Larvitz
@hofstede.io
IT Consultant from Germany | Nerd | Linux Advocate | Interested in
Linux, Open Source, Elektronics, Retro Gaming, Photography, Smart Home and Emulation.
Linux, Open Source, Elektronics, Retro Gaming, Photography, Smart Home and Emulation.
GeoIP-Aware Firewalling with PF on FreeBSD
My mail server now filters client ports by geography - SMTP stays global, but IMAP only accepts connections from Central Europe.
Result: 90% fewer brute-force attempts.
blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
#freebsd #devops #admin
My mail server now filters client ports by geography - SMTP stays global, but IMAP only accepts connections from Central Europe.
Result: 90% fewer brute-force attempts.
blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
#freebsd #devops #admin
GeoIP-Aware Firewalling with PF on FreeBSD | Larvitz Blog
Using MaxMind’s GeoLite2 database with FreeBSD’s PF firewall to restrict client-facing services to specific countries, reducing brute-force attempts and log noise while keeping essential services glob...
blog.hofstede.it
January 13, 2026 at 5:36 PM
GeoIP-Aware Firewalling with PF on FreeBSD
My mail server now filters client ports by geography - SMTP stays global, but IMAP only accepts connections from Central Europe.
Result: 90% fewer brute-force attempts.
blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
#freebsd #devops #admin
My mail server now filters client ports by geography - SMTP stays global, but IMAP only accepts connections from Central Europe.
Result: 90% fewer brute-force attempts.
blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/
#freebsd #devops #admin
New blog post: I wrote an Ansible connection plugin for FreeBSD jails. Manage jails without SSH inside each one - connects to the host and uses jexec, just like you would manually.
blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
#freebsd #ansible #devops
blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
#freebsd #ansible #devops
Managing FreeBSD Jails with Ansible: The jailexec Connection Plugin | Larvitz Blog
A custom Ansible connection plugin that enables native management of FreeBSD jails via jexec, without requiring SSH inside each jail.
blog.hofstede.it
December 31, 2025 at 11:19 AM
New blog post: I wrote an Ansible connection plugin for FreeBSD jails. Manage jails without SSH inside each one - connects to the host and uses jexec, just like you would manually.
blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
#freebsd #ansible #devops
blog.hofstede.it/managing-freebsd-jails-with-ansible-the-jailexec-connection-plugin/
#freebsd #ansible #devops
Running FreeBSD 15 on Proxmox? If your static IPs are failing, it's a version mismatch: Proxmox speaks cloud-init v1, but FreeBSD's new nuageinit expects v2.
I wrote a script to generate the correct v2 config ISOs and bridge the gap.
blog.hofstede.it/freebsd-15-c...
#FreeBSD #Proxmox #SysAdmin
I wrote a script to generate the correct v2 config ISOs and bridge the gap.
blog.hofstede.it/freebsd-15-c...
#FreeBSD #Proxmox #SysAdmin
FreeBSD 15 Cloud-Init on Proxmox: Working Around nuageinit’s Network-Config Gap | Larvitz Blog
Proxmox VE generates network-config v1, but FreeBSD 15’s nuageinit only speaks v2. Here’s a script that bridges the gap for static IP configuration.
blog.hofstede.it
December 28, 2025 at 9:09 PM
Running FreeBSD 15 on Proxmox? If your static IPs are failing, it's a version mismatch: Proxmox speaks cloud-init v1, but FreeBSD's new nuageinit expects v2.
I wrote a script to generate the correct v2 config ISOs and bridge the gap.
blog.hofstede.it/freebsd-15-c...
#FreeBSD #Proxmox #SysAdmin
I wrote a script to generate the correct v2 config ISOs and bridge the gap.
blog.hofstede.it/freebsd-15-c...
#FreeBSD #Proxmox #SysAdmin
New post: AI-assisted Linux troubleshooting with linux-mcp-server
Your AI can now directly query system info, services, logs & network state instead of you copy-pasting outputs back and forth.
blog.hofstede.it/interactive-...
#Linux #AI #MCP #RHEL #Fedora #SysAdmin #OpenSource
Your AI can now directly query system info, services, logs & network state instead of you copy-pasting outputs back and forth.
blog.hofstede.it/interactive-...
#Linux #AI #MCP #RHEL #Fedora #SysAdmin #OpenSource
Interactive System Troubleshooting with AI: The Linux MCP Server | Larvitz Blog
How the linux-mcp-server bridges AI assistants and Linux systems for interactive diagnostics, enabling natural language troubleshooting and system analysis.
blog.hofstede.it
December 25, 2025 at 4:20 PM
New post: AI-assisted Linux troubleshooting with linux-mcp-server
Your AI can now directly query system info, services, logs & network state instead of you copy-pasting outputs back and forth.
blog.hofstede.it/interactive-...
#Linux #AI #MCP #RHEL #Fedora #SysAdmin #OpenSource
Your AI can now directly query system info, services, logs & network state instead of you copy-pasting outputs back and forth.
blog.hofstede.it/interactive-...
#Linux #AI #MCP #RHEL #Fedora #SysAdmin #OpenSource
Stop scripting podman run.
I switched my RHEL ops to Ansible + Podman Quadlets. Instead of managing containers manually, Ansible defines them as native systemd services (state: quadlet).
Result? Rootless, auto-updating, and zero drift. This is the modern standard.
#RHEL #Ansible #Linux #Podman
I switched my RHEL ops to Ansible + Podman Quadlets. Instead of managing containers manually, Ansible defines them as native systemd services (state: quadlet).
Result? Rootless, auto-updating, and zero drift. This is the modern standard.
#RHEL #Ansible #Linux #Podman
December 14, 2025 at 4:52 PM
New post: Self-hosting a static blog on FreeBSD 15.0 with Bastille, Caddy, PF, and CI/CD deployment.
Covers the full stack, from jail isolation to restricted rsync. Simpler than containers.
blog.hofstede.it/hosting-a-static-blog-on-freebsd-with-bastille-jails-and-automated-deployment/
#freebsd
Covers the full stack, from jail isolation to restricted rsync. Simpler than containers.
blog.hofstede.it/hosting-a-static-blog-on-freebsd-with-bastille-jails-and-automated-deployment/
#freebsd
Hosting a Static Blog on FreeBSD with Bastille Jails and Automated Deployment | Larvitz Blog
A full-stack overview of hosting a Pelican blog on FreeBSD 15.0 using Bastille jails, Caddy reverse proxy, and automated CI/CD deployment via Forgejo Actions.
blog.hofstede.it
December 14, 2025 at 1:12 PM
New post: Self-hosting a static blog on FreeBSD 15.0 with Bastille, Caddy, PF, and CI/CD deployment.
Covers the full stack, from jail isolation to restricted rsync. Simpler than containers.
blog.hofstede.it/hosting-a-static-blog-on-freebsd-with-bastille-jails-and-automated-deployment/
#freebsd
Covers the full stack, from jail isolation to restricted rsync. Simpler than containers.
blog.hofstede.it/hosting-a-static-blog-on-freebsd-with-bastille-jails-and-automated-deployment/
#freebsd
Just migrated my blog (blog.hofstede.it) to a native BSD stack!
- #BastilleBSD (Jails)
- Caddy (TLS, Reverse-Proxy)
- Nginx (Blog / Static files)
- PF (Firewall)
My Forgejo runner deploys via rrsync into an "transport" jail, which nullfs mounts the web root.
#freebsd #it #devops #sysadmin
- #BastilleBSD (Jails)
- Caddy (TLS, Reverse-Proxy)
- Nginx (Blog / Static files)
- PF (Firewall)
My Forgejo runner deploys via rrsync into an "transport" jail, which nullfs mounts the web root.
#freebsd #it #devops #sysadmin
December 13, 2025 at 2:19 PM
Just migrated my blog (blog.hofstede.it) to a native BSD stack!
- #BastilleBSD (Jails)
- Caddy (TLS, Reverse-Proxy)
- Nginx (Blog / Static files)
- PF (Firewall)
My Forgejo runner deploys via rrsync into an "transport" jail, which nullfs mounts the web root.
#freebsd #it #devops #sysadmin
- #BastilleBSD (Jails)
- Caddy (TLS, Reverse-Proxy)
- Nginx (Blog / Static files)
- PF (Firewall)
My Forgejo runner deploys via rrsync into an "transport" jail, which nullfs mounts the web root.
#freebsd #it #devops #sysadmin
FreeBSD + BastilleBSD + Mastodon = ❤️
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
blog.hofstede.it/migrating-bu...
#freebsd #mastodon #jails #bastillebsd #pf
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
blog.hofstede.it/migrating-bu...
#freebsd #mastodon #jails #bastillebsd #pf
burningboard.net - Mastodon für Technik-Begeisterte, Gamer und Nerds
Eine etablierte Mastodon-Instanz für Technik-Begeisterte, Gamer und Nerds. Seit 2002 aktiv. Datenschutz, keine Werbung, Open Source.
burningboard.net
December 7, 2025 at 4:54 PM
FreeBSD + BastilleBSD + Mastodon = ❤️
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
blog.hofstede.it/migrating-bu...
#freebsd #mastodon #jails #bastillebsd #pf
I wrote about running burningboard.net in a fully dual‑stack, multi‑jail FreeBSD deployment.
Clean design, central PF firewall, zero Docker.
blog.hofstede.it/migrating-bu...
#freebsd #mastodon #jails #bastillebsd #pf
Reposted by Larvitz
If you want to build production level container deployment without @kubernetesio, Quadlets might be the answer! Check out this blog from @hofstede.io :
blog.hofstede.it/production-g... #podman #opensource
blog.hofstede.it/production-g... #podman #opensource
Making sure you're not a bot!
blog.hofstede.it
November 17, 2025 at 4:36 PM
If you want to build production level container deployment without @kubernetesio, Quadlets might be the answer! Check out this blog from @hofstede.io :
blog.hofstede.it/production-g... #podman #opensource
blog.hofstede.it/production-g... #podman #opensource
Fedora Linux 43 was released: fedoraproject.org
I run the beta/rc since early September and so far, it's absolutely rock-solid and stable!
Amazing release. I tip my fedora for all the people at @fedora.fosstodon.org.ap.brid.gy
#linux #fedora #fedora43 #linux #foss
I run the beta/rc since early September and so far, it's absolutely rock-solid and stable!
Amazing release. I tip my fedora for all the people at @fedora.fosstodon.org.ap.brid.gy
#linux #fedora #fedora43 #linux #foss
October 28, 2025 at 5:57 PM
Fedora Linux 43 was released: fedoraproject.org
I run the beta/rc since early September and so far, it's absolutely rock-solid and stable!
Amazing release. I tip my fedora for all the people at @fedora.fosstodon.org.ap.brid.gy
#linux #fedora #fedora43 #linux #foss
I run the beta/rc since early September and so far, it's absolutely rock-solid and stable!
Amazing release. I tip my fedora for all the people at @fedora.fosstodon.org.ap.brid.gy
#linux #fedora #fedora43 #linux #foss
Just published a FreeBSD Cheat Sheet for Linux Admins with 100+ command translations.
Covers hardware info, networking (sockstat is so much cleaner than ss!), ZFS operations, and those little differences that trip you up.
codeberg.org/Larvitz/gist...
#FreeBSD #Linux #SysAdmin #DevOps
Covers hardware info, networking (sockstat is so much cleaner than ss!), ZFS operations, and those little differences that trip you up.
codeberg.org/Larvitz/gist...
#FreeBSD #Linux #SysAdmin #DevOps
codeberg.org
August 29, 2025 at 7:48 PM
Just published a FreeBSD Cheat Sheet for Linux Admins with 100+ command translations.
Covers hardware info, networking (sockstat is so much cleaner than ss!), ZFS operations, and those little differences that trip you up.
codeberg.org/Larvitz/gist...
#FreeBSD #Linux #SysAdmin #DevOps
Covers hardware info, networking (sockstat is so much cleaner than ss!), ZFS operations, and those little differences that trip you up.
codeberg.org/Larvitz/gist...
#FreeBSD #Linux #SysAdmin #DevOps
Ever wondered which SSH keys are lurking on your servers?
Just published an Ansible playbook that audits your servers for SSH keys!
- Detects unprotected private keys
- Lists all pubkeys for root and users
- Comprehensive reporting
codeberg.org/Larvitz/gist...
#linux #ansible #devops #itsec
Just published an Ansible playbook that audits your servers for SSH keys!
- Detects unprotected private keys
- Lists all pubkeys for root and users
- Comprehensive reporting
codeberg.org/Larvitz/gist...
#linux #ansible #devops #itsec
August 4, 2025 at 6:11 PM
Ever wondered which SSH keys are lurking on your servers?
Just published an Ansible playbook that audits your servers for SSH keys!
- Detects unprotected private keys
- Lists all pubkeys for root and users
- Comprehensive reporting
codeberg.org/Larvitz/gist...
#linux #ansible #devops #itsec
Just published an Ansible playbook that audits your servers for SSH keys!
- Detects unprotected private keys
- Lists all pubkeys for root and users
- Comprehensive reporting
codeberg.org/Larvitz/gist...
#linux #ansible #devops #itsec
Released my Ansible JailExec Plugin for FreeBSD! Effortlessly automate jails via host SSH with jls & jexec, no direct jail SSH required.
📂 GitHub: github.com/chofstede/an...
📂 Codeberg: codeberg.org/Larvitz/ansi...
#FreeBSD #Ansible #DevOps
📂 GitHub: github.com/chofstede/an...
📂 Codeberg: codeberg.org/Larvitz/ansi...
#FreeBSD #Ansible #DevOps
GitHub - chofstede/ansible_jailexec: Ansible Connection Plugin for FreeBSD Jails via jexec
Ansible Connection Plugin for FreeBSD Jails via jexec - chofstede/ansible_jailexec
github.com
August 1, 2025 at 4:01 PM
Released my Ansible JailExec Plugin for FreeBSD! Effortlessly automate jails via host SSH with jls & jexec, no direct jail SSH required.
📂 GitHub: github.com/chofstede/an...
📂 Codeberg: codeberg.org/Larvitz/ansi...
#FreeBSD #Ansible #DevOps
📂 GitHub: github.com/chofstede/an...
📂 Codeberg: codeberg.org/Larvitz/ansi...
#FreeBSD #Ansible #DevOps
Nice. Put that on my todo list. Thank you
July 29, 2025 at 8:57 PM
Nice. Put that on my todo list. Thank you
After months of tweaking, I've got my Neovim setup dialed in for Ansible work. Complete LSP support, auto-linting, and zero-config startup. Sharing it in case other DevOps folks find it useful: codeberg.org/Larvitz/nvim...
#linux #ansible #devops #python #vim
#linux #ansible #devops #python #vim
nvim-ansible
Neovim config for Ansible & Python
codeberg.org
July 29, 2025 at 7:36 PM
Windows hackers, unite! Red Hat Enterprise Linux 10 blasts into WSL2 - enterprise stability meets Windows flexibility. Podman, systemd, all in your backyard. No dual-boot drama! Get started: developers.redhat.com/articles/202... #RHEL10 #WSL2 #RedHat #LinuxDev #Linux #Windows
Getting started with RHEL on WSL | Red Hat Developer
Explore steps to get started with Red Hat Enterprise Linux (RHEL) on Microsoft Windows Subsystem for Linux (WSL) and create customized RHEL images
developers.redhat.com
July 20, 2025 at 8:26 AM
Diving into RHEL 10's enhanced podman with quadlet: Define systemd units for containers via .container files—immutable, auto-restart on boot. Hack: Layer in custom seccomp profiles for zero-trust. Enterprise meets edge computing finesse! #RHEL10 #RedHat #Containers #LinuxHacks
July 19, 2025 at 2:21 PM
Diving into RHEL 10's enhanced podman with quadlet: Define systemd units for containers via .container files—immutable, auto-restart on boot. Hack: Layer in custom seccomp profiles for zero-trust. Enterprise meets edge computing finesse! #RHEL10 #RedHat #Containers #LinuxHacks
Was zur Hölle, Deutsche Bahn?!
Der Sparpreis mit Zug-Bindung und ohne City-Ticket ist **teuerer** als das Flex-Ticket, mit dem ich den ganzen Tag fahren kann und ein City-Ticket inklusive habe?!!!!
#db #bahn #zug #reisen #allebekloppt
Der Sparpreis mit Zug-Bindung und ohne City-Ticket ist **teuerer** als das Flex-Ticket, mit dem ich den ganzen Tag fahren kann und ein City-Ticket inklusive habe?!!!!
#db #bahn #zug #reisen #allebekloppt
July 19, 2025 at 2:12 PM
Was zur Hölle, Deutsche Bahn?!
Der Sparpreis mit Zug-Bindung und ohne City-Ticket ist **teuerer** als das Flex-Ticket, mit dem ich den ganzen Tag fahren kann und ein City-Ticket inklusive habe?!!!!
#db #bahn #zug #reisen #allebekloppt
Der Sparpreis mit Zug-Bindung und ohne City-Ticket ist **teuerer** als das Flex-Ticket, mit dem ich den ganzen Tag fahren kann und ein City-Ticket inklusive habe?!!!!
#db #bahn #zug #reisen #allebekloppt
Reposted by Larvitz
Why did the global IT system break down a year ago on 19/July/2024?
Because CrowdStrike released an update that was so good at finding threats, it found a threat in itself and decided to take a much-needed, worldwide coffee break! 🤣
Because CrowdStrike released an update that was so good at finding threats, it found a threat in itself and decided to take a much-needed, worldwide coffee break! 🤣
July 19, 2025 at 9:10 AM
Why did the global IT system break down a year ago on 19/July/2024?
Because CrowdStrike released an update that was so good at finding threats, it found a threat in itself and decided to take a much-needed, worldwide coffee break! 🤣
Because CrowdStrike released an update that was so good at finding threats, it found a threat in itself and decided to take a much-needed, worldwide coffee break! 🤣
This weeks Pokémon booster opening is something different. Not Destinied Rivals like the past weeks.
"Gem Pack Vol. 2" in simplified chinese from mainland China 🇨🇳
Not the best pull in the wold, but two new cards, that were still missing. Gonna catch em all!
#pokemon #pokemontcg #tcg #games #fun
"Gem Pack Vol. 2" in simplified chinese from mainland China 🇨🇳
Not the best pull in the wold, but two new cards, that were still missing. Gonna catch em all!
#pokemon #pokemontcg #tcg #games #fun
July 19, 2025 at 9:10 AM
This weeks Pokémon booster opening is something different. Not Destinied Rivals like the past weeks.
"Gem Pack Vol. 2" in simplified chinese from mainland China 🇨🇳
Not the best pull in the wold, but two new cards, that were still missing. Gonna catch em all!
#pokemon #pokemontcg #tcg #games #fun
"Gem Pack Vol. 2" in simplified chinese from mainland China 🇨🇳
Not the best pull in the wold, but two new cards, that were still missing. Gonna catch em all!
#pokemon #pokemontcg #tcg #games #fun
Reposted by Larvitz
Tony Hawk’s Pro Skater 1 (Remake) running on the Steam-Deck. Just having some old school fun, rocking tricks with the board :)
Amazing, how much of the tricks is still in my muscle memory. I played that game and its successor *a lot* in the late 1990s on […]
[Original post on burningboard.net]
Amazing, how much of the tricks is still in my muscle memory. I played that game and its successor *a lot* in the late 1990s on […]
[Original post on burningboard.net]
July 13, 2025 at 2:30 PM
Tony Hawk’s Pro Skater 1 (Remake) running on the Steam-Deck. Just having some old school fun, rocking tricks with the board :)
Amazing, how much of the tricks is still in my muscle memory. I played that game and its successor *a lot* in the late 1990s on […]
[Original post on burningboard.net]
Amazing, how much of the tricks is still in my muscle memory. I played that game and its successor *a lot* in the late 1990s on […]
[Original post on burningboard.net]
Reposted by Larvitz
welche KI fehlt noch in meiner App Sammlung?
July 13, 2025 at 5:53 PM
welche KI fehlt noch in meiner App Sammlung?
Just migrated my Forgejo Git forge to a new RHEL 10 server, running everything as Podman containers! I used the chance to convert to quadlet files, modernize my Traefik config, and use podman secrets. The result is a much cleaner and more consistent setup!
#devops #podman #rhel #sysadmin #linux
#devops #podman #rhel #sysadmin #linux
June 16, 2025 at 8:23 AM
Duolingo ist aber auch teuer geworden 😓
April 30, 2025 at 10:33 PM
Duolingo ist aber auch teuer geworden 😓