Fedora 44 Beta: Neue Desktops, neue Tools und viele Änderungen - fosstopia Technik-Blog für Linux, Unix, Open Source, Cloud Computing, Nachhaltigkeit und Co.

#Nix Paketmanager kommt für #Fedora 😯

Hat das Teil den selben Funktionsumfang wie bei #NixOs ?

z.b. User anlegen, Firewall steuern usw?

https://fosstopia.de/fedora-44-beta/

Linux Firewalls: How to Actually Secure a Cloud Server (iptables, nftables, firewalld, ufw) A practical guide to the four major Linux firewall technologies - iptables, nftables, firewalld, and ufw. Covers real-world cloud server hardening with concrete examples, from locking down SSH to b...

There are too many ways to build a firewall in Linux, and picking the wrong abstraction can leave your cloud server exposed.

I wrote a practical guide to iptables, nftables, firewalld, and ufw. It covers real-world configs.

Check it out: blog.hofstede.it/linux-firewa...

#linux #firewall #network

FreeBSD Foundationals: ZFS - The Last Filesystem You’ll Ever Need The second in the FreeBSD Foundationals series. This one covers ZFS from philosophy to practice: why it exists, how pools and datasets work, what checksumming and self-healing actually do, how to t...

Just published Part 2 of my FreeBSD Foundationals series: ZFS - The Last Filesystem You'll Ever Need.

From preventing silent data corruption to time-traveling with .zfs snapshots and automating backups with sanoid/syncoid.

Read it here: blog.hofstede.it/freebsd-foun...

#FreeBSD #ZFS

Running Your Own AS: Going Multi-Homed with iBGP and three Transits Expanding a single BGP router into a two-PoP distributed network: adding a Vultr edge router with native BGP peering, three upstream GRE providers and iBGP to tie it together - plus the stateless P...

Ever wonder what happens when you outgrow a single BGP router? I wrote a deep dive on building a multi-homed, two-PoP distributed network using FreeBSD, FRR, and iBGP.

Includes the stateless PF rules you need to survive asymmetric routing!

blog.hofstede.it/running-your...

#BGP #IPv6 #FreeBSD

The page of our Mastodon instance burningboard.net is now bilingual, offering english for international visitors.

It features introductions to Mastodon as well as information about our philosophy, rules and more.

See it here:
meta.burningboard.net

#socialmedia #mastodon #fediverse

Got my own AS and IPv6 /48 from RIPE. Set up a FreeBSD BGP router with FRR, built tunnels to distribute prefixes to servers, and used dual-FIB policy routing so jails can speak from both provider and BGP addresses.

blog.hofstede.it/running-your...

#FreeBSD #BGP #IPv6 #Networking #SelfHosted

I finally dove into the world of Immutable/Atomic Linux Desktops.

Universal Blue (Aurora/Bazzite) is doing for the desktop what CoreOS did for servers.

My analysis of the stack (OSTree, bootc) and why I think this is the future: blog.hofstede.it/immutable-li...

#linux #fedora #devops

I’ve documented a clean, native way to join FreeBSD 15 to a FreeIPA realm. Pure Kerberos (GSSAPI). Lightweight LDAP (nslcd). No local user management.

Keep your base system sane.

blog.hofstede.it/integrating-...

#FreeBSD #SysAdmin #FreeIPA #OpenSource

Self-hosting CryptPad on FreeBSD with VNET jails, PF, and Caddy.

End-to-end encrypted docs, isolated, selective port exposure, and hard-won lessons from a real deployment.

Privacy-first collaboration the FreeBSD way.

blog.hofstede.it/self-hosted-...

#FreeBSD #SelfHosting #Privacy #CryptPad

GeoIP-Aware Firewalling with PF on FreeBSD

My mail server now filters client ports by geography - SMTP stays global, but IMAP only accepts connections from Central Europe.

Result: 90% fewer brute-force attempts.

blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/

#freebsd #devops #admin

New blog post: I wrote an Ansible connection plugin for FreeBSD jails. Manage jails without SSH inside each one - connects to the host and uses jexec, just like you would manually.

blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/

#freebsd #ansible #devops

Running FreeBSD 15 on Proxmox? If your static IPs are failing, it's a version mismatch: Proxmox speaks cloud-init v1, but FreeBSD's new nuageinit expects v2.

I wrote a script to generate the correct v2 config ISOs and bridge the gap.

blog.hofstede.it/freebsd-15-c...

#FreeBSD #Proxmox #SysAdmin

New post: AI-assisted Linux troubleshooting with linux-mcp-server

Your AI can now directly query system info, services, logs & network state instead of you copy-pasting outputs back and forth.

blog.hofstede.it/interactive-...

#Linux #AI #MCP #RHEL #Fedora #SysAdmin #OpenSource

A split-screen view of a developer workspace. Right side: A Neovim code editor showing an Ansible playbook. The highlighted task uses the containers.podman.podman_container module with state: quadlet to deploy a rootless UBI9 web server. Left side: A terminal window showing the playbook execution. The output shows successful tasks (green and yellow) and ends with a cat command displaying the generated systemd Quadlet file, confirming 'AutoUpdate=registry' is set.

Stop scripting podman run.

I switched my RHEL ops to Ansible + Podman Quadlets. Instead of managing containers manually, Ansible defines them as native systemd services (state: quadlet).

Result? Rootless, auto-updating, and zero drift. This is the modern standard.

#RHEL #Ansible #Linux #Podman

New post: Self-hosting a static blog on FreeBSD 15.0 with Bastille, Caddy, PF, and CI/CD deployment.

Covers the full stack, from jail isolation to restricted rsync. Simpler than containers.

blog.hofstede.it/hosting-a-static-blog-on-freebsd-with-bastille-jails-and-automated-deployment/

#freebsd

Just migrated my blog (blog.hofstede.it) to a native BSD stack!

- #BastilleBSD (Jails)
- Caddy (TLS, Reverse-Proxy)
- Nginx (Blog / Static files)
- PF (Firewall)

My Forgejo runner deploys via rrsync into an "transport" jail, which nullfs mounts the web root.

#freebsd #it #devops #sysadmin

FreeBSD + BastilleBSD + Mastodon = ❤️

I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.

Clean design, central PF firewall, zero Docker.

blog.hofstede.it/migrating-bu...

#freebsd #mastodon #jails #bastillebsd #pf

If you want to build production level container deployment without @kubernetesio, Quadlets might be the answer! Check out this blog from @hofstede.io :
blog.hofstede.it/production-g... #podman #opensource

Fedora Linux 43 was released: fedoraproject.org

I run the beta/rc since early September and so far, it's absolutely rock-solid and stable!

Amazing release. I tip my fedora for all the people at @fedora.fosstodon.org.ap.brid.gy

#linux #fedora #fedora43 #linux #foss

Just published a FreeBSD Cheat Sheet for Linux Admins with 100+ command translations.

Covers hardware info, networking (sockstat is so much cleaner than ss!), ZFS operations, and those little differences that trip you up.

codeberg.org/Larvitz/gist...

#FreeBSD #Linux #SysAdmin #DevOps

Ever wondered which SSH keys are lurking on your servers?

Just published an Ansible playbook that audits your servers for SSH keys!

- Detects unprotected private keys
- Lists all pubkeys for root and users
- Comprehensive reporting

codeberg.org/Larvitz/gist...

#linux #ansible #devops #itsec

GitHub - chofstede/ansible_jailexec: Ansible Connection Plugin for FreeBSD Jails via jexec Ansible Connection Plugin for FreeBSD Jails via jexec - chofstede/ansible_jailexec

Released my Ansible JailExec Plugin for FreeBSD! Effortlessly automate jails via host SSH with jls & jexec, no direct jail SSH required.

📂 GitHub: github.com/chofstede/an...
📂 Codeberg: codeberg.org/Larvitz/ansi...

#FreeBSD #Ansible #DevOps

There goes my weekend 😆

Nice. Put that on my todo list. Thank you

nvim-ansible Neovim config for Ansible & Python

After months of tweaking, I've got my Neovim setup dialed in for Ansible work. Complete LSP support, auto-linting, and zero-config startup. Sharing it in case other DevOps folks find it useful: codeberg.org/Larvitz/nvim...

#linux #ansible #devops #python #vim

Getting started with RHEL on WSL | Red Hat Developer Explore steps to get started with Red Hat Enterprise Linux (RHEL) on Microsoft Windows Subsystem for Linux (WSL) and create customized RHEL images

Windows hackers, unite! Red Hat Enterprise Linux 10 blasts into WSL2 - enterprise stability meets Windows flexibility. Podman, systemd, all in your backyard. No dual-boot drama! Get started: developers.redhat.com/articles/202... #RHEL10 #WSL2 #RedHat #LinuxDev #Linux #Windows

Diving into RHEL 10's enhanced podman with quadlet: Define systemd units for containers via .container files—immutable, auto-restart on boot. Hack: Layer in custom seccomp profiles for zero-trust. Enterprise meets edge computing finesse! #RHEL10 #RedHat #Containers #LinuxHacks

Screenshot von der Deutschen Bahn (Buchungssystem). Das Sparpreis Ticket ist teuerer als der Flex-Preis, trotz deutlich schlechterer Bedingungen.

Was zur Hölle, Deutsche Bahn?!

Der Sparpreis mit Zug-Bindung und ohne City-Ticket ist **teuerer** als das Flex-Ticket, mit dem ich den ganzen Tag fahren kann und ein City-Ticket inklusive habe?!!!!

#db #bahn #zug #reisen #allebekloppt

Why did the global IT system break down a year ago on 19/July/2024?

Because CrowdStrike released an update that was so good at finding threats, it found a threat in itself and decided to take a much-needed, worldwide coffee break! 🤣

"Gem Pack Vol. 2" Pokemon card booster in simplified chinese from mainland China 🇨🇳

Pokemon Cards: - 1x Umbreon V - 1x Vaporeon Holo (Star-Pattern) - 1x Flareon Holo (Pokeball Pattern) - 1x Umbreon Holo (Type Pattern)

This weeks Pokémon booster opening is something different. Not Destinied Rivals like the past weeks.

"Gem Pack Vol. 2" in simplified chinese from mainland China 🇨🇳

Not the best pull in the wold, but two new cards, that were still missing. Gonna catch em all!

#pokemon #pokemontcg #tcg #games #fun