![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
silveradeptLast time, I explored how to post data to a Home Assistant endpoint so I could use a sensor to accept the data and then have a display space on one of my devices display the accepted data, after transferring it so it could be formatted correctly for the viewing.
Since then, Elon's Folly appears to have actually moved API access to the tier of "paid rube," so I had to clean up the running automations so the indicator lights weren't fetching something that didn't work for us any more. It's too bad that such a low data use was still being thrown out with all the other projects, but someone has realized that the amount of money they need to keep the social media platforms going is far more than they would be able to raise by other means, especially when that platform keeps turning into the kind of place that the advertisers want to flee in droves. And even more so now that the "we're actually the people we claim to be" system has been chaosified. In any case, the point is one of the indicator lights bit it because Elon is desperately trying to make money that he isn't going to make.
While I was at that, I was looking over the display of sensors I had on hand, including ones that helped me figure out whether some of my other appliances also needed updates, like the Pi-Hole. (It does quite well at sacking advertisements and trackers, and other such things, even if I backstop its support with uBlock in Firefox and other places wherever I can.) If you have an old and not very powerful machine at your disposal, adding a Pi-Hole to your network is a great way of letting that item just keep rolling along and contributing nicely to fighting off ads and trackers.
While I can look at the sensors that are present on my Home Assistant log and see what's available for updating, it still takes time to log in to the box, run the updater, then update the surrounding software, and then reboot the system so that everything is running on its new software packaging. For things like Home Assistant, automating updates is a risky proposition, because there's almost always going to be something doing a breaking change or threatening to do so. For the Pi-Hole, though, since it's something that there is a backup in place for in case of things going completely sideways, I thought it might be worthwhile to see if I can get it to maintain itself just a little bit. That, and the update process for the Pi-Hole is run by its own script, so it has less likelihood of hanging on an interactive bit that needs to be answered before it will begin.
Since my current Pi-Hole is running Linux, the easiest and most obvious way to handle that kind of automation would be to install into the cron daemon a request to run the update command, say, weekly. Scheduling tasks using crontabs is a time-honored Linux thing, with plenty of tutorials on how to do it. I, being a person who does things with greater complications, because I can, did not simply stash the update command into the crontab and call it a day. Because, I thought, if there's no updates, then there's no reason to call the update command and go through all of that overhead. Yes, I know it's a machine, it doesn't care, but I sometimes believe I'm smart and therefore I want to do things in a clever way.
Because the Pi-Hole integration for Home Assistant requested an API key to work, I knew there was one to work with. It is...poorly documented in the current release, shall we say. It will be better-documented and more logical in the 6 series of the software, so I'll have to change things when that happens, but for now, the important thing was to grab my API key and see what sort of horrible things I could do! Up first was figuring out how to construct the query and get back useful data. Much like how I used cURL in the process of figuring out how to create the Home Assistant Daily Wisdom sensor, I used the same thing here, this time as a GET request, rather than a POST request, formatted in the way that the forum posts said it needed to be to pass the API key and get back useful information, after sifting through more forum posts to find the appropriate endpoint to query. With that part constructed and actual data flowing back (it's JSON again!), now came the part where I needed to parse what came through, and preferably into something a little easier to work with than raw JSON. Turns out there's a utility installed that handles just that. jq is meant to parse JSON and can do a truly terrifying amount of manipulation, retrieve things with pinpoint accuracy, or execute a complex string of filtering options on a file. So, with a little bit of filtering, I can pull just the status of whether or not there's a Pi-Hole component that needs updating out of the API on one call to the right place. And, thanks to the magic of Linux pipes, I can use cURL to send the request and then filter it thorough jq before anything gets to the terminal window, so the only thing that pops up on the screen are the statuses.
Now that I know I can retrieve the target data, and only the target data, manually through piping and the terminal commands, it's time for me to put it to something actually useful. Which means I got to learn a little bit more about how to script and run things in the Bourne Again shell, or bash. Specifically, learning about how to use variables and command substitutions, so that I can pass in the results of the cURL | jq pipe to a variable and then, from there, check to see if the string in the variable contains a substring that indicates the need to run the updater. Inside the if block, if the string of results has a "true" substring, then at least one of the Pi-Hole's components has an update waiting, so then we run, in sequence, the Pi-Hole updater, the regular system updater, and then use the shutdown command with the -r flag to call a reboot instead of a halt and pass in a time parameter to make sure that the reboot happens when all good humans should be asleep instead of browsing the web. If not, then we say there's nothing that needs updating and run a command to display the versions of each of the components that are currently installed.
One that script is completed and debugged so that it works consistently, there's one last thing to do - after all, I'm not going to leave myself logged in to a session just so I can read the backscroll of everything that gets printed to the terminal window and see what went on. The default behavior is to do just that, however, so I need to do one tiny more thing, and it's to direct the shell to write the output of the script to a file that I can then read at my leisure after its run, and humans are awake and able to handle such things. That's simple enough - I created the file, then used the > operator on the command line to direct the output. That command, the one that runs the script and directs the output to the file, is the thing that I installed in the crontab, and set it to run once weekly at midnight early in the week. It's overkill, I'm sure, compared to what it could have been, but I learned more about manipulating APIs, parsing JSON, and shell scripting. And it accomplishes the thing that I need it to do. So that's nice. (Admittedly, it does so in a way that takes advantage of a certain quirk of the Pi's default setting to not require input of a password to do privileged things, if the user is logged-in as a user with the correct rights. I'll bet there's a way to do that script for a system where the password is requested for privileged access, where something sufficiently representative of that password is passed in to the command so that it runs correctly.
And there we have it! I've successfully set something up to automate making sure my Pi-Hole stays up-to-date, thanks to information that it already provides through its API and a little fancy pipe wielding and bash scripting. I feel like I could do a fair amount of these things for other bits of systems, especially if I worked out how to safely and securely pass in an appropriate password without it existing as cleartext in the script or anywhere else. That said, many of the systems I might want to deploy such automation on are the kind that will bite me in the ass with something that needs an interactive component or that will engage in breaking changes that have to be carefully navigated around to ensure they don't break the system.
[VICTORY FANFARE]
On things that are technological but not worthy of their own entry, honestly, it turns out that the reason I made specific decisions about my gaming and media desktop in 2017 aren't relevant any more, as nVIDIA decided to stop providing the GameStream service through GeForce Experience somewhere in 2022, and that means that I was blissfully hopping along on something that no longer was possible at whatever point the relevant things got turned off. Thankfully for me, since nVIDIA turned off their service, an open-source alternative has appeared (that's even better than the original, of course, because it's not limited to the specific protocols and ideas that nVIDIA had) in Sunshine, which I promptly installed and then did all the re-pairing that I needed to under the new software regime. And it cooks, loading faster and more reliably than the original did. If at whatever point there's upgrades in the future for a desktop machine (or a need to replace one with something different), it's worth figuring out what it would take so that I could remote into both of these boxes with my devices and control them that way through Sunshine. Right now, Applejack, the current Arch box, doesn't have a video card doesn't with enough stuff to make it work, but that might be something to do with birthday dollars or something like that, just so I can access both machines from anywhere in the house.
Also, I got to full-convert another Chromebook, which had a much easier time of it than the CR-48 that I did initially - popped the screws off the back, removed the write-protect screw, and then applied MrChromebox's Firmware Utility Script to get a lovely 64-bit system with 4 gigs of RAM and installed my current favorite low resource consumption distribution, BunsenLabs Linux. (I was using Lubuntu on George, the CR-48, but when Firefox went to Snap, it started taxing George a little too much for my liking, and so I'm perfectly happy with the ESR releases present in BunsenLabs. George thanks me as well for giving him a distribution that works with his 2 gigs of ram and slightly less powerful processor.) Luna, the new one is also capable enough that I was able to hook up the SSD that we extracted from Twilight Sparkle, the Surface that eventually was going to split herself apart from battery swell and boot back into my Windows 10 environment. So now I have a device that's relatively portable, has decent battery life, and can be booted back and forth between environments, if that's needed. (It's also got an HDMI out and a couple of USB ports, which means it can be my presentation driver, potentially, and something I can bring if there's going to be a significant amount of hacking or something that requests a full or full-ish keyboard to go to town. It might also be the device that I can use to try harder to achieve some form of learning steno on, or some other method of trying to learn how to type exceedingly fast.)
Since then, Elon's Folly appears to have actually moved API access to the tier of "paid rube," so I had to clean up the running automations so the indicator lights weren't fetching something that didn't work for us any more. It's too bad that such a low data use was still being thrown out with all the other projects, but someone has realized that the amount of money they need to keep the social media platforms going is far more than they would be able to raise by other means, especially when that platform keeps turning into the kind of place that the advertisers want to flee in droves. And even more so now that the "we're actually the people we claim to be" system has been chaosified. In any case, the point is one of the indicator lights bit it because Elon is desperately trying to make money that he isn't going to make.
While I was at that, I was looking over the display of sensors I had on hand, including ones that helped me figure out whether some of my other appliances also needed updates, like the Pi-Hole. (It does quite well at sacking advertisements and trackers, and other such things, even if I backstop its support with uBlock in Firefox and other places wherever I can.) If you have an old and not very powerful machine at your disposal, adding a Pi-Hole to your network is a great way of letting that item just keep rolling along and contributing nicely to fighting off ads and trackers.
While I can look at the sensors that are present on my Home Assistant log and see what's available for updating, it still takes time to log in to the box, run the updater, then update the surrounding software, and then reboot the system so that everything is running on its new software packaging. For things like Home Assistant, automating updates is a risky proposition, because there's almost always going to be something doing a breaking change or threatening to do so. For the Pi-Hole, though, since it's something that there is a backup in place for in case of things going completely sideways, I thought it might be worthwhile to see if I can get it to maintain itself just a little bit. That, and the update process for the Pi-Hole is run by its own script, so it has less likelihood of hanging on an interactive bit that needs to be answered before it will begin.
Since my current Pi-Hole is running Linux, the easiest and most obvious way to handle that kind of automation would be to install into the cron daemon a request to run the update command, say, weekly. Scheduling tasks using crontabs is a time-honored Linux thing, with plenty of tutorials on how to do it. I, being a person who does things with greater complications, because I can, did not simply stash the update command into the crontab and call it a day. Because, I thought, if there's no updates, then there's no reason to call the update command and go through all of that overhead. Yes, I know it's a machine, it doesn't care, but I sometimes believe I'm smart and therefore I want to do things in a clever way.
Because the Pi-Hole integration for Home Assistant requested an API key to work, I knew there was one to work with. It is...poorly documented in the current release, shall we say. It will be better-documented and more logical in the 6 series of the software, so I'll have to change things when that happens, but for now, the important thing was to grab my API key and see what sort of horrible things I could do! Up first was figuring out how to construct the query and get back useful data. Much like how I used cURL in the process of figuring out how to create the Home Assistant Daily Wisdom sensor, I used the same thing here, this time as a GET request, rather than a POST request, formatted in the way that the forum posts said it needed to be to pass the API key and get back useful information, after sifting through more forum posts to find the appropriate endpoint to query. With that part constructed and actual data flowing back (it's JSON again!), now came the part where I needed to parse what came through, and preferably into something a little easier to work with than raw JSON. Turns out there's a utility installed that handles just that. jq is meant to parse JSON and can do a truly terrifying amount of manipulation, retrieve things with pinpoint accuracy, or execute a complex string of filtering options on a file. So, with a little bit of filtering, I can pull just the status of whether or not there's a Pi-Hole component that needs updating out of the API on one call to the right place. And, thanks to the magic of Linux pipes, I can use cURL to send the request and then filter it thorough jq before anything gets to the terminal window, so the only thing that pops up on the screen are the statuses.
Now that I know I can retrieve the target data, and only the target data, manually through piping and the terminal commands, it's time for me to put it to something actually useful. Which means I got to learn a little bit more about how to script and run things in the Bourne Again shell, or bash. Specifically, learning about how to use variables and command substitutions, so that I can pass in the results of the cURL | jq pipe to a variable and then, from there, check to see if the string in the variable contains a substring that indicates the need to run the updater. Inside the if block, if the string of results has a "true" substring, then at least one of the Pi-Hole's components has an update waiting, so then we run, in sequence, the Pi-Hole updater, the regular system updater, and then use the shutdown command with the -r flag to call a reboot instead of a halt and pass in a time parameter to make sure that the reboot happens when all good humans should be asleep instead of browsing the web. If not, then we say there's nothing that needs updating and run a command to display the versions of each of the components that are currently installed.
One that script is completed and debugged so that it works consistently, there's one last thing to do - after all, I'm not going to leave myself logged in to a session just so I can read the backscroll of everything that gets printed to the terminal window and see what went on. The default behavior is to do just that, however, so I need to do one tiny more thing, and it's to direct the shell to write the output of the script to a file that I can then read at my leisure after its run, and humans are awake and able to handle such things. That's simple enough - I created the file, then used the > operator on the command line to direct the output. That command, the one that runs the script and directs the output to the file, is the thing that I installed in the crontab, and set it to run once weekly at midnight early in the week. It's overkill, I'm sure, compared to what it could have been, but I learned more about manipulating APIs, parsing JSON, and shell scripting. And it accomplishes the thing that I need it to do. So that's nice. (Admittedly, it does so in a way that takes advantage of a certain quirk of the Pi's default setting to not require input of a password to do privileged things, if the user is logged-in as a user with the correct rights. I'll bet there's a way to do that script for a system where the password is requested for privileged access, where something sufficiently representative of that password is passed in to the command so that it runs correctly.
And there we have it! I've successfully set something up to automate making sure my Pi-Hole stays up-to-date, thanks to information that it already provides through its API and a little fancy pipe wielding and bash scripting. I feel like I could do a fair amount of these things for other bits of systems, especially if I worked out how to safely and securely pass in an appropriate password without it existing as cleartext in the script or anywhere else. That said, many of the systems I might want to deploy such automation on are the kind that will bite me in the ass with something that needs an interactive component or that will engage in breaking changes that have to be carefully navigated around to ensure they don't break the system.
[VICTORY FANFARE]
On things that are technological but not worthy of their own entry, honestly, it turns out that the reason I made specific decisions about my gaming and media desktop in 2017 aren't relevant any more, as nVIDIA decided to stop providing the GameStream service through GeForce Experience somewhere in 2022, and that means that I was blissfully hopping along on something that no longer was possible at whatever point the relevant things got turned off. Thankfully for me, since nVIDIA turned off their service, an open-source alternative has appeared (that's even better than the original, of course, because it's not limited to the specific protocols and ideas that nVIDIA had) in Sunshine, which I promptly installed and then did all the re-pairing that I needed to under the new software regime. And it cooks, loading faster and more reliably than the original did. If at whatever point there's upgrades in the future for a desktop machine (or a need to replace one with something different), it's worth figuring out what it would take so that I could remote into both of these boxes with my devices and control them that way through Sunshine. Right now, Applejack, the current Arch box, doesn't have a video card doesn't with enough stuff to make it work, but that might be something to do with birthday dollars or something like that, just so I can access both machines from anywhere in the house.
Also, I got to full-convert another Chromebook, which had a much easier time of it than the CR-48 that I did initially - popped the screws off the back, removed the write-protect screw, and then applied MrChromebox's Firmware Utility Script to get a lovely 64-bit system with 4 gigs of RAM and installed my current favorite low resource consumption distribution, BunsenLabs Linux. (I was using Lubuntu on George, the CR-48, but when Firefox went to Snap, it started taxing George a little too much for my liking, and so I'm perfectly happy with the ESR releases present in BunsenLabs. George thanks me as well for giving him a distribution that works with his 2 gigs of ram and slightly less powerful processor.) Luna, the new one is also capable enough that I was able to hook up the SSD that we extracted from Twilight Sparkle, the Surface that eventually was going to split herself apart from battery swell and boot back into my Windows 10 environment. So now I have a device that's relatively portable, has decent battery life, and can be booted back and forth between environments, if that's needed. (It's also got an HDMI out and a couple of USB ports, which means it can be my presentation driver, potentially, and something I can bring if there's going to be a significant amount of hacking or something that requests a full or full-ish keyboard to go to town. It might also be the device that I can use to try harder to achieve some form of learning steno on, or some other method of trying to learn how to type exceedingly fast.)
