Somewhat related OpenBSD is the fundament of my self-hosted homelab since it runs DNS, DHCP, a firewall router and a small local web server. Configuration is a dream compared to Linux and probably even compared to FreeBSD. You just need to go through the FAQ and copy&paste the relevant examples and modify them as needed. I don't know why it's so complicated on Linux where you need to appease a handful of daemons and find your way through a labyrinth of config files. I run a separate Linux based KVM host though.
OpenBSD is a very well kept secret that very few people are aware of. As close to nirvana as I can manage.
The fact I miss pretty much all the drama around the latest corporate take over attempts on Linux is just icing on the cake. The toxic slug strategy is an amazing one that more open source projects should use.
I can't find the article where I read it, many years ago now, but it was about strategies that small communities can adopt to keep their culture from being subsumed by the mainstream.
One was to pick a set of norms repugnant to the mainstream that everyone currently in the community can tolerate and enforce them rigorously on all new members. This will limit the appeal of the community to people like the ones currently there and will make sure that it never grows too big.
Thus your community is as appetising to activists attempting a hostile takeover as a toxic slug is to a bird.
As an example from six years ago, when the code of conduct madness had just reached its peak:
>I believe OpenBSD's code of conduct can be summed up as "if you are the type of person who needs a code of conduct to teach to you how to human then you are not welcome here".
My impression is that the BSD's are laser-focused on providing efficient environments for networking backbone software to exist in, so special attention is paid to making it easy to orchestrate everything with rc.conf and keeping anything not required for these goals out of the default installation; while Linux (and its distributions) being far more general-purpose naturally will take more configuration.
Linux packaging tools are bad and the people who make Linux packages generally don't do a very good job at it limited by tools and motivation.
So much linux software doesn't come with sane defaults out of the box, doesn't have an easy path to common desired configurations, and doesn't have reasonable documentation. PARTICULARLY for "open" software that has a paid hosted option.
I say this after decades of a career where a very large proportion of the frustration and "stupid work" I've had to do involved getting a piece of software to do something obvious.
Working with the BSDs is just delightful in how wanting to do something turns into something working with ease.
Have you dealt with hardware failure or instability yet? It can be pretty annoying to pin down and isolate, unless you keep an order of magnitude of hoarded hardware around.
I run FreeBSD in my homelab, too! One reason is the stellar ZFS support, but the simple fun of doing stuff differently is definitely a thing, too. And I like FreeBSD jails.
For me, the balance between all the overhead of the "cattle, not pets" approach and the manual way is the a README.md file for basic setup, and then having Ansible stand up the rest of the configuration. The host is configured as a Jail host, then individual services live inside the jails. Creating and configuring the jails is also done through Ansible.
Overall, I really like the setup.
I can individually SSH into each jail to allow easy debugging, I can snapshot the jails, and data lives on a special ZFS subvolume that I mount into each jail at "/bucket".
This way, I can throw away the jail at any time, fire up Ansible, and have everything up and running again in no time.
I really wanted to love FreeBSD. Growing up in grade school my friend's older brother was a contributor and I thought he was the coolest guy ever. I loved the ethos and I agreed with this post. But practically, I just ran I into too much pain.
- firewall? Lots of pain and hard to find friendly, best practice starter templates. Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)
- pm2 was buggy on FreeBSD because of some issue with process IDs getting lost. That was pm2's fault, not FreeBSD's. But I still wanted to simply run different processes and keep my logs somewhere. Well, I guess I could write rc.d scripts for that. But keeping logs from the processes started by rc.d scripts? That also appeared to be a world of pain, and wherever I looked for answers people said "it's complicated."
In the end, it was just too much having to re-invent the wheel for common server tasks and I had to say goodbye. It's not you FreeBSD, it's me. I'm just not an OS dev.
> - firewall? […] Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)
I felt this way about pf when I first got PF going around 2011 for my home router/firewall box. Not saying this is the same for you or anyone else, but my issue was that I was approaching it from the point of view of “I want to configure a home firewall router with PF” instead of “I want to learn the fundamentals of what a firewall does”.
It took me a few more years to get well-versed in all that stuff: the structure of packets, what NAT actually means (what addresses are being translated, why, and where), what's going on in the state table, how to debug when things aren't doing what I expect, etc. Once I did it became much more straightforward to express in my `pf.conf` what I want to do, but you're right that doesn't really help new users.
> Lots of pain and hard to find friendly, best practice starter templates.
For a very simple NAT gateway, one could set `firewall_type=simple` and then `firewall_simple_(iif|inet|oif|onet)(_ipv6)?` to configure the ISP-side and internal-side interface names and IPv4 and IPv6 network ranges for each.
For a very easy single-machine firewall, one could set `firewall_type=client` or `firewall_type=workstation` if you want to host anything. For the latter, `firewall_myservices` and `firewall_allowservices` control what ports are enabled and who (other networks/IPs) have access to them
> - firewall? Lots of pain and hard to find friendly, best practice starter templates. Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)
I don't use much FreeBSD these days, but pf (from OpenBSD, I know), is one of the best things since sliced bread.
In my first job I was working for a company selling a third-party vertical software and we were proving support for it. We were using a very expensive symantec vpn with most customers connecting with a 33.3kb phone connection, until we reached the license limits, and there was no money for new licenses. In a pinch, me and a coworker set up a new server with openvpn, freebsd, pf, and a ruby-based dns server that I don't remember anymore, and we grew an order of magnitudes more customers.
It's been more that 20 years, I still don't know how to use firewalls in linux, (there are many, I just pretend they don't exists) but I would still be able to setup a pf firewall if needed. I need to say it again, pf is a joy to use.
My gripe with FreeBSD right now is that I miss something like docker swarm. bhyve is fine but AFAIK it works only on a single host. Give me something that works on a bunch of hosts, and I will come back right away
PF seems to me like pretty much the most well regarded firewall there is -
with a nice, sensible DSL for config. If you don't like like it, you can use use IPFW or IPFILTER, which are alternative, built-in, firewall front-ends.
- In the end, it was just too much having to re-invent the wheel for common server tasks
Maybe you have built your routine around a system that have reinvented the wheel? I think FreeBSD knowledge degrades more slowly than that of Linux distros.
- I'm just not an OS dev.
That's how I feel when I enter the chaotic Linux world. Do you think my life revolve around keeping up with this shit? :)
> That's how I feel when I enter the chaotic Linux world.
I feel that as a Linux user. I really like Linux, I use it on my desktop and it runs all my servers. Delving into forum posts to find some solution to a specific problem can be exhausting. Sometimes you get a top result from like 2011 and it is out of date so you then need to spend X minutes trying to look up something more recent.
You haven't really gone 'round the block in the world of quasi-modern Linux until you're Googling for answers and guidance to what seems like some obscure issue, wherein: The noise is intense and replete with bad answers, unanswered questions, lack of report (positive? negative? how 'bout "none"?), and dumb SEO spam.
Time passes (how much time? are the birds singing yet?) as you keep slogging through that endless sea of muck.
Finally, you run across an old post on some forum where the person not only wrote about the problem, but also the cause of the problem -- and the answer.
So you're reading along, working to once again evaluate whether your problem matches their problem. And the more you read, the more familiar it all seems... like you've been there before.
"It can't be," you say to yourself.
But you scroll back up to the top of the comment and look at the author's name anyway.
And yep, sure as anything: It was you. Six years ago, you wrote about that exact problem yourself and posted a perfectly-cromulent solution to it.
So you fix it (again), note that the birds are in fact singing, and to try to sleep for a bit while pondering your life's choices: You could have found a hobby in origami or perhaps woodworking. Maybe worked as a Mennonite tradesman producing leather goods, or as a carpenter (even an Amish one if any of that seemed too high-tech).
But you didn't. You chose this path instead. It could have all been so simple, but it isn't.
Addendum:
I've used FreeBSD as my daily driver (I hate that term) since around 2004. Including through cs/math university. With Windows in a VM for "I need it".
The longer I've used it the more I'm annoyed by the trivialities of Linux distro management. And the bugs that happens between ill fitting parts composed by underfunded distro developers.
And I didn't mean to imply that FreeBSD is stale. There is big stuff happening continuously. Right now it's compatibility with Linux Wifi drivers, which will make FreeBSD more laptop-able. And pkgbase, which brings some of the compile-your-self flexibility of FreeBSD to binary management, and merges the two tools that decides what makes up your system into one. And kinda makes FreeBSD into the slim system that people already claims it to be.
My pet conspiracy is that pkgbase happened because the powers that be didn't want the 1000 battles to remove junk. Any time anyone wants to remove something there's always one or two guys on the mailing list claiming their livelihood depends on not having to do "pkg install Ø". With pkgbase its all gone.
They might've been trying freebsd back when pf wasn't well supported. Back when I last used openbsd (which might be nearly 20yrs ago now - eek), pf support on freebsd was lagging quite a bit.
Not sure what things are like now though - I'm guessing it's much better as pf was obviously the best option :)
I still run a server for hosting my Jellyfin and n8n, but I've honestly been moving a lot of my stuff to cloud hosting stuff. I found that trying to maintain uptime for all my services started to become a pretty huge time sink and I realized that I really didn't gain anything by hosting my blog on my own server with Nginx instead of just using a free Cloudflare Pages with Quartz.
I think it's ultimately a sign of aging; I don't really have the attention span or energy to LARP as a sysadmin anymore, especially since I never really enjoyed that aspect of computers anyway. I think my monthly cost of storage would get untenable if I tried to move all my raw media rips to the cloud (about 45TB [1]), so I don't think I'll be able to migrate my Jellyfin for the foreseeable future, but I would like to some day.
[1] Looking it up, storing 45TB would end up costing anywhere between $250-$1500 a month pretty easily, which I currently cannot justify.
I installed Jellyfin on my home server a few months ago but it’s already broken by upgrading to 10.11, and unusable until I restore 10.10 from backup or start over: https://github.com/jellyfin/jellyfin/issues/15027. There seem to be lots of other database migration bugs for this release and other ones.
I use Docker on Linux for this kind of thing (Jellyfin, Nextcloud and a few others) and updates are completely trouble free. I would never deploy complex "black box" apps like Jellyfin bare metal. That being said, I do run my email stack bare metal as I want fine control. Everything is hosted at home on my own hardware and I would never consider moving my computing to the "cloud."
Yeah, I've been afraid to upgrade because I've been following these updates. I'm going to wait until the dust settles a bit before upgrading because, as stated, I don't really enjoy larping as a sysadmin anymore.
This really resonates. Sometimes the best reason to switch tech is just to feel that spark of learning again. I build self-hosting platforms and have spent years trying to make it “easy”, even getting it to work on Windows/macOS. But honestly, the magic isn’t in convenience. It’s in that figuring it out phase imho...
When we don't have convenience and rather jump into the sea directly, we would actually learn how the stack works and not how the convenience wrapper worked. We would feel more confident in our ability to do more things without requiring somebody else's help and more.
It is this reason why figuring out this phase feels really important and lovely even, yet most people feel its hardness and leave it aside since they just want something which just works
Fortunately, for them, I think with technologies like docker/podman, flatpak, appimage etc. I feel like its already easy-ish enough.
Side nit pick but I hate when apps create docker/podman containers when they can also have flatpak, I would love to see some self hosting apps which have a gui or maybe even some cli hosted via flatpak but I rarely saw cli apps in flatpak etc.
Nice website design. I don't like to use the same stuff I use for work at home because home is supposed to be fun.
So I used to have everything FreeBSD but I've stopped using around 2020 when I've started buying computers that have different core configurations like ARM RockChip and Intel Alder Lake. I believe the term is called big.LITTLE when you have efficient and performance cores.
As of now the FreeBSD scheduler is not making full use of big.LITTLE. TBF It works and your mileage might vary and you might also pin stuff to cores but not ideal.
Meanwhile I went back to Linux and fell into the Nix rabbit hole.
I might go back once they get ULE to be able to use my Alder Lake efficiently.
I spent a lot of time 25 years ago learning to love BSD in general, but FreeBSD in particular. I tried to make DragonflyBSD my desktop OS for a time. It’s sad how little love BSD gets nowadays…especially given how much of modern iOS / macOS owes BSD (for BSD subsystem that’s on top of the Mach kernel).
I use it every day as my desktop OS. Vanilla FreeBSD even, not dragonfly.
I like it because it's so stable. They don't have this Linux thing where they have to change everything around to incorporate the latest fad, and there's also not so many big tech companies constantly messing with the code. Linux has too much corporate influence for me. I don't want Huawei or Amazon to be messing with the code I run all the time. The grassroots nature of Linux is kinda gone and the suits have taken over, just like with the internet itself.
I also love how the OS is stable but the apps are rolling. This really helps to be on the latest KDE etc. And the documentation is excellent. ZFS on root as a first class citizen too.
There's a small team of maintainers working hard to keep everything going in this age of increasing linuxisms. But so far they've been doing a great job.
I just started using FreeBSD as my desktop OS on an old x230. I was surprised to find that for my use case, wine works faster and is more stable than on linux or Mac. Now I will install it on my desktop pc next.
Apple isn't really BSD. The mach kernel is very different. There's some shared heritage dating back to nextstep but it's very deep. And some userland. But that's really all.
Sure it's very distinct but the vibe still feels more *BSD due to that early userland. That shared heritage runs deep. I'd also say it also feels more like Solaris/Illumos. Linux has just always had a very different vibe to it.
Is this the fluffypony of Monero fame? If so, I got into FreeBSD a bit after hearing you praise it on crypto podcasts back in 2017/18. Surprised your handle was still available on HN!
I know the feeling, having recently migrated a solid TrueNAS 13.3 to a hand-built FreeBSD 13.5. The main reason was to get OpenZFS 2.3 RAIDZ expansion as storage was getting tight. It turns out to be quite similar using Webmin for GUI and BastilleBSD for jails.
There were a few hiccups, such as learning about bootloader versions, but after a few Saturdays tinkering it has been running solid and I’m very pleased.
That's similar to me, I started using FreeNAS back in the 9.x days.
At the time the FreeNAS documentation recommend installing to a usb drive. This proved unreliable, but dedicating a drive to it was silly given it couldn't be used for anything else. I had all the things I needed but I wanted to peel back the layers and this seemed like a good excuse
So I threw in a drive and installed freebsd 10 and spent a few days familiarising myself with everything, learned how to configure samba myself, learned how to setup jails with iocage (the old shell version), and finally imported my pool.
Just two weeks ago, I spun up a FreeBSD server on OVH and migrated a service to it from Railway. Playing with jails, pf, ZFS, and some other goodies has been a lot of fun. Since I (massively) over-provisioned, I also spun up Gitea, Woodpecker CI (and agent; blazing fast CICD is so nice), and a personal blog. Been a great learning project.
[] It's not my first time with FreeBSD. I first ran it in ~2004. But it's been over 10 years since I last ran it, and I'd forgotten a decent bit. The last time I ran it, I just set up a couple of jails for NAS and Plex and proceeded to not touch it until I moved.
I've started using Bastille recently, it allows using Dockerfile-like 'templates' to provision jails. I like this because I can destroy and recreate the jails easily, particularly to move to a new release (without having to do in-place upgrades synced to the host version, which is how I used to do it).
I have used FreeBSD back in 1999 to provide hosting services for a company that I have worked. Web server, DNS, POP/SMTP, FTP and squid cache proxy
.it was used also internally for DHCP and NAT routing (since we had only one public IP). Just configured it like an appliance and never had a problem, even uptime was counted in months (exception was package and kernel upgrades).
I find myself using BSDs at home too, I got a bunch of very old systems that only NetBSD supports these days. Very old SPARC, HP 9000s and the likes. Everything else is Linux, but maybe I'll try one of the BSDs on something more modern...
I used FreeBSD as my daily desktop for a while in the 2000s. IIRC, the package manager had to compile each package from source, but that wasn't a huge deal. Things just worked in a non-overly-clever fashion.
Can we leverage AI for thr man pages and how to get things done? Anyone know if the llms are relatively trustworthy with their how to?. The assumption is because rhe man pages are well curated and the bsd's don't change much, source of truth is a bit more universal than other OS's.
Somewhat related OpenBSD is the fundament of my self-hosted homelab since it runs DNS, DHCP, a firewall router and a small local web server. Configuration is a dream compared to Linux and probably even compared to FreeBSD. You just need to go through the FAQ and copy&paste the relevant examples and modify them as needed. I don't know why it's so complicated on Linux where you need to appease a handful of daemons and find your way through a labyrinth of config files. I run a separate Linux based KVM host though.
OpenBSD is a very well kept secret that very few people are aware of. As close to nirvana as I can manage.
The fact I miss pretty much all the drama around the latest corporate take over attempts on Linux is just icing on the cake. The toxic slug strategy is an amazing one that more open source projects should use.
Openbsd split from netbsd back in the day as the original toxic slug, so it is amusing to call it a releif today
What do you mean by "toxic slug strategy"?
I can't find the article where I read it, many years ago now, but it was about strategies that small communities can adopt to keep their culture from being subsumed by the mainstream.
One was to pick a set of norms repugnant to the mainstream that everyone currently in the community can tolerate and enforce them rigorously on all new members. This will limit the appeal of the community to people like the ones currently there and will make sure that it never grows too big.
Thus your community is as appetising to activists attempting a hostile takeover as a toxic slug is to a bird.
As an example from six years ago, when the code of conduct madness had just reached its peak:
>I believe OpenBSD's code of conduct can be summed up as "if you are the type of person who needs a code of conduct to teach to you how to human then you are not welcome here".
Thanks for the explanation!
My impression is that the BSD's are laser-focused on providing efficient environments for networking backbone software to exist in, so special attention is paid to making it easy to orchestrate everything with rc.conf and keeping anything not required for these goals out of the default installation; while Linux (and its distributions) being far more general-purpose naturally will take more configuration.
Linux packaging tools are bad and the people who make Linux packages generally don't do a very good job at it limited by tools and motivation.
So much linux software doesn't come with sane defaults out of the box, doesn't have an easy path to common desired configurations, and doesn't have reasonable documentation. PARTICULARLY for "open" software that has a paid hosted option.
I say this after decades of a career where a very large proportion of the frustration and "stupid work" I've had to do involved getting a piece of software to do something obvious.
Working with the BSDs is just delightful in how wanting to do something turns into something working with ease.
Have you dealt with hardware failure or instability yet? It can be pretty annoying to pin down and isolate, unless you keep an order of magnitude of hoarded hardware around.
Time and attention are always in short supply.
I run FreeBSD in my homelab, too! One reason is the stellar ZFS support, but the simple fun of doing stuff differently is definitely a thing, too. And I like FreeBSD jails.
For me, the balance between all the overhead of the "cattle, not pets" approach and the manual way is the a README.md file for basic setup, and then having Ansible stand up the rest of the configuration. The host is configured as a Jail host, then individual services live inside the jails. Creating and configuring the jails is also done through Ansible. Overall, I really like the setup. I can individually SSH into each jail to allow easy debugging, I can snapshot the jails, and data lives on a special ZFS subvolume that I mount into each jail at "/bucket". This way, I can throw away the jail at any time, fire up Ansible, and have everything up and running again in no time.
If I didn't need CUDA support, I'd be on FreeBSD all the way. No systemd, built-in "containers" before they were cool, basically just good 'ole UNIX.
I really wanted to love FreeBSD. Growing up in grade school my friend's older brother was a contributor and I thought he was the coolest guy ever. I loved the ethos and I agreed with this post. But practically, I just ran I into too much pain.
- firewall? Lots of pain and hard to find friendly, best practice starter templates. Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)
- pm2 was buggy on FreeBSD because of some issue with process IDs getting lost. That was pm2's fault, not FreeBSD's. But I still wanted to simply run different processes and keep my logs somewhere. Well, I guess I could write rc.d scripts for that. But keeping logs from the processes started by rc.d scripts? That also appeared to be a world of pain, and wherever I looked for answers people said "it's complicated."
In the end, it was just too much having to re-invent the wheel for common server tasks and I had to say goodbye. It's not you FreeBSD, it's me. I'm just not an OS dev.
https://docs.freebsd.org/en/books/handbook/firewalls/
> - firewall? […] Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)
I felt this way about pf when I first got PF going around 2011 for my home router/firewall box. Not saying this is the same for you or anyone else, but my issue was that I was approaching it from the point of view of “I want to configure a home firewall router with PF” instead of “I want to learn the fundamentals of what a firewall does”.
It took me a few more years to get well-versed in all that stuff: the structure of packets, what NAT actually means (what addresses are being translated, why, and where), what's going on in the state table, how to debug when things aren't doing what I expect, etc. Once I did it became much more straightforward to express in my `pf.conf` what I want to do, but you're right that doesn't really help new users.
> Lots of pain and hard to find friendly, best practice starter templates.
FreeBSD does include this, however! It's just implemented using IPFW instead of PF. Check out `firewall_type` key in `rc.conf`: https://cgit.freebsd.org/src/tree/libexec/rc/rc.conf?id=edad...
For a very simple NAT gateway, one could set `firewall_type=simple` and then `firewall_simple_(iif|inet|oif|onet)(_ipv6)?` to configure the ISP-side and internal-side interface names and IPv4 and IPv6 network ranges for each.
For a very easy single-machine firewall, one could set `firewall_type=client` or `firewall_type=workstation` if you want to host anything. For the latter, `firewall_myservices` and `firewall_allowservices` control what ports are enabled and who (other networks/IPs) have access to them
For more details and to see exactly what each option actually does, check out `/etc/rc.firewall` where this is all implemented: https://cgit.freebsd.org/src/tree/libexec/rc/rc.firewall?id=...
> - firewall? Lots of pain and hard to find friendly, best practice starter templates. Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)
I don't use much FreeBSD these days, but pf (from OpenBSD, I know), is one of the best things since sliced bread.
In my first job I was working for a company selling a third-party vertical software and we were proving support for it. We were using a very expensive symantec vpn with most customers connecting with a 33.3kb phone connection, until we reached the license limits, and there was no money for new licenses. In a pinch, me and a coworker set up a new server with openvpn, freebsd, pf, and a ruby-based dns server that I don't remember anymore, and we grew an order of magnitudes more customers.
It's been more that 20 years, I still don't know how to use firewalls in linux, (there are many, I just pretend they don't exists) but I would still be able to setup a pf firewall if needed. I need to say it again, pf is a joy to use.
My gripe with FreeBSD right now is that I miss something like docker swarm. bhyve is fine but AFAIK it works only on a single host. Give me something that works on a bunch of hosts, and I will come back right away
vm-bhyve, which is a friendly wrapper around bhyve, has a vm send command. Not as automatic as docker swarm but is pretty handy for homelabbin’.
I was intrigued and went looking, I can't find any info on a vm send command.
Edit: I think it's 'vm migrate'
https://man.freebsd.org/cgi/man.cgi?query=vm&sektion=8&manpa...
what do you need docker swarm / bhyve for in a selfhosting context?
- firewall?
PF seems to me like pretty much the most well regarded firewall there is - with a nice, sensible DSL for config. If you don't like like it, you can use use IPFW or IPFILTER, which are alternative, built-in, firewall front-ends.
- In the end, it was just too much having to re-invent the wheel for common server tasks
Maybe you have built your routine around a system that have reinvented the wheel? I think FreeBSD knowledge degrades more slowly than that of Linux distros.
- I'm just not an OS dev.
That's how I feel when I enter the chaotic Linux world. Do you think my life revolve around keeping up with this shit? :)
> That's how I feel when I enter the chaotic Linux world.
I feel that as a Linux user. I really like Linux, I use it on my desktop and it runs all my servers. Delving into forum posts to find some solution to a specific problem can be exhausting. Sometimes you get a top result from like 2011 and it is out of date so you then need to spend X minutes trying to look up something more recent.
You haven't really gone 'round the block in the world of quasi-modern Linux until you're Googling for answers and guidance to what seems like some obscure issue, wherein: The noise is intense and replete with bad answers, unanswered questions, lack of report (positive? negative? how 'bout "none"?), and dumb SEO spam.
Time passes (how much time? are the birds singing yet?) as you keep slogging through that endless sea of muck.
Finally, you run across an old post on some forum where the person not only wrote about the problem, but also the cause of the problem -- and the answer.
So you're reading along, working to once again evaluate whether your problem matches their problem. And the more you read, the more familiar it all seems... like you've been there before.
"It can't be," you say to yourself.
But you scroll back up to the top of the comment and look at the author's name anyway.
And yep, sure as anything: It was you. Six years ago, you wrote about that exact problem yourself and posted a perfectly-cromulent solution to it.
So you fix it (again), note that the birds are in fact singing, and to try to sleep for a bit while pondering your life's choices: You could have found a hobby in origami or perhaps woodworking. Maybe worked as a Mennonite tradesman producing leather goods, or as a carpenter (even an Amish one if any of that seemed too high-tech).
But you didn't. You chose this path instead. It could have all been so simple, but it isn't.
Addendum: I've used FreeBSD as my daily driver (I hate that term) since around 2004. Including through cs/math university. With Windows in a VM for "I need it". The longer I've used it the more I'm annoyed by the trivialities of Linux distro management. And the bugs that happens between ill fitting parts composed by underfunded distro developers.
And I didn't mean to imply that FreeBSD is stale. There is big stuff happening continuously. Right now it's compatibility with Linux Wifi drivers, which will make FreeBSD more laptop-able. And pkgbase, which brings some of the compile-your-self flexibility of FreeBSD to binary management, and merges the two tools that decides what makes up your system into one. And kinda makes FreeBSD into the slim system that people already claims it to be.
My pet conspiracy is that pkgbase happened because the powers that be didn't want the 1000 battles to remove junk. Any time anyone wants to remove something there's always one or two guys on the mailing list claiming their livelihood depends on not having to do "pkg install Ø". With pkgbase its all gone.
They might've been trying freebsd back when pf wasn't well supported. Back when I last used openbsd (which might be nearly 20yrs ago now - eek), pf support on freebsd was lagging quite a bit.
Not sure what things are like now though - I'm guessing it's much better as pf was obviously the best option :)
My impression:
* PF was imported into FreeBSD from OpenBSD, maybe it had problems at first.
* Both implementations have been actively maintained, further developed, and diverged.
* There is now collaboration in the development of the FreeBSD and OpenBSD implementations.
* PF is the shit. Even though IPFW is the "invented here" firewall.
I still run a server for hosting my Jellyfin and n8n, but I've honestly been moving a lot of my stuff to cloud hosting stuff. I found that trying to maintain uptime for all my services started to become a pretty huge time sink and I realized that I really didn't gain anything by hosting my blog on my own server with Nginx instead of just using a free Cloudflare Pages with Quartz.
I think it's ultimately a sign of aging; I don't really have the attention span or energy to LARP as a sysadmin anymore, especially since I never really enjoyed that aspect of computers anyway. I think my monthly cost of storage would get untenable if I tried to move all my raw media rips to the cloud (about 45TB [1]), so I don't think I'll be able to migrate my Jellyfin for the foreseeable future, but I would like to some day.
[1] Looking it up, storing 45TB would end up costing anywhere between $250-$1500 a month pretty easily, which I currently cannot justify.
I installed Jellyfin on my home server a few months ago but it’s already broken by upgrading to 10.11, and unusable until I restore 10.10 from backup or start over: https://github.com/jellyfin/jellyfin/issues/15027. There seem to be lots of other database migration bugs for this release and other ones.
I use Docker on Linux for this kind of thing (Jellyfin, Nextcloud and a few others) and updates are completely trouble free. I would never deploy complex "black box" apps like Jellyfin bare metal. That being said, I do run my email stack bare metal as I want fine control. Everything is hosted at home on my own hardware and I would never consider moving my computing to the "cloud."
Yeah, I've been afraid to upgrade because I've been following these updates. I'm going to wait until the dust settles a bit before upgrading because, as stated, I don't really enjoy larping as a sysadmin anymore.
This really resonates. Sometimes the best reason to switch tech is just to feel that spark of learning again. I build self-hosting platforms and have spent years trying to make it “easy”, even getting it to work on Windows/macOS. But honestly, the magic isn’t in convenience. It’s in that figuring it out phase imho...
When we don't have convenience and rather jump into the sea directly, we would actually learn how the stack works and not how the convenience wrapper worked. We would feel more confident in our ability to do more things without requiring somebody else's help and more. It is this reason why figuring out this phase feels really important and lovely even, yet most people feel its hardness and leave it aside since they just want something which just works
Fortunately, for them, I think with technologies like docker/podman, flatpak, appimage etc. I feel like its already easy-ish enough.
Side nit pick but I hate when apps create docker/podman containers when they can also have flatpak, I would love to see some self hosting apps which have a gui or maybe even some cli hosted via flatpak but I rarely saw cli apps in flatpak etc.
Nice website design. I don't like to use the same stuff I use for work at home because home is supposed to be fun.
So I used to have everything FreeBSD but I've stopped using around 2020 when I've started buying computers that have different core configurations like ARM RockChip and Intel Alder Lake. I believe the term is called big.LITTLE when you have efficient and performance cores.
As of now the FreeBSD scheduler is not making full use of big.LITTLE. TBF It works and your mileage might vary and you might also pin stuff to cores but not ideal.
Meanwhile I went back to Linux and fell into the Nix rabbit hole.
I might go back once they get ULE to be able to use my Alder Lake efficiently.
I spent a lot of time 25 years ago learning to love BSD in general, but FreeBSD in particular. I tried to make DragonflyBSD my desktop OS for a time. It’s sad how little love BSD gets nowadays…especially given how much of modern iOS / macOS owes BSD (for BSD subsystem that’s on top of the Mach kernel).
I use it every day as my desktop OS. Vanilla FreeBSD even, not dragonfly.
I like it because it's so stable. They don't have this Linux thing where they have to change everything around to incorporate the latest fad, and there's also not so many big tech companies constantly messing with the code. Linux has too much corporate influence for me. I don't want Huawei or Amazon to be messing with the code I run all the time. The grassroots nature of Linux is kinda gone and the suits have taken over, just like with the internet itself.
I also love how the OS is stable but the apps are rolling. This really helps to be on the latest KDE etc. And the documentation is excellent. ZFS on root as a first class citizen too.
There's a small team of maintainers working hard to keep everything going in this age of increasing linuxisms. But so far they've been doing a great job.
I just started using FreeBSD as my desktop OS on an old x230. I was surprised to find that for my use case, wine works faster and is more stable than on linux or Mac. Now I will install it on my desktop pc next.
I really wish I could run FreeBSD on Apple silicon. The shared *BSD base seems fitting.
Apple isn't really BSD. The mach kernel is very different. There's some shared heritage dating back to nextstep but it's very deep. And some userland. But that's really all.
Sure it's very distinct but the vibe still feels more *BSD due to that early userland. That shared heritage runs deep. I'd also say it also feels more like Solaris/Illumos. Linux has just always had a very different vibe to it.
I bought my iPhone out right in cash and we should have outright full access to the hardware. Not just the screen.
Agreed. Our hardware, our software, our choice.
Is this the fluffypony of Monero fame? If so, I got into FreeBSD a bit after hearing you praise it on crypto podcasts back in 2017/18. Surprised your handle was still available on HN!
I recently set up an OpenBSD based router in our home and, man, it felt like a breath of fresh air.
I wrote about it here: https://www.blog.montgomerie.net/posts/2025-10-11-setting-up...
I know the feeling, having recently migrated a solid TrueNAS 13.3 to a hand-built FreeBSD 13.5. The main reason was to get OpenZFS 2.3 RAIDZ expansion as storage was getting tight. It turns out to be quite similar using Webmin for GUI and BastilleBSD for jails.
There were a few hiccups, such as learning about bootloader versions, but after a few Saturdays tinkering it has been running solid and I’m very pleased.
That's similar to me, I started using FreeNAS back in the 9.x days.
At the time the FreeNAS documentation recommend installing to a usb drive. This proved unreliable, but dedicating a drive to it was silly given it couldn't be used for anything else. I had all the things I needed but I wanted to peel back the layers and this seemed like a good excuse
So I threw in a drive and installed freebsd 10 and spent a few days familiarising myself with everything, learned how to configure samba myself, learned how to setup jails with iocage (the old shell version), and finally imported my pool.
Years later very little has changed.
Just two weeks ago, I spun up a FreeBSD server on OVH and migrated a service to it from Railway. Playing with jails, pf, ZFS, and some other goodies has been a lot of fun. Since I (massively) over-provisioned, I also spun up Gitea, Woodpecker CI (and agent; blazing fast CICD is so nice), and a personal blog. Been a great learning project.
[] It's not my first time with FreeBSD. I first ran it in ~2004. But it's been over 10 years since I last ran it, and I'd forgotten a decent bit. The last time I ran it, I just set up a couple of jails for NAS and Plex and proceeded to not touch it until I moved.
How's the UX for jails these days? I remember trying to use it barebones and also some of the wrappers.
I've started using Bastille recently, it allows using Dockerfile-like 'templates' to provision jails. I like this because I can destroy and recreate the jails easily, particularly to move to a new release (without having to do in-place upgrades synced to the host version, which is how I used to do it).
I have used FreeBSD back in 1999 to provide hosting services for a company that I have worked. Web server, DNS, POP/SMTP, FTP and squid cache proxy .it was used also internally for DHCP and NAT routing (since we had only one public IP). Just configured it like an appliance and never had a problem, even uptime was counted in months (exception was package and kernel upgrades).
I find myself using BSDs at home too, I got a bunch of very old systems that only NetBSD supports these days. Very old SPARC, HP 9000s and the likes. Everything else is Linux, but maybe I'll try one of the BSDs on something more modern...
I used FreeBSD as my daily desktop for a while in the 2000s. IIRC, the package manager had to compile each package from source, but that wasn't a huge deal. Things just worked in a non-overly-clever fashion.
They added binary packages.
> it deviates a bit from what might be the most common setup, but it's undoubtedly me
This is delightful. Personal projects are a great place to buck the technical monoculture and try something unique. I really enjoyed reading this.
Web rings on HN content. That was a 20 min nostalgia trip. Thank you
Don't forget to set up toor user password! /thin foil hat on It's deliberate! /thin foil hat off
Why choose Free/OpenBSD instead of Debian, CentOS, or any other distro?
For FreeBSD, given that it fulfills the tasks required:
* Ease of management - more holistically designed.
* Rock solid parts that fits together - more holistically designed.
* ZFS, jails, bhyve, dtrace, ports.
* If it works today, it works tomorrow.
* A more approachable community (which AMD says is the reason why they are developing for FreeBSD before Linux now).
* Transparency and simplicity of how it works - if you can understand it, you can manage it and fix it.
* Documentation.
* Fun! Linux is not fun.
Less churn -> the OS respects the time you invest in learning the system, and the time people have invested in documenting the system.
What do you use Linux for?
Can we leverage AI for thr man pages and how to get things done? Anyone know if the llms are relatively trustworthy with their how to?. The assumption is because rhe man pages are well curated and the bsd's don't change much, source of truth is a bit more universal than other OS's.
Make self hosting fun - true. Using FreeBSD... - Seriously?
Its fine to have fun with self-hosting.
The problem is when self-hosting amateur stuff leaks into professional life.
And then you have a expert beginner pushing their homelab/Self-hosting
If a single expert beginner can call the shots in your org, your org is the kind where that is absolutely fine.
It's more common than you think. Talking from 30 years of experience 20+ of them in very senior roles.