« FreeBSD » : différence entre les versions

De PN Wiki
Aller à la navigation Aller à la recherche
← Modification précédente
Balise : Révoqué
 
(10 versions intermédiaires par le même utilisateur non affichées)
Ligne 14 : Ligne 14 :
=== One shot ===
=== One shot ===


<pre>
rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/
rsync -av /var/ftp/ newice3:/var/ftp/
 
</pre>


=== 1 full + diff at the migration time ===  
=== 1 full + diff at the migration time ===  


<pre>
rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)
</pre>


= Nginx =
= Nginx =
Ligne 65 : Ligne 49 :
A cron job shall be used to update these databases on a daily basis<ref>https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/</ref>
A cron job shall be used to update these databases on a daily basis<ref>https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/</ref>


= PF =
= ZFS snapshots =  
After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).<br>
FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.
This is explained here with a quick & dirty non-permanent fix :<br>
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832
# First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
# Then restart PF the usual way


= Raspberry PI & Home Assistant OS =
== Procedure to delete ==
== Custom routes issue ==
When installing HA natively on a RPI and if static routing is needed, then the best solution is this one:<br>
https://www.reddit.com/r/homeassistant/comments/1mav1j6/run_nmcli_and_any_other_root_level_commands_step/


Another solution I didn't test:<br>
=== List & check ===
https://community.home-assistant.io/t/run-on-startup-d/271008
<pre>root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                          NR    /         814G  2023-12-01 23:34
</pre>
Check that the active Boot Envionment is the default (NR set on default).


== Remote control trick ==
<pre>root@icecube BSD:~ # zfs list -t snapshot
Sometimes a remote control can send multiple button/click triggers even when a button is pushed once.
NAME                                      USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0  927M      -  812G  -
</pre>


That's the case with the [https://fr.aliexpress.com/item/4001062612446.html ''Tuya Zigbee3.0 Remote Control With 4 Key'']] that I just bought to trigger a Zigbee dry relay MHCOZY TYZG-001-RF (only used in Zigbee mode & cabled in NO - Normally opened). This dry relay simulates a push button to open a Garage door.
=== Delete ===


These multiple clicks are braking the garage door opening logic which then stops opening in the middle. In order to solve this, I used what we call in IT a '''mutex'''.
<pre>root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434
</pre>


Here are the scripts to make this work properly:
=== Results ===
<pre>root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR    /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available
</pre>


=== MHCOZY ZG-001 ===
= Reboot or no reboot after a minor system upgrade ? =


Go to '''Settings > Automations & scenes > Scripts''' and create the following script:
After a system upgrade performed thanks to :
<pre>alias: Pulse TUZG Relay (0.5s)
<pre>root@icecube BSD:~ # freebsd-update fetch
mode: single
root@icecube BSD:~ # freebsd-update install
sequence:
  - target:
      entity_id: light.mhcozy_tyzg_001_rf
    action: light.turn_on
  - delay:
      milliseconds: 500
  - target:
      entity_id: light.mhcozy_tyzg_001_rf
    action: light.turn_off
</pre>
</pre>


=== Tuya Zigbee3.0 Remote Control ===
If the output of these two commands differs, then reboot your system:
Go to '''Settings > Devices & services > Helpers''' and create the following Boolean '''Toggle''':
<pre>root@icecube BSD:~ # freebsd-version -k
<pre>Name: garage_remote_control_lock
14.3-RELEASE-p7
Entity ID: input_boolean.garage_remote_control_lock</pre>
root@icecube BSD:~ # uname -r
Make sure it's set to Off (click on it when created to set its state).
14.3-RELEASE-p7
</pre>


Then go to '''Settings > Automations & scenes > Automations''' and create the following script:
= PF =
<pre>alias: Garage remote control
After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).<br>
description: Trigger the garage door opening/closing via the remote control with lock to prevent duplicates
This is explained here with a quick & dirty non-permanent fix :<br>
triggers:
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832
  - event_type: zha_event
# First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
    event_data:
# Then restart PF the usual way
      device_ieee: $your_device_ieee_identifier
      command: arm
    trigger: event
conditions:
  - condition: state
    entity_id: input_boolean.garage_remote_control_lock
    state: "off"
actions:
  - action: input_boolean.turn_on
    data: {}
    target:
      entity_id: input_boolean.garage_remote_control_lock
  - action: script.pulse_relay_0_5s
    data: {}
  - delay:
      seconds: 3
  - action: input_boolean.turn_off
    data: {}
    target:
      entity_id: input_boolean.garage_remote_control_lock
mode: single</pre>
 
To make sure the value is at OFF at HA startup (i.e. to avoid specific bad situations when the HA crashes in the middle of the door opening automation and the toggle does not get reset), then create another automation:
<pre>alias: Garage remote control lock reset on startup
triggers:
  - event: start
    trigger: homeassistant
actions:
  - target:
      entity_id: input_boolean.garage_remote_control_lock
    action: input_boolean.turn_off
    data: {}
mode: single</pre>


= References =
= References =
{{references}}
{{references}}

Dernière version du 24 décembre 2025 à 10:16

Named

Manually updating a Dynamic controlled zone

"If you have to edit the zone files of dynamic zones manually while the DNS server is running, you'll have to freeze the zones with # rndc freeze <myzone> before editing and unfreeze them with # rndc thaw <myzone> after editing. This is because named(8) has internal state information and external journal files attached to dynamic zones that have to be kept in sync with the zone files[1]".

Rsync

To delete files in the target if they disappeared from the source, then add the --delete option to your command. For example:

rsync -avh source/ dest/ --delete
NB: -avh is for --archive --verbose --human-readable[2].

Migration of folders to a new server

One shot

rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/

1 full + diff at the migration time

rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)

Nginx

Maxmind

Country based filtering can be performed in nginx thanks to the free Maxmind databases.

A cron job shall be used to update these databases on a daily basis[3]

ZFS snapshots

FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.

Procedure to delete

List & check

root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                           NR     /          814G  2023-12-01 23:34

Check that the active Boot Envionment is the default (NR set on default). 

root@icecube BSD:~ # zfs list -t snapshot
NAME                                       USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0   927M      -   812G  -

Delete

root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434

Results

root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR     /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available

Reboot or no reboot after a minor system upgrade ?

After a system upgrade performed thanks to : 

root@icecube BSD:~ # freebsd-update fetch
root@icecube BSD:~ # freebsd-update install

If the output of these two commands differs, then reboot your system: 

root@icecube BSD:~ # freebsd-version -k
14.3-RELEASE-p7
root@icecube BSD:~ # uname -r
14.3-RELEASE-p7

PF

After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).
This is explained here with a quick & dirty non-permanent fix :
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832

  1. First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
  2. Then restart PF the usual way

References

  1. https://forums.freebsd.org/threads/dynamic-dns-with-bind-and-isc-dhcp-server.33849/
  2. https://askubuntu.com/a/665918
  3. https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/
Récupérée de "https://wiki.deprelledelanieppe.be/mediawiki/index.php?title=FreeBSD&oldid=941"