From 37f11dd4dd64381cb1ac44948db59d4c3d69ceb1 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Thu, 5 Feb 2026 17:49:01 +0200
Subject: Update content for html

---
 about/resources.html                               | 206 +++++++--------
 ...5-12-07-f3s-kubernetes-with-freebsd-part-8.html | 281 --------------------
 gemfeed/atom.xml                                   | 283 +--------------------
 index.html                                         |   2 +-
 uptime-stats.html                                  |   2 +-
 5 files changed, 106 insertions(+), 668 deletions(-)

diff --git a/about/resources.html b/about/resources.html
index 12650683..f319550f 100644
--- a/about/resources.html
+++ b/about/resources.html
@@ -50,112 +50,112 @@
 <span>In random order:</span><br />
 <br />
 <ul>
-<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li>
+<li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li>
+<li>C++ Programming Language; Bjarne Stroustrup;</li>
 <li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li>
-<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li>
-<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li>
-<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li>
+<li>Site Reliability Engineering; How Google runs production systems; O&#39;Reilly</li>
+<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li>
 <li>Leanring eBPF; Liz Rice; O&#39;Reilly</li>
-<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li>
-<li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li>
-<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li>
+<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall &amp; Jon Orwant; O&#39;Reilly</li>
+<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li>
+<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O&#39;Reilly</li>
+<li>The Docker Book; James Turnbull; Kindle</li>
+<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li>
+<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li>
+<li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li>
+<li>DNS and BIND; Cricket Liu; O&#39;Reilly</li>
+<li>Ultimate Go Notebook; Bill Kennedy</li>
+<li>Raku Recipes; J.J. Merelo; Apress</li>
+<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li>
+<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li>
 <li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O&#39;Reilly</li>
-<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li>
 <li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li>
-<li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li>
-<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O&#39;Reilly</li>
-<li>Developing Games in Java; David Brackeen and others...; New Riders</li>
+<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li>
 <li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li>
-<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li>
+<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li>
+<li>Raku Fundamentals; Moritz Lenz; Apress</li>
+<li>Developing Games in Java; David Brackeen and others...; New Riders</li>
+<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li>
+<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li>
+<li>Effective awk programming; Arnold Robbins; O&#39;Reilly</li>
 <li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li>
-<li>Raku Recipes; J.J. Merelo; Apress</li>
 <li>Modern Perl; Chromatic ; Onyx Neon Press</li>
-<li>Funktionale Programmierung; Peter Pepper; Springer</li>
+<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li>
+<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li>
+<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li>
+<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li>
+<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li>
 <li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O&#39;Reilly</li>
+<li>Concurrency in Go; Katherine Cox-Buday; O&#39;Reilly</li>
+<li>Data Science at the Command Line; Jeroen Janssens; O&#39;Reilly</li>
+<li>Funktionale Programmierung; Peter Pepper; Springer</li>
+<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li>
+<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O&#39;Reilly</li>
 <li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O&#39;Reilly</li>
-<li>Ultimate Go Notebook; Bill Kennedy</li>
-<li>Effective awk programming; Arnold Robbins; O&#39;Reilly</li>
-<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li>
-<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li>
+<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li>
+<li>Java ist auch eine Insel; Christian Ullenboom; </li>
 <li>21st Century C: C Tips from the New School; Ben Klemens; O&#39;Reilly</li>
-<li>Data Science at the Command Line; Jeroen Janssens; O&#39;Reilly</li>
-<li>Concurrency in Go; Katherine Cox-Buday; O&#39;Reilly</li>
-<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li>
-<li>DNS and BIND; Cricket Liu; O&#39;Reilly</li>
-<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li>
+<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li>
 <li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li>
-<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall &amp; Jon Orwant; O&#39;Reilly</li>
-<li>C++ Programming Language; Bjarne Stroustrup;</li>
-<li>The Docker Book; James Turnbull; Kindle</li>
-<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li>
-<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li>
-<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li>
-<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li>
-<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O&#39;Reilly</li>
-<li>Site Reliability Engineering; How Google runs production systems; O&#39;Reilly</li>
-<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li>
-<li>Java ist auch eine Insel; Christian Ullenboom; </li>
-<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li>
-<li>Raku Fundamentals; Moritz Lenz; Apress</li>
-<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li>
+<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li>
 </ul><br />
 <h2 style='display: inline' id='technical-references'>Technical references</h2><br />
 <br />
 <span>I didn&#39;t read them from the beginning to the end, but I am using them to look up things. The books are in random order:</span><br />
 <br />
 <ul>
-<li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li>
-<li>Implementing Service Level Objectives; Alex Hidalgo; O&#39;Reilly</li>
 <li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li>
-<li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li>
-<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O&#39;Reilly</li>
 <li>Relayd and Httpd Mastery; Michael W Lucas</li>
-<li>Groovy Kurz &amp; Gut; Joerg Staudemeier; O&#39;Reilly</li>
 <li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li>
+<li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li>
+<li>Groovy Kurz &amp; Gut; Joerg Staudemeier; O&#39;Reilly</li>
+<li>Implementing Service Level Objectives; Alex Hidalgo; O&#39;Reilly</li>
+<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O&#39;Reilly</li>
+<li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li>
 </ul><br />
 <h2 style='display: inline' id='self-development-and-soft-skills-books'>Self-development and soft-skills books</h2><br />
 <br />
 <span>In random order:</span><br />
 <br />
 <ul>
-<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li>
-<li>The Power of Now; Eckhard Tolle; Yellow Kite</li>
-<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li>
-<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li>
-<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li>
 <li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li>
+<li>Soft Skills; John Sommez; Manning Publications</li>
+<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li>
 <li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li>
-<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li>
-<li>Deep Work; Cal Newport; Piatkus</li>
-<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li>
-<li>The Complete Software Developer&#39;s Career Guide; John Sonmez; Unabridged Audiobook</li>
-<li>Ultralearning; Anna Laurent; Self-published via Amazon</li>
-<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li>
+<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li>
 <li>Eat That Frog; Brian Tracy</li>
+<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li>
 <li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li>
-<li>Slow Productivity; Cal Newport; Penguin Random House</li>
-<li>Time Management for System Administrators; Thomas A. Limoncelli; O&#39;Reilly</li>
+<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li>
+<li>The Software Engineer&#39;s Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li>
+<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li>
+<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li>
 <li>So Good They Can&#39;t Ignore You; Cal Newport; Business Plus</li>
-<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li>
-<li>Soft Skills; John Sommez; Manning Publications</li>
-<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li>
-<li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li>
-<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li>
-<li>Atomic Habits; James Clear; Random House Business</li>
-<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li>
 <li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li>
-<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li>
-<li>The Software Engineer&#39;s Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li>
-<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li>
 <li>Stop starting, start finishing; Arne Roock; Lean-Kanban University  </li>
-<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li>
+<li>Getting Things Done; David Allen</li>
+<li>The Power of Now; Eckhard Tolle; Yellow Kite</li>
+<li>The Complete Software Developer&#39;s Career Guide; John Sonmez; Unabridged Audiobook</li>
+<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li>
+<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li>
+<li>Time Management for System Administrators; Thomas A. Limoncelli; O&#39;Reilly</li>
+<li>Atomic Habits; James Clear; Random House Business</li>
+<li>Slow Productivity; Cal Newport; Penguin Random House</li>
+<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li>
+<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li>
+<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li>
 <li>Ultralearning; Scott Young; Thorsons</li>
+<li>Ultralearning; Anna Laurent; Self-published via Amazon</li>
+<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li>
 <li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li>
-<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li>
-<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon &amp; Schuster UK</li>
-<li>Getting Things Done; David Allen</li>
-<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li>
+<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li>
+<li>Deep Work; Cal Newport; Piatkus</li>
 <li>Digital Minimalism; Cal Newport; Portofolio Penguin</li>
+<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li>
+<li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li>
+<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon &amp; Schuster UK</li>
+<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li>
+<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li>
 </ul><br />
 <a class='textlink' href='../notes/index.html'>Here are notes of mine for some of the books</a><br />
 <br />
@@ -164,31 +164,31 @@
 <span>Some of these were in-person with exams; others were online learning lectures only. In random order:</span><br />
 <br />
 <ul>
-<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li>
-<li>Ultimate Go Programming; Bill Kennedy; O&#39;Reilly Online</li>
-<li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li>
+<li>Apache Tomcat Best Practises; 3-day on-site training</li>
 <li>AWS Immersion Day; Amazon; 1-day interactive online training </li>
 <li>Scripting Vim; Damian Conway; O&#39;Reilly Online</li>
+<li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li>
+<li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li>
 <li>MySQL Deep Dive Workshop; 2-day on-site training</li>
-<li>Functional programming lecture; Remote University of Hagen</li>
-<li>Apache Tomcat Best Practises; 3-day on-site training</li>
+<li>Protocol buffers; O&#39;Reilly Online</li>
+<li>Ultimate Go Programming; Bill Kennedy; O&#39;Reilly Online</li>
 <li>The Ultimate Kubernetes Bootcamp; School of Devops; O&#39;Reilly Online</li>
-<li>Algorithms Video Lectures; Robert Sedgewick; O&#39;Reilly Online</li>
+<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li>
 <li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li>
-<li>Developing IaC with Terraform (with Live Lessons); O&#39;Reilly Online</li>
-<li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li>
+<li>Functional programming lecture; Remote University of Hagen</li>
+<li>Algorithms Video Lectures; Robert Sedgewick; O&#39;Reilly Online</li>
 <li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li>
-<li>Protocol buffers; O&#39;Reilly Online</li>
 <li>The Well-Grounded Rubyist Video Edition; David. A. Black; O&#39;Reilly Online</li>
+<li>Developing IaC with Terraform (with Live Lessons); O&#39;Reilly Online</li>
 </ul><br />
 <h2 style='display: inline' id='technical-guides'>Technical guides</h2><br />
 <br />
 <span>These are not whole books, but guides (smaller or larger) which I found very useful. in random order:</span><br />
 <br />
 <ul>
-<li>Raku Guide at https://raku.guide  </li>
-<li>Advanced Bash-Scripting Guide </li>
 <li>How CPUs work at https://cpu.land</li>
+<li>Advanced Bash-Scripting Guide </li>
+<li>Raku Guide at https://raku.guide  </li>
 </ul><br />
 <h2 style='display: inline' id='podcasts'>Podcasts</h2><br />
 <br />
@@ -197,32 +197,32 @@
 <span>In random order:</span><br />
 <br />
 <ul>
-<li>Deep Questions with Cal Newport</li>
-<li>The Pragmatic Engineer Podcast</li>
-<li>Pratical AI</li>
-<li>Wednesday Wisdom</li>
-<li>The Changelog Podcast(s)</li>
-<li>Backend Banter</li>
+<li>Hidden Brain</li>
 <li>BSD Now [BSD]</li>
-<li>Dev Interrupted</li>
-<li>Cup o&#39; Go [Golang]</li>
-<li>The ProdCast (Google SRE Podcast)</li>
+<li>Backend Banter</li>
+<li>Wednesday Wisdom</li>
 <li>Modern Mentor</li>
+<li>Cup o&#39; Go [Golang]</li>
 <li>Fallthrough [Golang]</li>
-<li>Hidden Brain</li>
-<li>Fork Around And Find Out</li>
 <li>Maintainable</li>
+<li>Fork Around And Find Out</li>
+<li>The Changelog Podcast(s)</li>
+<li>Dev Interrupted</li>
+<li>The Pragmatic Engineer Podcast</li>
+<li>The ProdCast (Google SRE Podcast)</li>
+<li>Pratical AI</li>
+<li>Deep Questions with Cal Newport</li>
 </ul><br />
 <h3 style='display: inline' id='podcasts-i-liked'>Podcasts I liked</h3><br />
 <br />
 <span>I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.</span><br />
 <br />
 <ul>
-<li>Ship It (predecessor of Fork Around And Find Out)</li>
-<li>Java Pub House</li>
 <li>FLOSS weekly</li>
-<li>CRE: Chaosradio Express [german]</li>
 <li>Modern Mentor</li>
+<li>Java Pub House</li>
+<li>CRE: Chaosradio Express [german]</li>
+<li>Ship It (predecessor of Fork Around And Find Out)</li>
 <li>Go Time (predecessor of fallthrough)</li>
 </ul><br />
 <h2 style='display: inline' id='newsletters-i-like'>Newsletters I like</h2><br />
@@ -230,18 +230,18 @@
 <span>This is a mix of tech and non-tech newsletters I am subscribed to. In random order:</span><br />
 <br />
 <ul>
-<li>The Pragmatic Engineer</li>
+<li>The Valuable Dev</li>
+<li>Monospace Mentor</li>
+<li>Changelog News</li>
+<li>Applied Go Weekly Newsletter</li>
+<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li>
+<li>byteSizeGo</li>
 <li>Ruby Weekly</li>
+<li>The Pragmatic Engineer</li>
 <li>Golang Weekly</li>
 <li>Register Spill</li>
-<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li>
-<li>Applied Go Weekly Newsletter</li>
-<li>Changelog News</li>
 <li>VK Newsletter</li>
-<li>The Valuable Dev</li>
-<li>Monospace Mentor</li>
 <li>The Imperfectionist</li>
-<li>byteSizeGo</li>
 </ul><br />
 <h2 style='display: inline' id='magazines-i-liked'>Magazines I like(d)</h2><br />
 <br />
@@ -249,8 +249,8 @@
 <br />
 <ul>
 <li>freeX (not published anymore)</li>
-<li>Linux Magazine</li>
 <li>LWN (online only)</li>
+<li>Linux Magazine</li>
 <li>Linux User</li>
 </ul><br />
 <h1 style='display: inline' id='formal-education'>Formal education</h1><br />
diff --git a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.html b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.html
index 6d617b16..c38ac8fa 100644
--- a/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.html
+++ b/gemfeed/2025-12-07-f3s-kubernetes-with-freebsd-part-8.html
@@ -33,7 +33,6 @@
 <ul>
 <li><a href='#f3s-kubernetes-with-freebsd---part-8-observability'>f3s: Kubernetes with FreeBSD - Part 8: Observability</a></li>
 <li>⇢ <a href='#introduction'>Introduction</a></li>
-<li>⇢ <a href='#update-lan-ingress-support-february-2026'>Update: LAN Ingress Support (February 2026)</a></li>
 <li>⇢ <a href='#important-note-gitops-migration'>Important Note: GitOps Migration</a></li>
 <li>⇢ <a href='#persistent-storage-recap'>Persistent storage recap</a></li>
 <li>⇢ <a href='#the-monitoring-namespace'>The monitoring namespace</a></li>
@@ -41,7 +40,6 @@
 <li>⇢ ⇢ <a href='#prerequisites'>Prerequisites</a></li>
 <li>⇢ ⇢ <a href='#deploying-with-the-justfile'>Deploying with the Justfile</a></li>
 <li>⇢ ⇢ <a href='#exposing-grafana-via-ingress'>Exposing Grafana via ingress</a></li>
-<li>⇢ ⇢ <a href='#exposing-services-via-lan-ingress'>Exposing services via LAN ingress</a></li>
 <li>⇢ <a href='#installing-loki-and-alloy'>Installing Loki and Alloy</a></li>
 <li>⇢ ⇢ <a href='#prerequisites'>Prerequisites</a></li>
 <li>⇢ ⇢ <a href='#deploying-loki-and-alloy'>Deploying Loki and Alloy</a></li>
@@ -79,10 +77,6 @@
 <br />
 <a class='textlink' href='https://codeberg.org/snonux/conf/src/branch/master/f3s'>codeberg.org/snonux/conf/f3s</a><br />
 <br />
-<h2 style='display: inline' id='update-lan-ingress-support-february-2026'>Update: LAN Ingress Support (February 2026)</h2><br />
-<br />
-<span>Update (2026-02-05):** This blog post has been updated to include a new section on exposing services via LAN ingress. The original blog post focused on external access through OpenBSD edge relays. The new section documents how to:</span><br />
-<br />
 <h2 style='display: inline' id='important-note-gitops-migration'>Important Note: GitOps Migration</h2><br />
 <br />
 <span>**Note:** After publishing this blog post, the f3s cluster was migrated from imperative Helm deployments to declarative GitOps using ArgoCD. The Kubernetes manifests, Helm charts, and Justfiles in the repository have been reorganized for ArgoCD-based continuous deployment.</span><br />
@@ -258,281 +252,6 @@ prometheus-kube-prometheus-prometheus   ClusterIP   <font color="#000000">10.43<
 <br />
 <a href='./f3s-kubernetes-with-freebsd-part-8/grafana-dashboard.png'><img alt='Grafana dashboard showing cluster metrics' title='Grafana dashboard showing cluster metrics' src='./f3s-kubernetes-with-freebsd-part-8/grafana-dashboard.png' /></a><br />
 <br />
-<h3 style='display: inline' id='exposing-services-via-lan-ingress'>Exposing services via LAN ingress</h3><br />
-<br />
-<span>In addition to external access through the OpenBSD relays, services can also be exposed on the local network using LAN-specific ingresses. This is useful for accessing services from within the home network without going through the internet, reducing latency and providing an alternative path if the external relays are unavailable.</span><br />
-<br />
-<span>The LAN ingress architecture leverages the existing FreeBSD CARP (Common Address Redundancy Protocol) failover infrastructure that&#39;s already in place for NFS-over-TLS (see Part 5). Instead of deploying MetalLB or another LoadBalancer implementation, we reuse the CARP virtual IP (<span class='inlinecode'>192.168.1.138</span>) by adding HTTP/HTTPS forwarding alongside the existing stunnel service on port 2323.</span><br />
-<br />
-<span>*Architecture overview*:</span><br />
-<br />
-<span>The LAN access path differs from external access:</span><br />
-<br />
-<span>**External access (*.f3s.foo.zone):**</span><br />
-<pre>
-Internet → OpenBSD relayd (TLS termination, Let&#39;s Encrypt)
-        → WireGuard tunnel
-        → k3s Traefik :80 (HTTP)
-        → Service
-</pre>
-<br />
-<span>**LAN access (*.f3s.lan.foo.zone):**</span><br />
-<pre>
-LAN → FreeBSD CARP VIP (192.168.1.138)
-    → FreeBSD relayd (TCP forwarding)
-    → k3s Traefik :443 (TLS termination, cert-manager)
-    → Service
-</pre>
-<br />
-<span>The key architectural decisions:</span><br />
-<br />
-<ul>
-<li>FreeBSD <span class='inlinecode'>relayd</span> performs pure TCP forwarding (Layer 4) for ports 80 and 443, not TLS termination</li>
-<li>Traefik inside k3s handles TLS offloading using certificates from cert-manager</li>
-<li>Self-signed CA for LAN domains (no external dependencies)</li>
-<li>CARP provides automatic failover between f0 and f1</li>
-<li>No code changes to applications—just add a LAN ingress resource</li>
-</ul><br />
-<span>*Installing cert-manager*:</span><br />
-<br />
-<span>First, install cert-manager to handle certificate lifecycle management for LAN services. The installation is automated with a Justfile:</span><br />
-<br />
-<a class='textlink' href='https://codeberg.org/snonux/conf/src/branch/master/f3s/cert-manager'>codeberg.org/snonux/conf/f3s/cert-manager</a><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ cd conf/f3s/cert-manager
-$ just install
-kubectl apply -f cert-manager.yaml
-<i><font color="silver"># ... cert-manager CRDs and resources created ...</font></i>
-kubectl apply -f self-signed-issuer.yaml
-clusterissuer.cert-manager.io/selfsigned-issuer created
-clusterissuer.cert-manager.io/selfsigned-ca-issuer created
-kubectl apply -f ca-certificate.yaml
-certificate.cert-manager.io/selfsigned-ca created
-kubectl apply -f wildcard-certificate.yaml
-certificate.cert-manager.io/f3s-lan-wildcard created
-</pre>
-<br />
-<span>This creates:</span><br />
-<br />
-<ul>
-<li>A self-signed ClusterIssuer</li>
-<li>A CA certificate (<span class='inlinecode'>f3s-lan-ca</span>) valid for 10 years</li>
-<li>A CA-signed ClusterIssuer</li>
-<li>A wildcard certificate (<span class='inlinecode'>*.f3s.lan.foo.zone</span>) valid for 90 days with automatic renewal</li>
-</ul><br />
-<span>Verify the certificates:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl get certificate -n cert-manager
-NAME               READY   SECRET                 AGE
-f3s-lan-wildcard   True    f3s-lan-tls            5m
-selfsigned-ca      True    selfsigned-ca-secret   5m
-</pre>
-<br />
-<span>The wildcard certificate (<span class='inlinecode'>f3s-lan-tls</span>) needs to be copied to any namespace that uses it:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl get secret f3s-lan-tls -n cert-manager -o yaml | \
-    sed <font color="#808080">'s/namespace: cert-manager/namespace: services/'</font> | \
-    kubectl apply -f -
-</pre>
-<br />
-<span>*Configuring FreeBSD relayd for LAN access*:</span><br />
-<br />
-<span>On both FreeBSD hosts (f0, f1), install and configure <span class='inlinecode'>relayd</span> for TCP forwarding:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>paul@f0:~ % doas pkg install -y relayd
-</pre>
-<br />
-<span>Create <span class='inlinecode'>/usr/local/etc/relayd.conf</span>:</span><br />
-<br />
-<pre>
-# k3s nodes backend table
-table &lt;k3s_nodes&gt; { 192.168.1.120 192.168.1.121 192.168.1.122 }
-
-# TCP forwarding to Traefik (no TLS termination)
-relay "lan_http" {
-    listen on 192.168.1.138 port 80
-    forward to &lt;k3s_nodes&gt; port 80 check tcp
-}
-
-relay "lan_https" {
-    listen on 192.168.1.138 port 443
-    forward to &lt;k3s_nodes&gt; port 443 check tcp
-}
-</pre>
-<br />
-<span>Note: The IP addresses <span class='inlinecode'>192.168.1.120-122</span> are the LAN IPs of the k3s nodes (r0, r1, r2), not their WireGuard IPs. FreeBSD <span class='inlinecode'>relayd</span> requires PF (Packet Filter) to be enabled. Create a minimal <span class='inlinecode'>/etc/pf.conf</span>:</span><br />
-<br />
-<pre>
-# Basic PF rules for relayd
-set skip on lo0
-pass in quick
-pass out quick
-</pre>
-<br />
-<span>Enable PF and relayd:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>paul@f0:~ % doas sysrc pf_enable=YES pflog_enable=YES relayd_enable=YES
-paul@f0:~ % doas service pf start
-paul@f0:~ % doas service pflog start
-paul@f0:~ % doas service relayd start
-</pre>
-<br />
-<span>Verify <span class='inlinecode'>relayd</span> is listening on the CARP VIP:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>paul@f0:~ % doas sockstat -<font color="#000000">4</font> -l | grep <font color="#000000">192.168</font>.<font color="#000000">1.138</font>
-_relayd  relayd   <font color="#000000">2903</font>  <font color="#000000">11</font>  tcp4   <font color="#000000">192.168</font>.<font color="#000000">1.138</font>:<font color="#000000">80</font>      *:*
-_relayd  relayd   <font color="#000000">2903</font>  <font color="#000000">12</font>  tcp4   <font color="#000000">192.168</font>.<font color="#000000">1.138</font>:<font color="#000000">443</font>     *:*
-</pre>
-<br />
-<span>Repeat the same configuration on f1. Both hosts will run <span class='inlinecode'>relayd</span> listening on the CARP VIP, but only the CARP MASTER will respond to traffic. When failover occurs, the new MASTER takes over seamlessly.</span><br />
-<br />
-<span>*Adding LAN ingress to services*:</span><br />
-<br />
-<span>To expose a service on the LAN, add a second Ingress resource to its Helm chart. Here&#39;s an example for Grafana:</span><br />
-<br />
-<pre>
----
-# LAN Ingress for grafana.f3s.lan.foo.zone
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: grafana-ingress-lan
-  namespace: monitoring
-  annotations:
-    spec.ingressClassName: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
-spec:
-  tls:
-    - hosts:
-        - grafana.f3s.lan.foo.zone
-      secretName: f3s-lan-tls
-  rules:
-    - host: grafana.f3s.lan.foo.zone
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: prometheus-grafana
-                port:
-                  number: 80
-</pre>
-<br />
-<span>Key points:</span><br />
-<br />
-<ul>
-<li>Use <span class='inlinecode'>web,websecure</span> entrypoints (both HTTP and HTTPS)</li>
-<li>Reference the <span class='inlinecode'>f3s-lan-tls</span> secret in the <span class='inlinecode'>tls</span> section</li>
-<li>Use <span class='inlinecode'>.f3s.lan.foo.zone</span> subdomain pattern</li>
-<li>Same backend service as the external ingress</li>
-</ul><br />
-<span>Apply the ingress and test:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl apply -f grafana-ingress-lan.yaml
-ingress.networking.k8s.io/grafana-ingress-lan created
-
-$ curl -k https://grafana.f3s.lan.foo.zone
-HTTP/<font color="#000000">2</font> <font color="#000000">302</font> 
-location: /login
-</pre>
-<br />
-<span>*Client-side DNS and CA setup*:</span><br />
-<br />
-<span>To access LAN services, clients need DNS entries and must trust the self-signed CA.</span><br />
-<br />
-<span>Add DNS entries to <span class='inlinecode'>/etc/hosts</span> on your laptop:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ sudo tee -a /etc/hosts &lt;&lt; <font color="#808080">'EOF'</font>
-<i><font color="silver"># f3s LAN services</font></i>
-<font color="#000000">192.168</font>.<font color="#000000">1.138</font>  grafana.f3s.lan.foo.zone
-<font color="#000000">192.168</font>.<font color="#000000">1.138</font>  navidrome.f3s.lan.foo.zone
-EOF
-</pre>
-<br />
-<span>The CARP VIP <span class='inlinecode'>192.168.1.138</span> provides high availability—traffic automatically fails over to the backup host if the master goes down.</span><br />
-<br />
-<span>Export the self-signed CA certificate:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl get secret selfsigned-ca-secret -n cert-manager -o jsonpath=<font color="#808080">'{.data.ca</font>\.<font color="#808080">crt}'</font> | \
-    base64 -d &gt; f3s-lan-ca.crt
-</pre>
-<br />
-<span>Install the CA certificate on Linux (Fedora/Rocky):</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ sudo cp f3s-lan-ca.crt /etc/pki/ca-trust/source/anchors/
-$ sudo update-ca-trust
-</pre>
-<br />
-<span>After trusting the CA, browsers will accept the LAN certificates without warnings.</span><br />
-<br />
-<span>*Scaling to other services*:</span><br />
-<br />
-<span>The same pattern can be applied to any service. To add LAN access:</span><br />
-<br />
-<span>1. Copy the <span class='inlinecode'>f3s-lan-tls</span> secret to the service&#39;s namespace (if not already there)</span><br />
-<span>2. Add a LAN Ingress resource using the pattern above</span><br />
-<span>3. Configure DNS: <span class='inlinecode'>192.168.1.138  service.f3s.lan.foo.zone</span></span><br />
-<span>4. Commit and push (ArgoCD will deploy automatically)</span><br />
-<br />
-<span>No changes needed to:</span><br />
-<br />
-<ul>
-<li>relayd configuration (forwards all traffic)</li>
-<li>cert-manager (wildcard cert covers all <span class='inlinecode'>*.f3s.lan.foo.zone</span>)</li>
-<li>CARP configuration (VIP shared by all services)</li>
-</ul><br />
-<span>*TLS offloaders summary*:</span><br />
-<br />
-<span>The f3s infrastructure now has three distinct TLS offloaders:</span><br />
-<br />
-<ul>
-<li>**OpenBSD relayd**: External internet traffic (<span class='inlinecode'>*.f3s.foo.zone</span>) using Let&#39;s Encrypt</li>
-<li>**Traefik (k3s)**: LAN HTTPS traffic (<span class='inlinecode'>*.f3s.lan.foo.zone</span>) using cert-manager</li>
-<li>**stunnel**: NFS-over-TLS (port 2323) using custom PKI</li>
-</ul><br />
-<span>Each serves a different purpose with appropriate certificate management for its use case.</span><br />
-<br />
 <h2 style='display: inline' id='installing-loki-and-alloy'>Installing Loki and Alloy</h2><br />
 <br />
 <span>While Prometheus handles metrics, Loki handles logs. It&#39;s designed to be cost-effective and easy to operate—it doesn&#39;t index the contents of logs, only the metadata (labels), making it very efficient for storage.</span><br />
diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml
index ef6b6975..92491865 100644
--- a/gemfeed/atom.xml
+++ b/gemfeed/atom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom">
-    <updated>2026-02-05T17:44:05+02:00</updated>
+    <updated>2026-02-05T17:48:12+02:00</updated>
     <title>foo.zone feed</title>
     <subtitle>To be in the .zone!</subtitle>
     <link href="https://foo.zone/gemfeed/atom.xml" rel="self" />
@@ -2706,7 +2706,6 @@ $ curl -s -G "http://localhost:3200/api/search" \
 <ul>
 <li><a href='#f3s-kubernetes-with-freebsd---part-8-observability'>f3s: Kubernetes with FreeBSD - Part 8: Observability</a></li>
 <li>⇢ <a href='#introduction'>Introduction</a></li>
-<li>⇢ <a href='#update-lan-ingress-support-february-2026'>Update: LAN Ingress Support (February 2026)</a></li>
 <li>⇢ <a href='#important-note-gitops-migration'>Important Note: GitOps Migration</a></li>
 <li>⇢ <a href='#persistent-storage-recap'>Persistent storage recap</a></li>
 <li>⇢ <a href='#the-monitoring-namespace'>The monitoring namespace</a></li>
@@ -2714,7 +2713,6 @@ $ curl -s -G "http://localhost:3200/api/search" \
 <li>⇢ ⇢ <a href='#prerequisites'>Prerequisites</a></li>
 <li>⇢ ⇢ <a href='#deploying-with-the-justfile'>Deploying with the Justfile</a></li>
 <li>⇢ ⇢ <a href='#exposing-grafana-via-ingress'>Exposing Grafana via ingress</a></li>
-<li>⇢ ⇢ <a href='#exposing-services-via-lan-ingress'>Exposing services via LAN ingress</a></li>
 <li>⇢ <a href='#installing-loki-and-alloy'>Installing Loki and Alloy</a></li>
 <li>⇢ ⇢ <a href='#prerequisites'>Prerequisites</a></li>
 <li>⇢ ⇢ <a href='#deploying-loki-and-alloy'>Deploying Loki and Alloy</a></li>
@@ -2752,10 +2750,6 @@ $ curl -s -G "http://localhost:3200/api/search" \
 <br />
 <a class='textlink' href='https://codeberg.org/snonux/conf/src/branch/master/f3s'>codeberg.org/snonux/conf/f3s</a><br />
 <br />
-<h2 style='display: inline' id='update-lan-ingress-support-february-2026'>Update: LAN Ingress Support (February 2026)</h2><br />
-<br />
-<span>Update (2026-02-05):** This blog post has been updated to include a new section on exposing services via LAN ingress. The original blog post focused on external access through OpenBSD edge relays. The new section documents how to:</span><br />
-<br />
 <h2 style='display: inline' id='important-note-gitops-migration'>Important Note: GitOps Migration</h2><br />
 <br />
 <span>**Note:** After publishing this blog post, the f3s cluster was migrated from imperative Helm deployments to declarative GitOps using ArgoCD. The Kubernetes manifests, Helm charts, and Justfiles in the repository have been reorganized for ArgoCD-based continuous deployment.</span><br />
@@ -2931,281 +2925,6 @@ prometheus-kube-prometheus-prometheus   ClusterIP   <font color="#000000">10.43<
 <br />
 <a href='./f3s-kubernetes-with-freebsd-part-8/grafana-dashboard.png'><img alt='Grafana dashboard showing cluster metrics' title='Grafana dashboard showing cluster metrics' src='./f3s-kubernetes-with-freebsd-part-8/grafana-dashboard.png' /></a><br />
 <br />
-<h3 style='display: inline' id='exposing-services-via-lan-ingress'>Exposing services via LAN ingress</h3><br />
-<br />
-<span>In addition to external access through the OpenBSD relays, services can also be exposed on the local network using LAN-specific ingresses. This is useful for accessing services from within the home network without going through the internet, reducing latency and providing an alternative path if the external relays are unavailable.</span><br />
-<br />
-<span>The LAN ingress architecture leverages the existing FreeBSD CARP (Common Address Redundancy Protocol) failover infrastructure that&#39;s already in place for NFS-over-TLS (see Part 5). Instead of deploying MetalLB or another LoadBalancer implementation, we reuse the CARP virtual IP (<span class='inlinecode'>192.168.1.138</span>) by adding HTTP/HTTPS forwarding alongside the existing stunnel service on port 2323.</span><br />
-<br />
-<span>*Architecture overview*:</span><br />
-<br />
-<span>The LAN access path differs from external access:</span><br />
-<br />
-<span>**External access (*.f3s.foo.zone):**</span><br />
-<pre>
-Internet → OpenBSD relayd (TLS termination, Let&#39;s Encrypt)
-        → WireGuard tunnel
-        → k3s Traefik :80 (HTTP)
-        → Service
-</pre>
-<br />
-<span>**LAN access (*.f3s.lan.foo.zone):**</span><br />
-<pre>
-LAN → FreeBSD CARP VIP (192.168.1.138)
-    → FreeBSD relayd (TCP forwarding)
-    → k3s Traefik :443 (TLS termination, cert-manager)
-    → Service
-</pre>
-<br />
-<span>The key architectural decisions:</span><br />
-<br />
-<ul>
-<li>FreeBSD <span class='inlinecode'>relayd</span> performs pure TCP forwarding (Layer 4) for ports 80 and 443, not TLS termination</li>
-<li>Traefik inside k3s handles TLS offloading using certificates from cert-manager</li>
-<li>Self-signed CA for LAN domains (no external dependencies)</li>
-<li>CARP provides automatic failover between f0 and f1</li>
-<li>No code changes to applications—just add a LAN ingress resource</li>
-</ul><br />
-<span>*Installing cert-manager*:</span><br />
-<br />
-<span>First, install cert-manager to handle certificate lifecycle management for LAN services. The installation is automated with a Justfile:</span><br />
-<br />
-<a class='textlink' href='https://codeberg.org/snonux/conf/src/branch/master/f3s/cert-manager'>codeberg.org/snonux/conf/f3s/cert-manager</a><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ cd conf/f3s/cert-manager
-$ just install
-kubectl apply -f cert-manager.yaml
-<i><font color="silver"># ... cert-manager CRDs and resources created ...</font></i>
-kubectl apply -f self-signed-issuer.yaml
-clusterissuer.cert-manager.io/selfsigned-issuer created
-clusterissuer.cert-manager.io/selfsigned-ca-issuer created
-kubectl apply -f ca-certificate.yaml
-certificate.cert-manager.io/selfsigned-ca created
-kubectl apply -f wildcard-certificate.yaml
-certificate.cert-manager.io/f3s-lan-wildcard created
-</pre>
-<br />
-<span>This creates:</span><br />
-<br />
-<ul>
-<li>A self-signed ClusterIssuer</li>
-<li>A CA certificate (<span class='inlinecode'>f3s-lan-ca</span>) valid for 10 years</li>
-<li>A CA-signed ClusterIssuer</li>
-<li>A wildcard certificate (<span class='inlinecode'>*.f3s.lan.foo.zone</span>) valid for 90 days with automatic renewal</li>
-</ul><br />
-<span>Verify the certificates:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl get certificate -n cert-manager
-NAME               READY   SECRET                 AGE
-f3s-lan-wildcard   True    f3s-lan-tls            5m
-selfsigned-ca      True    selfsigned-ca-secret   5m
-</pre>
-<br />
-<span>The wildcard certificate (<span class='inlinecode'>f3s-lan-tls</span>) needs to be copied to any namespace that uses it:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl get secret f3s-lan-tls -n cert-manager -o yaml | \
-    sed <font color="#808080">'s/namespace: cert-manager/namespace: services/'</font> | \
-    kubectl apply -f -
-</pre>
-<br />
-<span>*Configuring FreeBSD relayd for LAN access*:</span><br />
-<br />
-<span>On both FreeBSD hosts (f0, f1), install and configure <span class='inlinecode'>relayd</span> for TCP forwarding:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>paul@f0:~ % doas pkg install -y relayd
-</pre>
-<br />
-<span>Create <span class='inlinecode'>/usr/local/etc/relayd.conf</span>:</span><br />
-<br />
-<pre>
-# k3s nodes backend table
-table &lt;k3s_nodes&gt; { 192.168.1.120 192.168.1.121 192.168.1.122 }
-
-# TCP forwarding to Traefik (no TLS termination)
-relay "lan_http" {
-    listen on 192.168.1.138 port 80
-    forward to &lt;k3s_nodes&gt; port 80 check tcp
-}
-
-relay "lan_https" {
-    listen on 192.168.1.138 port 443
-    forward to &lt;k3s_nodes&gt; port 443 check tcp
-}
-</pre>
-<br />
-<span>Note: The IP addresses <span class='inlinecode'>192.168.1.120-122</span> are the LAN IPs of the k3s nodes (r0, r1, r2), not their WireGuard IPs. FreeBSD <span class='inlinecode'>relayd</span> requires PF (Packet Filter) to be enabled. Create a minimal <span class='inlinecode'>/etc/pf.conf</span>:</span><br />
-<br />
-<pre>
-# Basic PF rules for relayd
-set skip on lo0
-pass in quick
-pass out quick
-</pre>
-<br />
-<span>Enable PF and relayd:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>paul@f0:~ % doas sysrc pf_enable=YES pflog_enable=YES relayd_enable=YES
-paul@f0:~ % doas service pf start
-paul@f0:~ % doas service pflog start
-paul@f0:~ % doas service relayd start
-</pre>
-<br />
-<span>Verify <span class='inlinecode'>relayd</span> is listening on the CARP VIP:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>paul@f0:~ % doas sockstat -<font color="#000000">4</font> -l | grep <font color="#000000">192.168</font>.<font color="#000000">1.138</font>
-_relayd  relayd   <font color="#000000">2903</font>  <font color="#000000">11</font>  tcp4   <font color="#000000">192.168</font>.<font color="#000000">1.138</font>:<font color="#000000">80</font>      *:*
-_relayd  relayd   <font color="#000000">2903</font>  <font color="#000000">12</font>  tcp4   <font color="#000000">192.168</font>.<font color="#000000">1.138</font>:<font color="#000000">443</font>     *:*
-</pre>
-<br />
-<span>Repeat the same configuration on f1. Both hosts will run <span class='inlinecode'>relayd</span> listening on the CARP VIP, but only the CARP MASTER will respond to traffic. When failover occurs, the new MASTER takes over seamlessly.</span><br />
-<br />
-<span>*Adding LAN ingress to services*:</span><br />
-<br />
-<span>To expose a service on the LAN, add a second Ingress resource to its Helm chart. Here&#39;s an example for Grafana:</span><br />
-<br />
-<pre>
----
-# LAN Ingress for grafana.f3s.lan.foo.zone
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: grafana-ingress-lan
-  namespace: monitoring
-  annotations:
-    spec.ingressClassName: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
-spec:
-  tls:
-    - hosts:
-        - grafana.f3s.lan.foo.zone
-      secretName: f3s-lan-tls
-  rules:
-    - host: grafana.f3s.lan.foo.zone
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: prometheus-grafana
-                port:
-                  number: 80
-</pre>
-<br />
-<span>Key points:</span><br />
-<br />
-<ul>
-<li>Use <span class='inlinecode'>web,websecure</span> entrypoints (both HTTP and HTTPS)</li>
-<li>Reference the <span class='inlinecode'>f3s-lan-tls</span> secret in the <span class='inlinecode'>tls</span> section</li>
-<li>Use <span class='inlinecode'>.f3s.lan.foo.zone</span> subdomain pattern</li>
-<li>Same backend service as the external ingress</li>
-</ul><br />
-<span>Apply the ingress and test:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl apply -f grafana-ingress-lan.yaml
-ingress.networking.k8s.io/grafana-ingress-lan created
-
-$ curl -k https://grafana.f3s.lan.foo.zone
-HTTP/<font color="#000000">2</font> <font color="#000000">302</font> 
-location: /login
-</pre>
-<br />
-<span>*Client-side DNS and CA setup*:</span><br />
-<br />
-<span>To access LAN services, clients need DNS entries and must trust the self-signed CA.</span><br />
-<br />
-<span>Add DNS entries to <span class='inlinecode'>/etc/hosts</span> on your laptop:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ sudo tee -a /etc/hosts &lt;&lt; <font color="#808080">'EOF'</font>
-<i><font color="silver"># f3s LAN services</font></i>
-<font color="#000000">192.168</font>.<font color="#000000">1.138</font>  grafana.f3s.lan.foo.zone
-<font color="#000000">192.168</font>.<font color="#000000">1.138</font>  navidrome.f3s.lan.foo.zone
-EOF
-</pre>
-<br />
-<span>The CARP VIP <span class='inlinecode'>192.168.1.138</span> provides high availability—traffic automatically fails over to the backup host if the master goes down.</span><br />
-<br />
-<span>Export the self-signed CA certificate:</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ kubectl get secret selfsigned-ca-secret -n cert-manager -o jsonpath=<font color="#808080">'{.data.ca</font>\.<font color="#808080">crt}'</font> | \
-    base64 -d &gt; f3s-lan-ca.crt
-</pre>
-<br />
-<span>Install the CA certificate on Linux (Fedora/Rocky):</span><br />
-<br />
-<!-- Generator: GNU source-highlight 3.1.9
-by Lorenzo Bettini
-http://www.lorenzobettini.it
-http://www.gnu.org/software/src-highlite -->
-<pre>$ sudo cp f3s-lan-ca.crt /etc/pki/ca-trust/source/anchors/
-$ sudo update-ca-trust
-</pre>
-<br />
-<span>After trusting the CA, browsers will accept the LAN certificates without warnings.</span><br />
-<br />
-<span>*Scaling to other services*:</span><br />
-<br />
-<span>The same pattern can be applied to any service. To add LAN access:</span><br />
-<br />
-<span>1. Copy the <span class='inlinecode'>f3s-lan-tls</span> secret to the service&#39;s namespace (if not already there)</span><br />
-<span>2. Add a LAN Ingress resource using the pattern above</span><br />
-<span>3. Configure DNS: <span class='inlinecode'>192.168.1.138  service.f3s.lan.foo.zone</span></span><br />
-<span>4. Commit and push (ArgoCD will deploy automatically)</span><br />
-<br />
-<span>No changes needed to:</span><br />
-<br />
-<ul>
-<li>relayd configuration (forwards all traffic)</li>
-<li>cert-manager (wildcard cert covers all <span class='inlinecode'>*.f3s.lan.foo.zone</span>)</li>
-<li>CARP configuration (VIP shared by all services)</li>
-</ul><br />
-<span>*TLS offloaders summary*:</span><br />
-<br />
-<span>The f3s infrastructure now has three distinct TLS offloaders:</span><br />
-<br />
-<ul>
-<li>**OpenBSD relayd**: External internet traffic (<span class='inlinecode'>*.f3s.foo.zone</span>) using Let&#39;s Encrypt</li>
-<li>**Traefik (k3s)**: LAN HTTPS traffic (<span class='inlinecode'>*.f3s.lan.foo.zone</span>) using cert-manager</li>
-<li>**stunnel**: NFS-over-TLS (port 2323) using custom PKI</li>
-</ul><br />
-<span>Each serves a different purpose with appropriate certificate management for its use case.</span><br />
-<br />
 <h2 style='display: inline' id='installing-loki-and-alloy'>Installing Loki and Alloy</h2><br />
 <br />
 <span>While Prometheus handles metrics, Loki handles logs. It&#39;s designed to be cost-effective and easy to operate—it doesn&#39;t index the contents of logs, only the metadata (labels), making it very efficient for storage.</span><br />
diff --git a/index.html b/index.html
index cee9696a..32a27460 100644
--- a/index.html
+++ b/index.html
@@ -13,7 +13,7 @@
 </p>
 <h1 style='display: inline' id='hello'>Hello!</h1><br />
 <br />
-<span class='quote'>This site was generated at 2026-02-05T17:44:05+02:00 by <span class='inlinecode'>Gemtexter</span></span><br />
+<span class='quote'>This site was generated at 2026-02-05T17:48:12+02:00 by <span class='inlinecode'>Gemtexter</span></span><br />
 <br />
 <span>Welcome to the foo.zone!</span><br />
 <br />
diff --git a/uptime-stats.html b/uptime-stats.html
index 4d2cbb0b..dce6de74 100644
--- a/uptime-stats.html
+++ b/uptime-stats.html
@@ -13,7 +13,7 @@
 </p>
 <h1 style='display: inline' id='my-machine-uptime-stats'>My machine uptime stats</h1><br />
 <br />
-<span class='quote'>This site was last updated at 2026-02-05T17:44:05+02:00</span><br />
+<span class='quote'>This site was last updated at 2026-02-05T17:48:12+02:00</span><br />
 <br />
 <span>The following stats were collected via <span class='inlinecode'>uptimed</span> on all of my personal computers over many years and the output was generated by <span class='inlinecode'>guprecords</span>, the global uptime records stats analyser of mine.</span><br />
 <br />
-- 
cgit v1.2.3