One Script to Secure Your Shit, Two More to Tell You About It
`vpn`, `vitals`, and `vitals monitor` keep my connections locked and my servers visible. Purpose-built and a bit hacky—here’s how they work and why I rely on them.
I self-host this blog, earth.law (Mastodon), lone.earth (Peertube), sij.ai (Forgejo), we2.ee (Matrix), and a mess of other communications, data gathering & forensics, and personal cloud infra and microservices. Unencrypted traffic or blind spots? Not happening. These three scripts—vpn
, vitals
, vitals monitor
—secure my setup and keep me in the loop. They’re rough-edged but deliberate, living in my system PATH alongside the dozens more at sij.ai/sij/pathScripts. Let’s dig in.
vpn: exit node control with privacy in mind
vpn
manages Mullvad VPN exit nodes through Tailscale, encrypting traffic and keeping logs. It's at sij.ai/sij/pathScripts with docs.
What It Does
- Commands:
start
,stop
,new
,shh
(random from privacy-strong countries),to <country>
,status
. - Logs switches to
/var/log/vpn_rotation.txt
. shh
picks from a list—Finland, Germany, Iceland, etc.—where privacy laws mean something, more critical than ever for dissidents and discontents in the US of A.. under the current administration.
Examples
vitals: server health in JSON
vitals
dumps server Tailscale and AdGuard network diagnostics to JSON for downstream use. It’s also at sij.ai/sij/pathScripts along with more documentation.
What It Does
- Grabs local IP and uptime.
- Hits Mullvad’s API for WAN IP, VPN status.
- Checks Tailscale nodes and AdGuard via custom filtering rules.
Example
Setup
Add an AdGuard DNS rewrite — check.adguard.test
pointed to the server's Tailscale IP (100.x.x.x
).
vitals monitor: track server vitals in macOS menu bar
A SwiftBar plugin for macOS built on vitals and vpn, pinging my local machine and two servers every 15 seconds and parking the results up top in hyper-minimalist fashion. Find it at sij.ai/sij/SwiftBar.
What It Does
- Runs
vitals
on localhost and up to two servers (defined in~/.servers.yaml
) - Menu bar Braille readout: one row per server, left dot for Mullvad VPN, right for AdGuard DNS, ●: on, ○: off.
- Flag emoji: localhost's exit node country—jurisdiction in one glyph.
- Dropdown: WAN IP, Mullvad hostname, DNS, uptime. IP's clickable to rotate VPN.
Example
Menu bar shows ⠝ 🇩🇪
:
- Localhost: ●● - Mullvad (VPN) on, AdGuard (DNS) on
- Server 1: ○● - Mullvad (VPN) off, AdGuard (DNS) on
- Server 2: ●○ - Mullvad (VPN) on, AdGuard (DNS) off
- 🇩🇪 means the localhost's internet traffic goes is routed through a Mullvad exit node in Germany.
Dropdown might look like:
sij-mbp16
🇸🇪 89.37.63.18
⋈ AdGuard Home
⧖ up 6 hours, 58 minutes
---
sij-vm
🇩🇰 45.129.56.152
⋈ AdGuard Home
⧖ up 5 days, 15 hours, 31 minutes
---
sij-fin
🇫🇮 65.21.99.202
⋈ Standard DNS
⧖ up 1 week, 21 hours, 17 minutes
The line with the flag emoji and public IP under each server is clickable—SwiftBar hides a | bash=/tmp/swiftbar_vpn_123.sh
tag linked to temp scripts that'll run a server’s vpn shh
.
So, say I spot ⠙
mid-work—my NAS's VPN connection has dropped. Click the dropdown IP and it’s back on a trusted Finnish node—no terminal dance, no fuss.

Setup
Install SwiftBar, populate ~/.servers.yaml
(see repo example). SSH needs to work—keys or passwords.
Why I Run Them
These are hacky fixes that stuck and earned a place in my system PATH. vpn
owns my traffic—2025’s political climate keeps it non-negotiable when handling anything confidential. vitals
cuts through bullshit with raw data. vitals monitor
brings it to the top of my screen—suitably minimalist for macOS, sufficiently cryptic to shrug off prying eyes, just enough to know what's up. Light, PATH-ready, no GUI bloat.
Get Them
Grab vpn
and vitals
at sij.ai/sij/pathScripts, vitals monitor
at sij.ai/sij/SwiftBar. They evolve there—check for updates. Tinker, break, fix—and ping me at @sij:we2.ee with rants or results.