Date: 2026-02-10
Host: new Mac (macOS Tahoe)
Context: Migration Assistant clone from older Mac failed

Summary

First day using macOS Tahoe, immediately greeted with a broken Migration Assistant clone from an older Mac. The system failed to reach the login window due to a corrupted SecurityAgent authorization plugin left behind by TeamViewer. This caused login to fail and wedged Setup Assistant in a deadlock during post-migration initialization.

Date: 2026-02-08
Host: grafana
Component: Prometheus + Grafana + exporters +zfs
Scope: ZFS monitoring

ZFS / Zpool Metrics for Prometheus (node-exporter + textfile collector on FreeBSD)

This guide sets up zpool capacity metrics (zpool list) for Prometheus/Grafana using node-exporter’s textfile collector on FreeBSD.

This complements (not replaces) zfs_exporter, which provides ARC/internal ZFS metrics but not pool capacity.

What I Got Working

Metrics exposed to Prometheus:

• zpool_size_bytes{pool="zroot"}
• zpool_alloc_bytes{pool="zroot"}
• zpool_free_bytes{pool="zroot"}
• zpool_capacity_ratio{pool="zroot"}

These map directly to:

Date: 2026-02-08
Host: grafana
Component: Prometheus + Grafana + exporters
Scope: DNS monitoring

Date: 2026-02-08
Host: GhostBSD
Component: Ungoogled-Chrome

Chromey Installer

Note 2025-11-02 23:04:26

This document packages everything needed to install, back up, restore, and run Ungoogled Chromium inside a Bastille jail named chromey

in the JailFox style and more. After going through the process you have a jailed ungoogle-chromium with full video and audio support, emojis and fonts etc.

Just in case the chicken came before the egg, the process starts with a robust Home backup/restore flow so your profile/configs survive rebuilds. Then it walks through the templates, scripts, mounts, X11 fixes, and the launchers.

Introduction to Setting Up Unbound (Sinkhole) on a Mac

This guide walks you through the process of setting up Unbound, a validating, recursive, and caching DNS resolver, on your Mac using MacPorts. The primary goal is to create a DNS sinkhole, which is a security mechanism used to intercept and block malicious traffic. By configuring Unbound on your Mac, you can improve your network security, enhance privacy by using DNS over TLS, and block unwanted ads and trackers.

Date: 2026-02-08
Host: macOS (MacPorts prefix: /opt/local)
Component: doas (MacPorts)

My WireGuard client app failed to load profiles because the code path relies on doas for privilege escalation. This fix corrects the macOS (MacPorts) doas installation so the client can elevate properly.

doas: not installed setuid

…and exiting with status 1.

Root Cause

On macOS, MacPorts installs doas without the setuid bit by default.

Because doas is not setuid-root, it cannot elevate privileges. Any command relying on it will immediately fail, including:

Date: 2026-02-08
Host: server (macOS Monterey; Homebrew prefix: /usr/local)
Grafana install: Homebrew (/usr/local/opt/grafana)
Grafana data: /usr/local/var/lib/grafana

Grafana (Homebrew on macOS Monterey) & Password Reset + Boot-Time Startup (No GUI Login)

Summary (what was fixed)

1. Admin login/password wouldn’t work even after “reset” attempts.
2. Grafana would run manually, but would not reliably run as a user service via brew services and you needed it to start at boot without any desktop login.
3. fixed both by:

• Resetting the password against the actual Brew paths + DB that the running server uses.
• Replacing the GUI-bound LaunchAgent approach with a system LaunchDaemon at /Library/LaunchDaemons/... that runs at boot as your user.

Caveats

“Password reset succeeded” was misleading because I was hitting the wrong DB

Grafana can be pointed at different data directories. In this setup, the running Brew Grafana server uses: