[{"title":"Blog","permalink":"/posts/20260216163721-blog/","summary":"Misc Setting up hugo.toml Hosting image data on Amazon S3 ","content":"Misc Setting up hugo.toml Hosting image data on Amazon S3 "},{"title":"Containers","permalink":"/posts/20260215230928-containers/","summary":"FreeBSD supports running Podman containers.\nLinux containers can be run (with restrictions) Restrictions Does not support specifying jail parameters1 e.g. .NET applications require allow.mlock parameter Workaround: patch ocijail2 Work in prorgess to support this3 https://github.com/containers/podman/discussions/27887\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nhttps://daemonless.io/guides/ocijail-patch/\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nhttps://github.com/dfr/ocijail/issues/3\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n","content":"FreeBSD supports running Podman containers.\nLinux containers can be run (with restrictions) Restrictions Does not support specifying jail parameters1 e.g. .NET applications require allow.mlock parameter Workaround: patch ocijail2 Work in prorgess to support this3 https://github.com/containers/podman/discussions/27887\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nhttps://daemonless.io/guides/ocijail-patch/\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nhttps://github.com/dfr/ocijail/issues/3\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n"},{"title":"Networking configuration","permalink":"/posts/20260215213347-networking_configuration/","summary":"todo\n","content":"todo\n"},{"title":"Nextcloud","permalink":"/posts/20260216164621-nextcloud/","summary":"Helpful links Moving Nextcloud data directories Alternatives Filebrowser ","content":"Helpful links Moving Nextcloud data directories Alternatives Filebrowser "},{"title":"Search","permalink":"/search/","summary":"","content":""},{"title":"Virtual Machines","permalink":"/posts/20260215234740-virtual_machines/","summary":"Virtual machines are managed by Bhyve\n","content":"Virtual machines are managed by Bhyve\n"},{"title":"zrepl Backup Server","permalink":"/posts/20260218210023-zrepl_backup_server/","summary":"Motivation I have some datasets on a VPS that I want to back up regularly to my homelab.\nBoth servers run ZFS I don\u0026rsquo;t want to expose extra ports Approach Use zrepl1 to transport backups through a Wireguard2 tunnel. While I still have to open up the Wireguard port, having an encrypted tunnel between my VPS and my home server is a useful thing to have in general.\nDetails Setting up Wireguard Most of this guide is taken from here.\n","content":"Motivation I have some datasets on a VPS that I want to back up regularly to my homelab.\nBoth servers run ZFS I don\u0026rsquo;t want to expose extra ports Approach Use zrepl1 to transport backups through a Wireguard2 tunnel. While I still have to open up the Wireguard port, having an encrypted tunnel between my VPS and my home server is a useful thing to have in general.\nDetails Setting up Wireguard Most of this guide is taken from here.\nInstall packages.\npkg install wireguard-tools zrepl Generate public and private keys for both the backup server and the VPS. Keep track of this.\nwg genkey | \\ tee /usr/local/etc/wireguard/privatekey | \\ wg pubkey \u0026gt; /usr/local/etc/wireguard/publickey Create a new configuration for the interface in /usr/local/etc/wireguard/wg0.conf.\nThe backup server acts as the server, listening for requests Address is some private address. Subnet mask represents the address space that your peers live in. [Interface] PrivateKey = \u0026lt;backup server private key\u0026gt; Address = 10.1.0.1/24 # As an example ListenPort = 51820 [Peer] PublicKey = \u0026lt;vps public key\u0026gt; AllowedIPs = \u0026lt;the ips that your vps uses\u0026gt; And on the client:\n[Interface] PrivateKey= \u0026lt;vps private key\u0026gt; Address = \u0026lt;same as AllowedIPs in previous file\u0026gt; [Peer] AllowedIPs=10.1.0.1/32 # backup server IP Endpoint=\u0026lt;public ip address\u0026gt;:51820 PersistentKeepalive=25 PublicKey= \u0026lt;backup server public key\u0026gt; Enable and start Wireguard.\nservice wireguard enable service wireguard start You can also bring it up with\nwg-quick wg0 up Enable forwarding packets between interfaces.\nsysctl net.inet.ip.forwarding=1 echo \u0026#39;net.inet.ip.forwarding=1\u0026#39; \u0026gt;\u0026gt; /etc/sysctl.conf And set up /etc/pf.conf. This enables packets to be received on the wg0 interface.\next_if = \u0026#34;vtnet0\u0026#34; wg_net = \u0026#34;10.1.0.0/24\u0026#34; nat on $ext_if from $wg_net to any -\u0026gt; ($ext_if) Enable and start pf.\nservice pf enable service pf start service pflog enable service pflog start Setting up zrepl VPS config:\njobs: - name: minecraft_server type: push connect: type: tcp address: \u0026#34;10.1.0.2:8888\u0026#34; filesystems: zroot/minecraft: true snapshotting: type: periodic prefix: zrepl_ interval: 10m pruning: keep_sender: - type: grid grid: \u0026#34;12x10m(keep=all) | 24x1h | 14x1d\u0026#34; regex: \u0026#34;^zrepl_\u0026#34; keep_receiver: - type: grid grid: \u0026#34;1x1m(keep=all) | 24x1h | 30x1d | 12x30d\u0026#34; regex: \u0026#34;^zrepl_\u0026#34; This sets up snapshotting every 10 minutes. On the VPS, all snapshots are stored in the past two hours, a snapshot every hour is stored in the past day, and a snapshot every day is stored in the past two weeks. On the backup server, hourly snapshots are kept in the last day, daily snapshots in the last month, and monthly snapshots in the past year.\nThe 1x1m(keep=all) rule is to avoid this issue.\nServer config:\njobs: - type: sink name: \u0026#34;backup-name\u0026#34; root_fs: \u0026#34;zroot/backups\u0026#34; # This is the fs where you want all your backups to live in serve: type: tcp listen: \u0026#34;:8888\u0026#34; clients: { \u0026#34;10.1.0.3\u0026#34;: \u0026#34;vps_server\u0026#34; } recv: placeholder: encryption: off # Must be added The name of the filesystem will be zroot/backups/vps_server/zroot/minecraft in this case.\nMonitoring You can monitor if data has been sent through the tunnel via sudo wg show, and the status of the backup jobs with sudo zrepl status.\nImprovements Containerize zrepl and WireGuard Set up mounting ZFS in a container3 Set up Wireguard in a container Figure out DNS to find the server name Figure out restore References https://emar10.dev/posts/rootless-podman-wireguard\nhttps://www.server-world.info/en/note?os=FreeBSD_14\u0026amp;p=wireguard\u0026amp;f=1\nhttps://zrepl.github.io/\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nhttps://www.wireguard.com/\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nhttps://people.freebsd.org/~dch/posts/2025-06-27-oci-zfs/\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n"}]