EXTENSIONS

Manage a NETGEAR M4250 (AV Line) managed switch over its SSH CLI — capture running-config and device facts, run verification show-commands (VLANs, ports, PoE, MAC table, LLDP, IGMP snooping), apply IGMP-querier and multicast-containment config, and force/restore a port's speed-duplex. Prompt-paced I/O for the M4250's interactive shell, vault-resolved credentials, shells out to OpenSSH.

Sync a Ruckus Unleashed wireless controller into swamp as queryable data. The extension SSHes into the Unleashed master, drives its interactive CLI through a prompt-matching state machine (Unleashed accepts SSH `none` auth and prompts for app-level login on the remote pty, so no `sshpass` or pty wrapper is required), and writes one resource per controller, access point, and WLAN.

Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 14 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.

Monitor a Luxul AMS-series managed switch (e.g. AMS-1208P) over SNMP v2c — device facts, per-port link/error telemetry, and PoE main-budget headroom. Built for AV-over-IP racks carrying Crestron NVX endpoints, where PoE budget and link health drive stream reliability. Read-only; vault-resolved SNMP community.

Azure infrastructure management via az CLI — 31 model types covering compute, networking, data, security, RBAC, Azure Policy, Defender for Cloud, Entra directory, monitoring, DNS, DevOps, and subscription-wide topology with Mermaid diagrams and cost estimation.

Full OPNsense management via REST API — system status, interfaces, DNS, tunables, services, firmware/plugins, firewall states, DHCP leases, ARP table, Tailscale, WireGuard, and raw API passthrough. Replaces MCP server.

Eero mesh WiFi management via cloud API — network health, per-node status, per-client band/signal/channel diagnostics, speed tests, settings management, and raw API passthrough. Reverse-engineered from the eero mobile app API.

Manage a Cisco IOS switch (e.g. Catalyst 2960) over SSH after console bootstrap — capture running-config and device facts, run verification commands, and push idempotent baselines: secure-access hardening, SNMPv2c, and Layer-3/VLAN/access-port config. Shells out to OpenSSH; vault-resolved credentials; live reachability pre-flight check.

Install Tailscale on remote VMs over SSH and sync tailnet machine inventory from tailscale status JSON into per-machine resources.

Porkbun DNS record management with full CRUD for all common record types

AWS cost audit workflow — identifies infrastructure waste by combining

Configure nginx as a TCP/UDP stream proxy on a remote host over SSH, with bootstrap and per-service proxy configuration.

DNS policy compiler — merge manual vhosts + auto-discovered proxy hosts + static rewrites into a deduped desired list for an internal-DNS reconciler (e.g. AdGuard Home), plus a separate hostname list for public exposure.

Nginx Proxy Manager API wrapper — snapshot proxy hosts / redirection hosts / certificates, upsert proxy hosts idempotently (match by domain set), and delete proxy hosts by id.

AdGuard Home control-API wrapper — snapshot status/stats/clients/rewrites and reconcile DNS rewrites to a desired set.

Pi-hole custom DNS record management for swamp — list, add, delete, and

Inspect VPC networking resources that commonly generate hidden costs:

General-purpose SSH operations — exec, upload, wait for connection (https://github.com/keeb/swamp-ssh)

Tailnet health reporting — find devices running outdated Tailscale clients and alert via Slack

Peplink router management — WAN status, cellular signal diagnostics, band/carrier scanning, SpeedFusion Connect monitoring, Starlink dish control, and raw API passthrough. Works with any Peplink router running firmware 8.5+.

Scan listening ports with process, framework, project, uptime, and health enrichment — plus cleanup of orphaned listeners

Tailscale tailnet management — 10 model types covering devices, users, ACLs, DNS, auth keys, webhooks, settings, contacts, posture, and log config. 22 workflows for device inventory, user lifecycle, ACL audit, security audit, compliance, incident response, monitoring, and more. Fix: OAuth token cache now keys on credentials so different tailnets/OAuth clients no longer share tokens.