« FreeBSD » : différence entre les versions

De PN Wiki
Aller à la navigation Aller à la recherche
← Modification précédente
Balise : Révoqué
 
(8 versions intermédiaires par le même utilisateur non affichées)
Ligne 14 : Ligne 14 :
=== One shot ===
=== One shot ===


<pre>
rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/
rsync -av /var/ftp/ newice3:/var/ftp/
 
</pre>


=== 1 full + diff at the migration time ===  
=== 1 full + diff at the migration time ===  


<pre>
rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)
</pre>


= Nginx =
= Nginx =
Ligne 65 : Ligne 49 :
A cron job shall be used to update these databases on a daily basis<ref>https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/</ref>
A cron job shall be used to update these databases on a daily basis<ref>https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/</ref>


= PF =
= ZFS snapshots =  
After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).<br>
FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.
This is explained here with a quick & dirty non-permanent fix :<br>
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832
# First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
# Then restart PF the usual way


= Raspberry PI & Home Assistant OS =
== Procedure to delete ==
== Custom routes issue ==
When installing HA natively on a RPI and if static routing is needed, then the best solution is this one:<br>
https://www.reddit.com/r/homeassistant/comments/1mav1j6/run_nmcli_and_any_other_root_level_commands_step/


Another solution I didn't test:<br>
=== List & check ===
https://community.home-assistant.io/t/run-on-startup-d/271008
<pre>root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                          NR    /         814G  2023-12-01 23:34
</pre>
Check that the active Boot Envionment is the default (NR set on default).


== Remote control trick ==
<pre>root@icecube BSD:~ # zfs list -t snapshot
NAME                                      USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0  927M      -  812G  -
</pre>


Sometimes a remote control can send multiple button/click triggers even when a button is pushed once.
=== Delete ===


That's the case with the [https://fr.aliexpress.com/item/4001062612446.html ''Tuya Zigbee3.0 Remote Control With 4 Key'']] that I just bought to trigger a Zigbee dry relay MHCOZY TYZG-001-RF (only used in Zigbee mode & cabled in NO - Normally opened). This dry relay simulates a push button to open a Garage door.
<pre>root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434
</pre>


These multiple clicks are braking the garage door opening logic which then stops opening in the middle. In order to solve this, I used what we call in IT a '''mutex'''.
=== Results ===
<pre>root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR    /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available
</pre>


Here are the scripts to make this work properly:
= Reboot or no reboot after a minor system upgrade ? =


=== MHCOZY ZG-001 ===
After a system upgrade performed thanks to :
 
<pre>root@icecube BSD:~ # freebsd-update fetch
[[Fichier:MHCOZY TYZG-001-RF.png]]
root@icecube BSD:~ # freebsd-update install
</pre>


Go to '''Settings > Automations & scenes > Scripts''' and create the following script:
If the output of these two commands differs, then reboot your system:
<pre>alias: Pulse TUZG Relay (0.5s)
<pre>root@icecube BSD:~ # freebsd-version -k
mode: single
14.3-RELEASE-p7
sequence:
root@icecube BSD:~ # uname -r
  - target:
14.3-RELEASE-p7
      entity_id: light.mhcozy_tyzg_001_rf
    action: light.turn_on
  - delay:
      milliseconds: 500
  - target:
      entity_id: light.mhcozy_tyzg_001_rf
    action: light.turn_off
</pre>
</pre>


=== Tuya Zigbee3.0 Remote Control ===
= PF =
 
After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).<br>
[[Fichier:Tuya Remote Control.png]]
This is explained here with a quick & dirty non-permanent fix :<br>
 
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832
Go to '''Settings > Devices & services > Helpers''' and create the following Boolean '''Toggle''':
# First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
<pre>Name: garage_remote_control_lock
# Then restart PF the usual way
Entity ID: input_boolean.garage_remote_control_lock</pre>
Make sure it's set to Off (click on it when created to set its state).
 
Then go to '''Settings > Automations & scenes > Automations''' and create the following script:
<pre>alias: Garage remote control
description: Trigger the garage door opening/closing via the remote control with lock to prevent duplicates
triggers:
  - event_type: zha_event
    event_data:
      device_ieee: $your_device_ieee_identifier
      command: arm
    trigger: event
conditions:
  - condition: state
    entity_id: input_boolean.garage_remote_control_lock
    state: "off"
actions:
  - action: input_boolean.turn_on
    data: {}
    target:
      entity_id: input_boolean.garage_remote_control_lock
  - action: script.pulse_relay_0_5s
    data: {}
  - delay:
      seconds: 3
  - action: input_boolean.turn_off
    data: {}
    target:
      entity_id: input_boolean.garage_remote_control_lock
mode: single</pre>
 
To make sure the value is at OFF at HA startup (i.e. to avoid specific bad situations when the HA crashes in the middle of the door opening automation and the toggle does not get reset), then create another automation:
<pre>alias: Garage remote control lock reset on startup
triggers:
  - event: start
    trigger: homeassistant
actions:
  - target:
      entity_id: input_boolean.garage_remote_control_lock
    action: input_boolean.turn_off
    data: {}
mode: single</pre>


= References =
= References =
{{references}}
{{references}}

Dernière version du 24 décembre 2025 à 10:16

Named

Manually updating a Dynamic controlled zone

"If you have to edit the zone files of dynamic zones manually while the DNS server is running, you'll have to freeze the zones with # rndc freeze <myzone> before editing and unfreeze them with # rndc thaw <myzone> after editing. This is because named(8) has internal state information and external journal files attached to dynamic zones that have to be kept in sync with the zone files[1]".

Rsync

To delete files in the target if they disappeared from the source, then add the --delete option to your command. For example:

rsync -avh source/ dest/ --delete
NB: -avh is for --archive --verbose --human-readable[2].

Migration of folders to a new server

One shot

rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/

1 full + diff at the migration time

rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)

Nginx

Maxmind

Country based filtering can be performed in nginx thanks to the free Maxmind databases.

A cron job shall be used to update these databases on a daily basis[3]

ZFS snapshots

FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.

Procedure to delete

List & check

root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                           NR     /          814G  2023-12-01 23:34

Check that the active Boot Envionment is the default (NR set on default). 

root@icecube BSD:~ # zfs list -t snapshot
NAME                                       USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0   927M      -   812G  -

Delete

root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434

Results

root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR     /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available

Reboot or no reboot after a minor system upgrade ?

After a system upgrade performed thanks to : 

root@icecube BSD:~ # freebsd-update fetch
root@icecube BSD:~ # freebsd-update install

If the output of these two commands differs, then reboot your system: 

root@icecube BSD:~ # freebsd-version -k
14.3-RELEASE-p7
root@icecube BSD:~ # uname -r
14.3-RELEASE-p7

PF

After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).
This is explained here with a quick & dirty non-permanent fix :
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832

  1. First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
  2. Then restart PF the usual way

References

  1. https://forums.freebsd.org/threads/dynamic-dns-with-bind-and-isc-dhcp-server.33849/
  2. https://askubuntu.com/a/665918
  3. https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/
Récupérée de "https://wiki.deprelledelanieppe.be/mediawiki/index.php?title=FreeBSD&oldid=941"