. [Handbook's chapter on installation](https://docs.freebsd.org/en/books/handbook/bsdinstall/) guided me through every step, so there were no problems. Within 15 mins of booting from the USB Drive, I had a working hardened system running on an encrypted ZFS drive with wireless networking and essential services configured.
+
+{{<img-center "freebsd-setup-fs.png" "Partitioning" "https://docs.freebsd.org/en/books/handbook/bsdinstall/">}}
+
+Many things worked out of the box, but not all of them.
+
+### Hardware
+
+Setting X-Org was a breeze. Nvidia drivers are [available and ready to go](https://docs.freebsd.org/en/books/handbook/x11/#x-configuration-nvidia); no additional configuration is necessary.  (*[update: I was wrong, but it is fixed now](#updates)*)
+
+Sound, of all things, work out of the box. Unfortunately, it doesn't auto-switch to headphone output, but there is [a known way to do this](https://freebsdfoundation.org/freebsd-project/resourcesold/audio-on-freebsd/) via device hints.
+
+The integrated camera also works after running `webcamd -d ugen0.2 -i 0 -v 0`. Tested via `pwcview.`
+
+My laptop uses AX200 wireless card, which is [not yet fully supported by the system](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244261). It is recognized and works, but only up to WiFi 3 (g). I'd be ok with WiFi 4(n), but the driver is not ready, and WiFi 5 (AC) [is not supported by the OS](https://wiki.freebsd.org/WiFi/80211ac) at all. Funny enough, it [seems to be supported by OpenBD](https://man.openbsd.org/man4/iwx.4). I have yet to learn how different BSDs intertwine and different. FreeBSD is supposed to be more user-friendly, but it seems not to be the case here. Work on [fully supporting](https://wiki.freebsd.org/WiFi/Iwlwifi)  the card is already planned, but I have no idea when I can expect results. From what I've learned, the team can't reuse code from Linux due to licensing incompatibilities between [GPL](https://www.gnu.org/licenses/gpl-3.0.html) and [BSD license](https://docs.freebsd.org/en/articles/license-guide/).  ([update: there are more problems](#updates))
+{{<img-pull-right "freebsd-beastie.png" "FreeBSD Bestie">}}
+
+This is one of the few instances when I am rethinking my life choices, and I would love to be able to help with C code. Also, Bluetooth on this card is not supported, and there is no work done to address it - but luckily, I am already de-wirelessing my life.
+
+USB devices are detected automatically and mostly work. However, my monitor (Dell P2723QE) has an integrated 1000Base-T ethernet connection, but on FreeBSD, only 100Base-T worked.
+
+Another problem is Suspend/Resume. I can easily [suspend](https://wiki.freebsd.org/SuspendResume) the device, but after resuming it, the screen is still black. This seems to be a known problem across different OSes for this laptop and has some [known warkarounds](https://www.thinkwiki.org/wiki/Problem_with_display_remaining_black_after_resume#Solution_for_ThinkPads_with_Intel_Extreme_Graphics_2) for Linux, but I have no idea how to apply them to BSD. (*[update: there is a fix working](#updates)*)
+
+The biggest problem here is battery drain. I have `power` enabled, but `acpinfo` reports about over 1% per minute. I was getting about the same drain on Arch Linux, but Manajaro acted much better.
+
+I have not tested the fingerprint reader as I've never used it.
+
+### Conclusion
+
+My ThinkPad is far from being a brick under FreeBSD. It is, however, severely hindered. I plan to fix the memory drain and allow for a resume after suspension. This will make it a proper laptop again, as there are always USB dongles when faster WiFi is needed. Dongle town, however, is not what I want in the long term, and I'll need to follow the progress of the driver implementation closely.
+
+It seems that for a desktop computer everything would work.
+
+I'm falling in love with the system and its simplicity and logic. So even if I fail at fixing the above, I'll try to stick with it. And even if I get fed up with the state of hardware support, I'll keep FreeBSD as a secondary system.
+
+For personal servers, however, I see no way of abandoning BSD.
+
+### Updates
+
+- 2023-02-27: [Fixing resume due to graphic drivers](/2023/fixing-resume-on-thinkpad-x1-extreme-g2-on-freebsd/)
+- 2023-02-04: [Configuring NVIDIA](/2023/freebsd-configuring-nvidia-and-xorg-on-thinkpad-x1-extreme-g2/)
+- 2023-03-15: [Problems with WiFi after resume](/2023/freebsd-on-modern-intel-wifi-cards-and-resume/)
+
diff --git a/content/bsd/thinkpad/switching-between-speakers-and-headphones-on-freebsd.md b/content/bsd/thinkpad/switching-between-speakers-and-headphones-on-freebsd.md
new file mode 100644
index 0000000..82e842b
--- /dev/null
+++ b/content/bsd/thinkpad/switching-between-speakers-and-headphones-on-freebsd.md
@@ -0,0 +1,51 @@
+---
+title: "Switching Between Speakers and Headphones on FreeBSD"
+category: bsd
+abstract: How to change the audio device?
+date: 2023-03-16T22:52:01+01:00
+year: 2023
+draft: false
+tags:
+- FreeBSD
+- headphones
+- speakers
+- ThinkPad
+- audio
+- tutorial
+---
+I want my laptop to switch to wired headphones when I attach them. FreeBSD has its own [Sound System](https://wiki.freebsd.org/Sound), so it's a great learning experience. I have yet to automate it (it is possible, but an attempt to do so forced me to do a complete rollback of the system state), but for now, this is working.
+
+First, check which audio outputs your device supports:
+
+```
+$ cat /dev/sndstat
+```
+
+In the case of my ThinkPad, this returns
+
+```
+Installed devices:
+pcm0: <NVIDIA (0x0094) (HDMI/DP 8ch)> (play)
+pcm1: <NVIDIA (0x0094) (HDMI/DP 8ch)> (play)
+pcm2: <NVIDIA (0x0094) (HDMI/DP 8ch)> (play)
+pcm3: <Conexant (0x1f86) (Analog)> (play/rec) default
+pcm4: <Conexant (0x1f86) (Left Analog Headphones)> (play)
+No devices installed from userspace.
+```
+
+The ones I care about are:
+pcm3 - the speakers
+pcm4 - the headphone jack
+
+I can now easily switch between them:
+
+```
+# enable speakers
+$ sysctl hw.snd.default_unit=3
+# enable headphones 
+$ sysctl hw.snd.default_unit=4
+```
+
+(replace the value with the correct id from `sndstat` file.)
+
+This, however, comes with a huge caveat. Some apps (khem khem, Firefox) not native to FreeBSD come configured with PulseAudio instead of FreeBSD's Sound System. This creates a level of indirection, and changing system output may not work instantly. In the case of Firefox, I need to reload the tab. Some apps, as I've heard, require a restart.