Re: Automatic OS updates
obs...@loopw.com wrote: > Most of the patches don’t require a reboot. This idea sounds horrible for > uptime. Sorry. I’m not rebooting something because a font was patched… syspatch outputs a message that the system needs a reboot. This could be parsed.
Re: Automatic OS updates
> On Feb 20, 2024, at 2:31 AM, Thomas Schmidt wrote: > > OP did indeed mean `sysupgrade`, which makes little sense _unless_ on -current, which will guarantee to break this every sixth months when -current shifts about. > but fwiw, `syspatch && reboot` reboots > your system if a patch as applied. I got it in all of my servers' > cronjobs. Most of the patches don’t require a reboot. This idea sounds horrible for uptime. Sorry. I’m not rebooting something because a font was patched… > > - Thomas > > Am 17.02.2024 um 02:24 schrieb obs...@loopw.com: >>> On Feb 15, 2024, at 10:12 AM, b...@fea.st wrote: >>> am I the only one using automatic OS updates >>> 0 3 * * * root sysupgrade >> Maybe you meant “syspatch” there? >> Syspatching via cron is questionable - Some of the patches wont be loaded >> until the box is rebooted. >> I think its better to run either syspatch or sysupgrade when i’m in front of >> the console and can deal with consequences.
Re: do all headphone amps work?
I have an AudioEngine D1 that works well. I also had a FiiO E10K that worked, but within an hour the audio would stutter a ridiculous amount. The AudioEngine will also have this stutter, but it may be 8-12 hours before that happens. The funny thing is, if I stop Firefox and start it again the stutter goes away again for another 8-12 hours. Could never figure out why that was. It's better for me to restart Firefox every 8-12 hours than it was every 30-60 minutes when I had the FiiO. The issue was somewhat similar with FreeBSD on AMD hardware, which I have now. I don't have an extra Intel system to see if the problem remains or not. Courtney On 2/15/24 03:35, beecdadd...@danwin1210.de wrote: hi list I have a question: do all headphones amps work on OpenBSD? I think USB does it have some sort of driver? what do I look for? any tips? does sound sound well on OpenBSD? does it depend on driver/headphones? I don't want to waste money if they don't work thanks best regards
Re: do all headphone amps work?
that's very simple to check, so if it has drivers listed avoid it thanks! On Sat, February 17, 2024 3:52 pm, Stephen Wiley wrote: > They'll need to provide drivers for Windows and OSX as downloads on their > web site. If you can't find those then it's probably just using the USB > audio class and will work OOTB with OpenBSD and Linux. > > --Stephen > > > On Sat, Feb 17, 2024 at 03:07:44PM -, beecdadd...@danwin1210.de > wrote: > >> so how do I know if they have special drivers or something? not known if >> I'll be able to refund.. >> >> >> thanks >> >> On Thu, February 15, 2024 4:34 pm, Stephen Wiley wrote: >> >>> I haven't used a USB sound card but it looks to me like there's a >>> standard device class for them from the USB IF (like CDC, HID, MSC >>> etc.) so I would expect it to work unless they're doing something >>> strange. If they don't have special drivers that are needed to make it >>> on Windows they probably aren't. --Stephen >>> >>> >>> On Thu, Feb 15, 2024 at 11:35:53AM -, beecdadd...@danwin1210.de >>> wrote: >>> >>> hi list I have a question: do all headphones amps work on OpenBSD? I think USB does it have some sort of driver? what do I look for? any tips? does sound sound well on OpenBSD? does it depend on driver/headphones? I don't want to waste money if they don't work thanks best regards >>> >>> >> >> > >
Re: certbot in cron - best way?
Thanks. Worked like a charm. Cheers, --fm On 2/20/24 12:54, Odhiambo Washington wrote: On Tue, Feb 20, 2024 at 6:47 PM wrote: Hi misc, Usually am updating certificates manually this way: rcctl stop httpd ; certbot certonly --standalone -d DOMAIN.org -m notifyc...@domain.org ; rcctl start httpd but recently saw newer certificates being deployed as 0001,0002,0003 etc, like: /etc/letsencrypt/live/DOMAIN.org-0002/fullchain.pem Which setup are you using to automatically update certs with certbot, in cron, and keeping /etc/httpd.conf updated accordingly? This should work: 0 0,12 * * * /bin/sleep 1552 && rcctl stop httpd && certbot renew && rcctl start httpd --
Re: certbot in cron - best way?
I think the best way is always to keep things in control, safe and reliable.. And often your setup directly depend on a diversified architecture, maybe with docker in the middle. Indeed before to lose public access on certificates or lost site configuration I think two times to realize a complete automation. However every setup has its resources (and economics too). There are setups that concive software orchestrators, with versioning and backups or an ecosystem alike. Other setup simply doesn't own all these resources for fair reasons.. Automation dependends a lot on this pletoria of stuff. Finally, certbot is very opensource like software but.. *doesn't make the coffee too* (an italian euphemism to avoid false expectations for miracles..). > N0\/\/@r€Z > -- > /\/\@rk€T Feb 20, 2024 16:46:44 m...@phosphorus.com.br: > Which setup are you using to automatically update certs with certbot, in > cron, and keeping /etc/httpd.conf updated accordingly?
Re: certbot in cron - best way?
Greetings,
On Tue, 20 Feb 2024 16:43:27 +0100,
m...@phosphorus.com.br wrote:
>
> Which setup are you using to automatically update certs with certbot, in
> cron, and keeping /etc/httpd.conf updated accordingly?
>
I use records in /etc/acme-client.conf like:
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-privkey.crt"
}
domain mx1.catap.net {
alternative names { mx.catap.net }
domain key "/etc/ssl/private/mx1.catap.net.key"
domain full chain certificate "/etc/ssl/mx1.catap.net.crt"
sign with letsencrypt
}
which is very similar to an example with one notable exception: I use
path which complaint with relayd pki settings, and also keep full chain.
The certificates is updated on two possible way.
When a machine is dedicated for a single service and it has only one
certificate I keep inside /etc/daily.local
acme-client $(hostname) && /usr/sbin/rcctl restart relayd smtpd dovecot
which restart relayed daemons when certificate is updated.
Or machine which is used as web hosting with multiple domain, here I use
relayd to terminate SSL and update is via /etc/daily.local as:
SSL_UPDATED=0
for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
do
acme-client $domain && SSL_UPDATED=1
done
if [ $SSL_UPDATED -ne 0 ]; then
rcctl restart relayd
fi
--
wbr, Kirill
Re: certbot in cron - best way?
On Tue, Feb 20, 2024 at 6:47 PM wrote: > Hi misc, > > Usually am updating certificates manually this way: > > rcctl stop httpd ; certbot certonly --standalone -d DOMAIN.org -m > notifyc...@domain.org ; rcctl start httpd > > but recently saw newer certificates being deployed as 0001,0002,0003 > etc, like: > > /etc/letsencrypt/live/DOMAIN.org-0002/fullchain.pem > > Which setup are you using to automatically update certs with certbot, in > cron, and keeping /etc/httpd.conf updated accordingly? > This should work: 0 0,12 * * * /bin/sleep 1552 && rcctl stop httpd && certbot renew && rcctl start httpd -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
certbot in cron - best way?
Hi misc, Usually am updating certificates manually this way: rcctl stop httpd ; certbot certonly --standalone -d DOMAIN.org -m notifyc...@domain.org ; rcctl start httpd but recently saw newer certificates being deployed as 0001,0002,0003 etc, like: /etc/letsencrypt/live/DOMAIN.org-0002/fullchain.pem Which setup are you using to automatically update certs with certbot, in cron, and keeping /etc/httpd.conf updated accordingly? Cheers, --fm -- Att. (+5521) 97914-8106 (Signal) PHOSPHORUS NETWORKS | HNO3 SYSTEMS https://www.linkedin.com/in/fabio1337br/
Re: Single partition fs layout
On Tue, Feb 20, 2024 at 5:24 PM hahahahacker2009 wrote: > Vào Th 3, 13 thg 2, 2024 vào lúc 19:41 Odhiambo Washington > đã viết: > > > > Is there a disadvantage to having this layout style where everything is > on > > 1 partition? > > > > ``` > > openbsd$ uname -a > > OpenBSD openbsd.vmbridge.local 7.4 GENERIC.MP#1397 amd64 > > openbsd$ df -h > > Filesystem SizeUsed Avail Capacity Mounted on > > /dev/sd0a 43.3G1.7G 39.5G 5%/ > > openbsd$ ls -al / > > total 158208 > > drwxr-xr-x 13 root wheel 512 Feb 13 14:54 . > > drwxr-xr-x 13 root wheel 512 Feb 13 14:54 .. > > -rw-r--r-- 1 root wheel 578 Oct 10 17:41 .cshrc > > -rw-r--r-- 1 root wheel 468 Oct 10 17:41 .profile > > drwxr-xr-x 2 root wheel 512 Oct 10 17:41 altroot > > drwxr-xr-x 2 root wheel 1024 Oct 10 17:41 bin > > -rwx-- 1 root wheel 25441732 Feb 13 14:54 bsd > > -rwx-- 1 root wheel 25417620 Feb 13 14:36 bsd.booted > > -rw--- 1 root wheel 4659966 Feb 13 14:35 bsd.rd > > -rw--- 1 root wheel 25344566 Feb 13 14:35 bsd.sp > > drwxr-xr-x 6 root wheel 19456 Feb 13 14:39 dev > > drwxr-xr-x 24 root wheel 1536 Feb 13 14:53 etc > > drwxr-xr-x 3 root wheel 512 Feb 13 14:36 home > > drwxr-xr-x 2 root wheel 512 Oct 10 17:41 mnt > > drwx-- 3 root wheel 512 Feb 13 14:36 root > > drwxr-xr-x 2 root wheel 1536 Oct 10 17:41 sbin > > lrwxrwx--- 1 root wheel11 Oct 10 17:41 sys -> usr/src/sys > > drwxrwxrwt 6 root wheel 512 Feb 13 14:54 tmp > > drwxr-xr-x 16 root wheel 512 Feb 13 14:36 usr > > drwxr-xr-x 24 root wheel 512 Oct 8 18:42 var > > ``` > > > > -- > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254 7 3200 0004/+254 7 2274 3223 > > In an Internet failure case, the #1 suspect is a constant: DNS. > > "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) > > [How to ask smart questions: > > http://www.catb.org/~esr/faqs/smart-questions.html] > > There isn't a single advantage having a huge root partition, even > for virtual throwaway machines. > I'd add some mail on the list, in addition to the faq: > https://marc.info/?l=openbsd-misc&m=154053727724928&w=3 > https://marc.info/?l=openbsd-misc&m=154054091026039&w=3 Very well noted! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Re: Single partition fs layout
Vào Th 3, 13 thg 2, 2024 vào lúc 19:41 Odhiambo Washington đã viết: > > Is there a disadvantage to having this layout style where everything is on > 1 partition? > > ``` > openbsd$ uname -a > OpenBSD openbsd.vmbridge.local 7.4 GENERIC.MP#1397 amd64 > openbsd$ df -h > Filesystem SizeUsed Avail Capacity Mounted on > /dev/sd0a 43.3G1.7G 39.5G 5%/ > openbsd$ ls -al / > total 158208 > drwxr-xr-x 13 root wheel 512 Feb 13 14:54 . > drwxr-xr-x 13 root wheel 512 Feb 13 14:54 .. > -rw-r--r-- 1 root wheel 578 Oct 10 17:41 .cshrc > -rw-r--r-- 1 root wheel 468 Oct 10 17:41 .profile > drwxr-xr-x 2 root wheel 512 Oct 10 17:41 altroot > drwxr-xr-x 2 root wheel 1024 Oct 10 17:41 bin > -rwx-- 1 root wheel 25441732 Feb 13 14:54 bsd > -rwx-- 1 root wheel 25417620 Feb 13 14:36 bsd.booted > -rw--- 1 root wheel 4659966 Feb 13 14:35 bsd.rd > -rw--- 1 root wheel 25344566 Feb 13 14:35 bsd.sp > drwxr-xr-x 6 root wheel 19456 Feb 13 14:39 dev > drwxr-xr-x 24 root wheel 1536 Feb 13 14:53 etc > drwxr-xr-x 3 root wheel 512 Feb 13 14:36 home > drwxr-xr-x 2 root wheel 512 Oct 10 17:41 mnt > drwx-- 3 root wheel 512 Feb 13 14:36 root > drwxr-xr-x 2 root wheel 1536 Oct 10 17:41 sbin > lrwxrwx--- 1 root wheel11 Oct 10 17:41 sys -> usr/src/sys > drwxrwxrwt 6 root wheel 512 Feb 13 14:54 tmp > drwxr-xr-x 16 root wheel 512 Feb 13 14:36 usr > drwxr-xr-x 24 root wheel 512 Oct 8 18:42 var > ``` > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > In an Internet failure case, the #1 suspect is a constant: DNS. > "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) > [How to ask smart questions: > http://www.catb.org/~esr/faqs/smart-questions.html] There isn't a single advantage having a huge root partition, even for virtual throwaway machines. I'd add some mail on the list, in addition to the faq: https://marc.info/?l=openbsd-misc&m=154053727724928&w=3 https://marc.info/?l=openbsd-misc&m=154054091026039&w=3
Re: SoGo for OpenBSD?
On Tue, Feb 20, 2024 at 3:57 PM Sebastian Reitenbach < sebas...@l00-bugdead-prods.de> wrote: > is i...@mysite.com your e-mail there? Or is there something still not yet > configured? > In any case, this is now getting off-topic, and might be better asked on > the SOGo mailing > lists. > > > Each time I refresh the browser page (while SOGo inbox is open). > > > > It happens every time, every refresh adds such an error line in the > > sogo.log file, and changing browsers did not help. > > > > And I have too many; > > "Loading two versions of" lines, like; > > > > Loading two versions of SOGoTrashFolder. The class that will be used is > > undefined > > Loading two versions of SOGoMailFolder. The class that will be used is > > undefined > > Loading two versions of SOGoSpecialMailFolder. The class that will be > used > > is undefined > > these warnings can be ignored. Hi Sebastian, I completed configuring SOGo on my OpenBSD system, now it works fine. Thanks to Odhiambo and you. The only thing is, that I'd like to report you; My webserver reports in its log file, "file not found" for SOGo; /usr/local/lib/GNUstep/SOGo/WebServerResources/js/vendor/ckeditor/plugins/autocomplete/skins/default.css" failed (2: No such file or directory) I thought you might wish to have a look at this, as apparently the mentioned directories; "autocomplete/skins/default.css" are not there at all. Best, Mark.
Re: No dhcp renewal of IP
On Sun, Feb 18, 2024 at 4:15 AM Marcus MERIGHI wrote: > Hello, > > this is not to answer the original question, but... > > kgo...@gmail.com (Kenneth Gober), 2024.02.17 (Sat) 22:15 (CET): > > On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes > wrote: > > > The interface ure0 is the gateway to the Internet, connected to the > ISP. > > > Somehow, when this interface loses the IP, the lease is not renewed. > > > > This is the rule I would use in my pf.conf to allow my router to send > DHCP > > requests to my ISP: > > > > pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any > > port bootps > > this is not necessary, because: > > "dhcpd reads packets off the wire using BPF, which happens as > packets come off the network interface, but before the IP stack > where pf runs." > David Gwynne 17 Dec 2022 > https://marc.info/?l=openbsd-misc&m=167128237931458 > > Marcus > dhcpd(8) is the DHCP server. It listens for DHCP/BOOTP requests on the network. The original question was about the DHCP client (dhcpleased(8) or dhclient(8)) and renewals, which are packets sent out to the network. Those packets do pass through pf when being sent (as far as I know) although at the other end whatever server you are sending to might be using BPF to read them. It is true that dhcpleased(8) and dhclient(8) may use BPF to receive responses from DHCP servers, but you will never receive any response if your requests are blocked before they can even leave your machine. This is why I have a 'pass out' rule. It is to allow DHCP requests to be sent *out* to the network. -ken
Re: SoGo for OpenBSD?
On Sunday, February 18, 2024 22:28 CET, Mark wrote:
> Odhiambo Washington , wrote:
>
> > You just need the password field. The password scheme does not matter.
> > You can name the VIEW anything you want. Just make sure you use whatever
> > you name it in the SOGoUserSources block in sogo.conf:
> > SOGoUserSources =
> > (
> > {
> > type = sql;
> > id = directory;
> > viewURL = "mysql://
> > DBUSERNAME:{userpassword}@127.0.0.1:3306/DBNAME/
> >
Re: Automatic OS updates
OP did indeed mean `sysupgrade`, but fwiw, `syspatch && reboot` reboots your system if a patch as applied. I got it in all of my servers' cronjobs. - Thomas Am 17.02.2024 um 02:24 schrieb obs...@loopw.com: On Feb 15, 2024, at 10:12 AM, b...@fea.st wrote: am I the only one using automatic OS updates 0 3 * * * root sysupgrade Maybe you meant “syspatch” there? Syspatching via cron is questionable - Some of the patches wont be loaded until the box is rebooted. I think its better to run either syspatch or sysupgrade when i’m in front of the console and can deal with consequences.
