One Script to Secure Your Shit, Two More to Tell You About It

I self-host this blog, earth.law (Mastodon), lone.earth (Peertube), sij.ai (Forgejo), we2.ee (Matrix), and a mess of other communications, data gathering & forensics, and personal cloud infra and microservices. Unencrypted traffic or blind spots? Not happening. These three scripts—vpn, vitals, vitals monitor—secure my setup and keep me in the loop. They’re rough-edged but deliberate, living in my system PATH alongside the dozens more at sij.ai/sij/pathScripts. Let’s dig in.

vpn: exit node control with privacy in mind

vpn manages Mullvad VPN exit nodes through Tailscale, encrypting traffic and keeping logs. It's at sij.ai/sij/pathScripts with docs.

What It Does

• Commands: start, stop, new, shh (random from privacy-strong countries), to <country>, status.
• Logs switches to /var/log/vpn_rotation.txt.
• shh picks from a list—Finland, Germany, Iceland, etc.—where privacy laws mean something, more critical than ever for dissidents and discontents in the US of A.. under the current administration.

Examples

vitals: server health in JSON

vitals dumps server Tailscale and AdGuard network diagnostics to JSON for downstream use. It’s also at sij.ai/sij/pathScripts along with more documentation.

What It Does

• Grabs local IP and uptime.
• Hits Mullvad’s API for WAN IP, VPN status.
• Checks Tailscale nodes and AdGuard via custom filtering rules.

Example

Setup

Add an AdGuard DNS rewrite — check.adguard.test pointed to the server's Tailscale IP (100.x.x.x).

vitals monitor: track server vitals in macOS menu bar

A SwiftBar plugin for macOS built on vitals and vpn, pinging my local machine and two servers every 15 seconds and parking the results up top in hyper-minimalist fashion. Find it at sij.ai/sij/SwiftBar.

What It Does

• Runs vitals on localhost and up to two servers (defined in ~/.servers.yaml)
• Menu bar Braille readout: one row per server, left dot for Mullvad VPN, right for AdGuard DNS, ●: on, ○: off.
• Flag emoji: localhost's exit node country—jurisdiction in one glyph.
• Dropdown: WAN IP, Mullvad hostname, DNS, uptime. IP's clickable to rotate VPN.

Example

Menu bar shows ⠝ 🇩🇪:

• Localhost: ●● - Mullvad (VPN) on, AdGuard (DNS) on
• Server 1: ○● - Mullvad (VPN) off, AdGuard (DNS) on
• Server 2: ●○ - Mullvad (VPN) on, AdGuard (DNS) off
• 🇩🇪 means the localhost's internet traffic goes is routed through a Mullvad exit node in Germany.

Dropdown might look like:

sij-mbp16
🇸🇪 89.37.63.18
⋈ AdGuard Home
⧖ up 6 hours, 58 minutes

---

sij-vm
🇩🇰 45.129.56.152
⋈ AdGuard Home
⧖ up 5 days, 15 hours, 31 minutes

---

sij-fin
🇫🇮 65.21.99.202
⋈ Standard DNS
⧖ up 1 week, 21 hours, 17 minutes

The line with the flag emoji and public IP under each server is clickable—SwiftBar hides a | bash=/tmp/swiftbar_vpn_123.sh tag linked to temp scripts that'll run a server’s vpn shh .

So, say I spot ⠙ mid-work—my NAS's VPN connection has dropped. Click the dropdown IP and it’s back on a trusted Finnish node—no terminal dance, no fuss.

Setup

Install SwiftBar, populate ~/.servers.yaml (see repo example). SSH needs to work—keys or passwords.

Why I Run Them

These are hacky fixes that stuck and earned a place in my system PATH. vpn owns my traffic—2025’s political climate keeps it non-negotiable when handling anything confidential. vitals cuts through bullshit with raw data. vitals monitor brings it to the top of my screen—suitably minimalist for macOS, sufficiently cryptic to shrug off prying eyes, just enough to know what's up. Light, PATH-ready, no GUI bloat.

Get Them

Grab vpn and vitals at sij.ai/sij/pathScripts, vitals monitor at sij.ai/sij/SwiftBar. They evolve there—check for updates. Tinker, break, fix—and ping me at @sij:we2.ee with rants or results.