EXTENSIONS

DNS policy compiler — merge manual vhosts + auto-discovered proxy hosts + static rewrites into a deduped desired list for an internal-DNS reconciler (e.g. AdGuard Home), plus a separate hostname list for public exposure.

Manage a Cisco IOS switch (e.g. Catalyst 2960) over SSH after console bootstrap — capture running-config and device facts, run verification commands, and push idempotent baselines: secure-access hardening, SNMPv2c, and Layer-3/VLAN/access-port config. Shells out to OpenSSH; vault-resolved credentials; live reachability pre-flight check.

Nginx Proxy Manager API wrapper — snapshot proxy hosts / redirection hosts / certificates, upsert proxy hosts idempotently (match by domain set), and delete proxy hosts by id.

AdGuard Home control-API wrapper — snapshot status/stats/clients/rewrites and reconcile DNS rewrites to a desired set.

Pi-hole custom DNS record management for swamp — list, add, delete, and

Azure infrastructure management via az CLI — 24 model types covering compute, networking, data, security, identity, monitoring, DNS, DevOps, and subscription-wide topology with Mermaid diagrams and cost estimation.

Inspect VPC networking resources that commonly generate hidden costs:

General-purpose SSH operations — exec, upload, wait for connection (https://github.com/keeb/swamp-ssh)

Full OPNsense management via REST API — system status, interfaces, DNS, tunables, services, firmware/plugins, firewall states, DHCP leases, ARP table, Tailscale, WireGuard, and raw API passthrough. Replaces MCP server.

Eero mesh WiFi management via cloud API — network health, per-node status, per-client band/signal/channel diagnostics, speed tests, settings management, and raw API passthrough. Reverse-engineered from the eero mobile app API.

Tailnet health reporting — find devices running outdated Tailscale clients and alert via Slack

AWS cost audit workflow — identifies infrastructure waste by combining

Install Tailscale on remote VMs over SSH and sync tailnet machine inventory from tailscale status JSON into per-machine resources.

Configure nginx as a TCP/UDP stream proxy on a remote host over SSH, with bootstrap and per-service proxy configuration.

Peplink router management — WAN status, cellular signal diagnostics, band/carrier scanning, SpeedFusion Connect monitoring, Starlink dish control, and raw API passthrough. Works with any Peplink router running firmware 8.5+.

Scan listening ports with process, framework, project, uptime, and health enrichment — plus cleanup of orphaned listeners

Tailscale tailnet management — 10 model types covering devices, users, ACLs, DNS, auth keys, webhooks, settings, contacts, posture, and log config. 22 workflows for device inventory, user lifecycle, ACL audit, security audit, compliance, incident response, monitoring, and more. Fix: OAuth token cache now keys on credentials so different tailnets/OAuth clients no longer share tokens.