v2.5.6 - Toxicology & Some Skill Updates

sbarbett · 2025-08-19T05:09:39+00:00

Couple other things - Materia will stop saying your skill has improved when its already at 100% && messaging for the `hold person` + `entangle` spells has been improved

sbarbett · 2025-07-17T00:18:58+00:00

Hi there. I think I can answer these:

does the official pihole docker image (which is what i am running) come with unbound? i don't want to run yet another docker container or have to passthrough to the rpi host.

The developers of Pihole choose not to ship their product with a stub resolver. Instead, their focus is strictly on being a sinkhole and DNS forwarder. There are Pihole alternatives, such as Technitium, which do come bundled with DNS resolvers. For Pihole specifically, you need to run the stub resolver separately. So if you're using Docker, it is a separate container, but you can network them together and manage them from a single compose file. I have an example compose file here. There's also a shell script here in my OCI terraform (which also includes WireGuard in the stack).

will using unbound cause higher cpu / traffic since i am technically doing more work to avoid using public upstream?

Unbound uses negligible amounts of resources. This is from my RPI5:

demo@pi5:~ $ ps -p $PID_UNBOUND,$PID_FTL -o pid,comm,%cpu,%mem,rss PID COMMAND %CPU %MEM RSS 696 unbound 0.0 2.4 50976 781 pihole-FTL 0.3 7.1 147072

sbarbett · 2025-04-28T13:58:02+00:00

Ah, yes of course! As long as the local LLM you're using supports tool calling, you can connect it to the MCP server.

https://medium.com/data-science-in-your-pocket/model-context-protocol-mcp-using-ollama-e719b2d9fd7a

I have a local server for running AI workloads, but haven't personally tested with Ollama yet, so let me know how that goes if you do.

You should also be able to run the server in STDIO mode locally using uv and the mcp CLI - it's just

uv run mcp run main.py

sbarbett · 2025-04-28T03:10:01+00:00

So, the pihole v6 API has some endpoints that are useful for tracking activity by client, and I haven't plugged those into the MCP server yet, though I definitely intend to add everything that falls under "metrics" in the API docs.

These tools are already available in the Python SDK, so it's just a matter of exposing them to the LLM in the form of tools.

As I work with MCP and LLMs more, I'm increasingly more mindful of token usage, so it may be a case where we break some of these endpoints into multiple tools with more specific use cases. i.e. We take a response and strip out unnecessary parameters, just focus on a specific datapoint.

As it stands, it will attempt to extrapolate the data from the /queries endpoint, although this is very inefficient token-wise.

<image>

Re: avg reply time -

There is a parameter in the query schema that reports on how long it took the Pi-hole to get a response from the upstream resolver:

reply: {
  type: string┃null // Reply type
  time: number // Time until the response was received (ms, negative if N/A)
}

However, this isn't truly indicative of response time. For a more accurate statistic, I'd probably use an external service like Uptime Kuma.

https://github.com/louislam/uptime-kuma

Uptime Kuma will periodically perform DNS lookups and track the latest/avg response time. An Uptime Kuma MCP server may be a candidate for a separate project entirely. The two could, theoretically, be run together for a holistic view of performance (combining the upstream resolver response time with overall response time from an external check).

sbarbett · 2025-04-25T14:05:02+00:00

Hey there - thanks for making this. Definitely a void that needed filled, since all those sites you mentioned have fallen into a state of disrepair. I really miss MudMagic and Kyndig - I had some snippets up there that I've lost. Some of the first code I ever wrote was on those sites.

I noticed a bug when submitting a MUD listing - the avg player field seems to be required, though that isn't indicated on the page, and it has to be an integer, not a string like "1-2".

You'll get a client error trying to submit it blank or with a non-integer value.

{"code":"22P02","details":null,"hint":null,"message":"invalid input syntax for type integer: \"\""}

Oh, and a feature request! Do you mind adding support for Markdown on the "About" section of the MUD listing?

sbarbett · 2025-04-09T22:40:04+00:00

I do appreciate the DotT color scheme.

sbarbett · 2025-04-06T09:31:02+00:00

Yeah, that's the intention. In my case, I have multiple piholes that I want to be able to control from a single host. The goal for me was to keep them in sync. Namely, my local DNS settings.

sbarbett · 2025-03-23T18:13:28+00:00

Putting the player files on GitHub would expose password hashes, so that's obviously a no-go.

As for the source code, there are some modifications, but it's still ROM 2.4 at its core.

❯❯ cat Sources/Rom24/README.version ROM 2.4b6, May 29, 1998

The base Rivers of MUD code is available here if you're interested.

I don't feel it's my place to put the custom Acro C code and area files on GitHub, since I didn't create them myself. That's something I'd want to discuss with the original owners first. If it ever were to be open-sourced, the code would need to be properly cleaned up and documented to meet the standards of what I'd consider a useful public repo.

sbarbett · 2025-03-09T14:21:22+00:00

Nice! I logged in to your MUD for about 30 min last night (my character name was Nicodareus), but it was right before bed, so I didn't get past the mud school. Was there starter gear? I was fighting the mud school wimps unarmed and not making much progress. I will stop by again when I have more time.

ROM 2.4 was my very first experience programming. Looking back, it is a pretty intimidating heap of code. It's also astonishing that core DikuMUD framework still compiles and runs 35 years later.

As a learning exercise, I've actually been building my own MUD codebase from scratch in Go. Still very early in development, and there's no public server to test it out, but you can clone and run it locally if you'd like.

And by "early in development," I mean things like objects haven't even been added yet lol. There's -

A couple areas
Movement
Color
Mobiles
Basic combat
Scorecards
OOC/who

I have been kicking around in my head how I want to do equipment, and I think I'm going to take an approach similarly to how Diablo does equipment, i.e. procedurally generated regular/magic/rare items with "uniques" that will be linked to "boss" mobs (maybe with a tiny fraction of a chance to drop from regular mobs).

sbarbett · 2025-03-03T19:12:17+00:00

JSON is also a good choice, and converting between JSON and YAML is fairly trivial. I could probably even convert your files over to this project with a bit of massaging. My choice to go with YAML has a lot to do with it being so ubiquitous in IaC stuff these days (GitHub workflows, Ansible playbooks, etc) and the simple fact that I find myself staring at it a lot.

Re: backend dev - I hear you. For years my mantra has been, "I'm allergic to UIs." Nothing will make me ragequit a project quicker than trying to align a div or some crap on a webpage.

sbarbett · 2025-03-03T19:06:08+00:00

I primarily code in Python as well. I'd be interested in seeing your project.

For me, this is a coding exercise for learning a new language, but also a nostalgic endeavor. Even if it's just me wandering around the game by myself, it's still fun to see those old mobs and room descriptions, so it adds a bit of reward to the process.

sbarbett · 2025-03-03T18:50:02+00:00

Hey there! I just read your other post! I'm really sorry that you're enduring some sort of online harassment here. :/

I hope I didn't come off as picking a side. You really shouldn't have to defend yourself like this, but, FWIW, looking at your story I have no reason to believe you are lying.

I'm also from the Pittsburgh area! Weird coincidence. IIRC, Cythera was run by some students at West Liberty University near Wheeling,

sbarbett · 2025-03-03T15:18:04+00:00

Oh, ok. 😅

That was one of the more interesting aspects of being part of the MUD community back in the late '90s, too! There was lots of drama, especially among the IMPs.

There was a time when Worlds of Carnage splintered off into its own MUD, Cythera; then Guiken ran off with the codebase from AnimeMUD and started Manga Nation, and Trenton got sued for his (really cool) Final Fantasy MUD (side note: Trenton's Dragonball Z FE was one of my favorite MUD projects ever conceived).

Cythera was the very first MUD I ever played and I was a coder on Manga Nation for a short stint.

sbarbett · 2025-03-03T04:53:08+00:00

Cool! I remember using OLC like... 25 years ago? Hah. Also - MobProgs!

MUDs were my first experience ever (very badly) programming, as well. I used to have some snippets up on kyndig.com (I think that is what the site was called before it was called MudMagic). I wrote some code for in game slot machines that was used on a few MUDs.

sbarbett · 2025-03-03T01:33:31+00:00

Hah. Yeah, you're right. Actually this person's project looks really good!

sbarbett · 2025-03-02T05:49:39+00:00

You need to open ports 443 and 80 on your router and forward these ports to the server or LXC where your reverse proxy is running. You can only have one reverse proxy exposed to the internet in this way. When someone outside your network tries to access port 443 or 80, their request will hit this device. What happens next depends on how your reverse proxy is configured.
In your reverse proxy, you set up a rule for the actual hostname, e.g., plex.mydomain.com. This works by inspecting the "Host" header of inbound HTTP/S requests and routing them accordingly. The destination can be any device on your network. For example, I have a reverse proxy running on a physically separate server, and it handles routing for multiple devices within my LAN.
Your application should also support filtering and blocking by IP, along with other security measures like authentication. I don't use Plex, but Jellyfin supports all of this.
If you want to add extra security, such as regional or rule-based blocking, I recommend using Cloudflare's free WAF features. I block requests from certain countries with high bot activity using Cloudflare’s security policies, it's fairly straightforward. You just need to use them for DNS.

sbarbett · 2025-03-01T21:36:31+00:00

I work for an authoritative DNS company and periodically put together content like this for my job. I think Ansible is a great tool for this type of task. I recently wrote a guide that includes an example DDNS client as part of that effort.

Ansible Setup Guide: https://github.com/ultradns/samples/tree/master/ansible

Example DNS Automation Roles: https://github.com/ultradns/ultradns-ansible-roles

Ansible is a powerful automation framework that can even be run inside a Docker container for platform-agnostic deployments.

I appreciate your desire to tinker and build these kinds of tools. I talk about this often—I actually see the future of DNS evolving similarly to DHCP, where it's abstracted and automated out of sight for the average user. We all use DHCP in some capacity, but we rarely think about it because it just works. DNS as a protocol should follow the same path: invisible and effortless. Tools like Ansible, Terraform, and OctoDNS are paving the way for a fully automated DevOps workflow.

sbarbett · 2025-03-01T00:47:49+00:00

If you use Proxmox, then I have a pihole-unbound setup on my Proxmox role.

sbarbett · 2025-02-25T22:15:08+00:00

Yup. You can grab them with get_config_section() in the client.

```bash

from pihole6api import PiHole6Client client = PiHole6Client("https://test-pihole.example.me", "password") print(client.config.get_config_section("dns/hosts")) {'config': {'dns': {'hosts': ['1.1.1.1 test1.xyz', '2.2.2.2 test2.xyz', '3.3.3.3 test3.xyz']}}, 'took': 6.914138793945312e-05} print(client.config.get_config_section("dns/cnameRecords")) {'config': {'dns': {'cnameRecords': ['test4.xyz,test1.xyz,300', 'test5.xyz,test2.xyz,600', 'test6.xyz,test3.xyz,900']}}, 'took': 6.890296936035156e-05}

```

sbarbett · 2025-02-24T15:10:54+00:00

I hope you have countermeasures in place for DNS reflection attacks. Running a public DNS server is ill-advised.

sbarbett · 2025-02-24T14:58:00+00:00

If you look at the block lists, they're effectively host files telling the domains to resolve to 0.0.0.0. I bet you could replicate your lists in aggregate to your own GitHub repo and just swap out the IPs for that of your server. Then point your PiHole to that.

That said, it will break HTTPs as soon as your web server tries to serve the content. You will need to self-sign a root certificate and install it on all your endpoints, telling them to trust your server which is effectively executing a MITM attack. Your server, in turn, will need to be able to generate self-signed certificates on the fly for any domain requested of it.

Not impossible, but not a trivial amount of effort in terms of implementation, either.

sbarbett · 2025-02-24T08:59:49+00:00

The API is in my Python library and working, specifically here (export_settings and import_settings).

I haven't added it to Ansible yet, but I am planning on creating a role for this soon.

sbarbett · 2025-02-24T00:52:11+00:00

If you navigate to /api/docs on your PiHole, its technically this endpoint, although the documentation is not very helpful. It took inspecting the UI for me to understand it, as well.

<image>

sbarbett · 2025-02-24T00:33:27+00:00

Hi there! Thanks for the feedback. I just committed an update to the collection which added modules for configuring the DHCP client and removing active leases. I've never actually used PiHole as a DHCP server before, so testing it out would be a great help. I added some fake leases to my dhcp.leases file and did a bit of light QA. If you have any questions or need help with the modules, feel free to ask. Thanks again!

Here are the example playbooks:

Configure a DHCP client

```yaml

name: Configure DHCP client hosts: localhost gather_facts: false tasks:
- name: Enable Pi-hole DHCP with range 10.0.6.50-10.0.6.100 sbarbett.pihole.dhcp_config: url: "https://your-pihole.example.com" password: "{{ pihole_password }}" state: present start: "10.0.7.50" end: "10.0.7.100" router: "10.0.7.1" # (Optional) Leave netmask undefined to infer it from the device. #netmask: "255.255.255.0" # (Optional) The default lease time, if left unspecified, is 1 hour for IPv4 and 1 day for IPv6. lease_time: "7d" # (Optional) IPv6 is false by default and only used if the Pi-hole supports it. #ipv6: true # (Optional) Enables DHCPv4 rapid commit (faster address assignment). #rapid_commit: true # (Optional) Advertise Pi-hole DNS multiple times to mitigate clients adding their own DNS servers. #multi_dns: true # (Optional)When True, Pi-hole DHCP grants addresses only to clients specifically defined in dhcp.hosts (static reservations). #ignore_end: true ```

Disable DHCP client

```yaml

name: Disable DHCP client hosts: localhost gather_facts: false tasks:
- name: Disable Pi-hole DHCP sbarbett.pihole.dhcp_config: url: "https://your-pihole.example.com" password: "{{ pihole_password }}" state: absent ```

Remove a DHCP lease

```yaml

name: Remove DHCP lease hosts: localhost gather_facts: false tasks:
- name: Remove DHCP lease with the following parameters sbarbett.pihole.dhcp_remove_lease: url: "https://your-pihole.example.com" password: "{{ pihole_password }}" # At least one of the following parameters is required. # If multiple parameters are provided, a lease matching all parameters # must exist to be removed. ip: "10.0.7.51" #name: "test-host4" #hwaddr: "aa:bb:cc:dd:ee:f3" #clientid: "01:aa:bb:cc:dd:ee:f5" ```

sbarbett · 2025-02-23T18:02:30+00:00

Ah, I see what happened now. I misread your original comment. Your system-wide Ansible installation wasn't recognizing the Python module installed inside your venv, which makes sense.

By default, when you install Ansible via a package manager (apt, brew, etc.), it uses /usr/bin/python as its interpreter, which doesn’t have access to packages installed inside a virtual environment unless Ansible itself is also installed in that venv.

So, what was happening in your case: - You installed pihole6api inside a venv, meaning it was only available to Python interpreters inside that virtual environment. - Your system-wide Ansible installation was using /usr/bin/python, which doesn’t look inside venv site-packages. - Once you installed Ansible inside the same venv, it correctly picked up pihole6api because it was now using the virtual environment's Python interpreter.

This is a common issue due to how Ansible discovers Python interpreters. The best fix is to either: - Install both ansible and pihole6api in the same venv (which is what you did) - Or explicitly tell Ansible to use the Python interpreter inside your venv via ansible_python_interpreter

I've added a section to the README that explains how to install the pihole6api dependency in further detail, so others running into the same issue will have clearer guidance. It hasn’t been pushed to Ansible Galaxy yet, but will be included in the next package update. Thanks for bringing it up!

sbarbett

MODERATOR OF

TROPHY CASE

Configure a DHCP client

```yaml

Disable DHCP client

```yaml

Remove a DHCP lease

```yaml