Named

Manually updating a Dynamic controlled zone

"If you have to edit the zone files of dynamic zones manually while the DNS server is running, you'll have to freeze the zones with # rndc freeze <myzone> before editing and unfreeze them with # rndc thaw <myzone> after editing. This is because named(8) has internal state information and external journal files attached to dynamic zones that have to be kept in sync with the zone files^[1]".

Rsync

To delete files in the target if they disappeared from the source, then add the --delete option to your command. For example:

rsync -avh source/ dest/ --delete
NB: -avh is for --archive --verbose --human-readable^[2].

Migration of folders to a new server

One shot

rsync -av /var/db/ports/ root@newice3:/var/db/ports/

rsync -av /etc/ root@newice3:/etc/oldice3/

rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/

rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/

rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/

rsync -av /etc/pki/ newice3:/etc/pki/

rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/

rsync -av /var/ftp/ newice3:/var/ftp/

1 full + diff at the migration time

rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run

rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run

rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run

rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run

rsync -av /root/ root@newice3:/root/ --delete --dry-run

rsync -av /home/ root@newice3:/home/ --delete --dry-run

rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run

rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run

rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run

rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run

rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run

rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run

rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)

Nginx

Maxmind

Country based filtering can be performed in nginx thanks to the free Maxmind databases.

A cron job shall be used to update these databases on a daily basis^[3]

PF

After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).
This is explained here with a quick & dirty non-permanent fix :
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832

1. First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
2. Then restart PF the usual way

Raspberry PI & Home Assistant OS

Custom routes issue

When installing HA natively on a RPI and if static routing is needed, then the best solution is this one:
https://www.reddit.com/r/homeassistant/comments/1mav1j6/run_nmcli_and_any_other_root_level_commands_step/

Another solution I didn't test:
https://community.home-assistant.io/t/run-on-startup-d/271008

Remote control trick

Sometimes a remote control can send multiple button/click triggers even when a button is pushed once.

That's the case with the Tuya Zigbee3.0 Remote Control With 4 Key] that I just bought to trigger a Zigbee dry relay MHCOZY TYZG-001-RF (only used in Zigbee mode & cabled in NO - Normally opened). This dry relay simulates a push button to open a Garage door.

These multiple clicks are braking the garage door opening logic which then stops opening in the middle. In order to solve this, I used what we call in IT a mutex.

Here are the scripts to make this work properly:

MHCOZY ZG-001

Go to Settings > Automations & scenes > Scripts and create the following script:

alias: Pulse TUZG Relay (0.5s)
mode: single
sequence:
  - target:
      entity_id: light.mhcozy_tyzg_001_rf
    action: light.turn_on
  - delay:
      milliseconds: 500
  - target:
      entity_id: light.mhcozy_tyzg_001_rf
    action: light.turn_off

Tuya Zigbee3.0 Remote Control

Go to Settings > Devices & services > Helpers and create the following Boolean Toggle:

Name: garage_remote_control_lock
Entity ID: input_boolean.garage_remote_control_lock

When created, make sure it's set to Off (click on it to set its state).

Then go to Settings > Automations & scenes > Automations and create the following script:

alias: Garage remote control
description: Trigger garage door via remote with lock to prevent duplicates
triggers:
  - event_type: zha_event
    event_data:
      device_ieee: $your_device_ieee_identifier
      command: arm
    trigger: event
conditions:
  - condition: state
    entity_id: input_boolean.garage_remote_control_lock
    state: "off"
actions:
  - action: input_boolean.turn_on
    data: {}
    target:
      entity_id: input_boolean.garage_remote_control_lock
  - action: script.pulse_relay_0_5s
    data: {}
  - delay:
      seconds: 3
  - action: input_boolean.turn_off
    data: {}
    target:
      entity_id: input_boolean.garage_remote_control_lock
mode: single

To make sure the value is at OFF at HA startup (i.e. to avoid specific bad situations when the HA crashes in the middle of the door opening automation and the toggle does not get reset), then create another automation:
alias: Garage remote control lock reset on startup
triggers:
  - event: start
    trigger: homeassistant
actions:
  - target:
      entity_id: input_boolean.garage_remote_control_lock
    action: input_boolean.turn_off
    data: {}
mode: single

References

↑ https://forums.freebsd.org/threads/dynamic-dns-with-bind-and-isc-dhcp-server.33849/

↑ https://askubuntu.com/a/665918

↑ https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/