urania/nadir-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 22 Wiki Activity

feat(system): enhance system architecture

Browse Source
This commit is contained in:
urania
2026-06-25 14:44:47 +02:00
parent 54108c263f
commit 637795338c
17 changed files with 783 additions and 617 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/server/server.go
+11 -2
View File
@@ -24,7 +24,6 @@ import (
"nadir/internal/config"
"nadir/internal/meta"
"nadir/internal/module"
"nadir/internal/modules/audit"
"nadir/internal/modules/groups"
"nadir/internal/modules/networking"
"nadir/internal/modules/packages"
@@ -38,6 +37,15 @@ import (
"github.com/danielgtaylor/huma/v2/adapters/humago"
)
// auditModule is a synthetic module so the config validator knows the "audit"
// permission vocabulary. The actual endpoint is registered by meta.RegisterAudit —
// a full module for one GET is too shallow.
type auditModule struct{}
func (auditModule) ID() string { return "audit" }
func (auditModule) Permissions() []rbac.Permission { return []rbac.Permission{rbac.Read} }
func (auditModule) Register(huma.API) {}
// main is a thin command dispatcher. With no subcommand (or "run") it starts the
// server; the rest manage nadir as a systemd service or tail its logs. Service
// plumbing lives in service.go, TLS in tls.go.
@@ -210,7 +218,7 @@ func runServer() {
packages.New(),
networking.New(),
storage.New(),
audit.New(auditStore),
auditModule{},
}
roles := rbac.New()
@@ -246,6 +254,7 @@ func runServer() {
meta.RegisterHealth(api, sessions)
meta.RegisterWhoami(api, sessions, tokenAuth, roles, mods)
meta.RegisterUpdate(api, configPath)
meta.RegisterAudit(api, auditStore)
auth.RegisterLogin(api, sessions, auditStore, cfg.SecureCookie())
auth.RegisterLogout(api, sessions, cfg.SecureCookie())
internal/modules/audit/module.go → internal/meta/audit.go
+9 -25
View File
@@ -1,33 +1,13 @@
package audit
package meta
import (
"context"
"nadir/internal/auditlog"
"nadir/internal/rbac"
"github.com/danielgtaylor/huma/v2"
)
const ModuleID = "audit"
type Module struct {
store *auditlog.Store
}
func New(store *auditlog.Store) *Module { return &Module{store: store} }
func (m *Module) ID() string { return ModuleID }
// Permissions: read to view the audit trail. There is no write - entries are
// produced by the middleware, never by an API call.
func (m *Module) Permissions() []rbac.Permission {
return []rbac.Permission{rbac.Read}
}
// Types are named AuditList* (not ListInput/ListOutput) because Huma derives
// OpenAPI schema names from the Go type name alone, not package-qualified, so a
// bare "ListOutput" here would collide with the packages module's.
type AuditListInput struct {
Limit int `query:"limit" default:"200" minimum:"1" maximum:"10000" doc:"Max entries to return, newest first"`
}
@@ -38,7 +18,11 @@ type AuditListOutput struct {
}
}
func (m *Module) Register(api huma.API) {
// RegisterAudit wires GET /api/audit. It lives in meta because a full module
// for a single read-only endpoint is too shallow — the interface is nearly as
// wide as the implementation. The audit trail is produced by the RBAC
// middleware; this endpoint provides read-only access to it.
func RegisterAudit(api huma.API, store *auditlog.Store) {
huma.Register(api, huma.Operation{
OperationID: "audit-list",
Method: "GET",
@@ -46,11 +30,11 @@ func (m *Module) Register(api huma.API) {
Summary: "List recorded actions",
Description: "Returns the audit trail of privileged write operations " +
"(who, what, when, result), newest first.",
Tags: []string{"Audit"},
Metadata: map[string]any{"module": ModuleID, "permission": "read"},
Tags: []string{"Meta", "Audit"},
Metadata: map[string]any{"module": "audit", "permission": "read"},
Errors: []int{401, 403, 500},
}, func(ctx context.Context, in *AuditListInput) (*AuditListOutput, error) {
entries, err := m.store.List(in.Limit)
entries, err := store.List(in.Limit)
if err != nil {
return nil, huma.Error500InternalServerError("read audit log failed", err)
}
internal/modules/services/services.go
+3 -8
View File
@@ -3,10 +3,8 @@ package services
import (
"context"
"encoding/json"
"os/exec"
"regexp"
"strings"
"syscall"
"nadir/internal/oscmd"
@@ -166,14 +164,11 @@ func isSelf(unit string) bool {
// Returns success once the subprocess has *started* — the actual systemd
// operation may complete after the response is sent, which is the whole point.
func runDetached(action, unit string) (*oscmd.StatusOutput, error) {
cmd := exec.Command("systemctl", action, "--", unit)
cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
if err := cmd.Start(); err != nil {
out, err := oscmd.RunDetached("systemctl", action, "--", unit)
if err != nil {
return nil, huma.Error500InternalServerError("could not start detached systemctl", err)
}
// Reap in the background so the child doesn't become a zombie.
go cmd.Wait()
return oscmd.OK(), nil
return out, nil
}
// validateUnit guards against empty, flag-like, or malformed unit names.
internal/modules/system/cpu.go
+146
View File
@@ -0,0 +1,146 @@
package system
import (
"math"
"os"
"path/filepath"
"runtime"
"strconv"
"strings"
"nadir/internal/oscmd"
)
type CPUInfo struct {
Model string `json:"model" example:"AMD Ryzen 7 7840U" doc:"CPU model name"`
LogicalCPUs int `json:"logical_cpus" example:"16" doc:"Number of logical CPUs (cores × threads)"`
MinMHz int `json:"min_mhz" example:"400" doc:"Lowest frequency the scaling governor can select"`
MaxMHz int `json:"max_mhz" example:"5137" doc:"Highest frequency (boost ceiling)"`
CurrentMHz int `json:"current_mhz" example:"3157" doc:"Peak current clock across all cores (instantaneous snapshot; 0 if cpufreq unavailable)"`
}
func cpuInfo() CPUInfo {
data, _ := os.ReadFile("/proc/cpuinfo")
c := CPUInfo{Model: cpuModel(string(data)), LogicalCPUs: runtime.NumCPU()}
c.MinMHz, c.MaxMHz, c.CurrentMHz = cpuFreqMHz("/sys/devices/system/cpu")
mhz := cpuinfoMaxMHz(string(data))
if c.Model == "" || mhz == 0 {
model, lscpuMHz := lscpuFallback()
if c.Model == "" {
c.Model = model
}
if mhz == 0 {
mhz = lscpuMHz
}
}
if mhz > 0 {
if c.CurrentMHz == 0 {
c.CurrentMHz = mhz
}
if c.MaxMHz == 0 {
c.MaxMHz = mhz
}
if c.MinMHz == 0 {
c.MinMHz = mhz
}
}
return c
}
func lscpuFallback() (model string, mhz int) {
out, err := oscmd.Run("lscpu")
if err != nil {
return "", 0
}
for line := range strings.SplitSeq(out, "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok {
continue
}
k, v = strings.TrimSpace(k), strings.TrimSpace(v)
switch k {
case "Model name":
if model == "" {
model = v
}
case "BIOS Model name":
if model == "" {
model = v
}
case "CPU max MHz", "CPU MHz":
if f, err := strconv.ParseFloat(v, 64); err == nil && int(f) > mhz {
mhz = int(math.Round(f))
}
}
}
if mhz == 0 {
mhz = parseGHzSuffix(model)
}
return model, mhz
}
func parseGHzSuffix(s string) int {
i := strings.LastIndex(s, "@")
if i < 0 {
return 0
}
rest := strings.TrimSpace(s[i+1:])
rest = strings.TrimSuffix(strings.TrimSuffix(rest, "GHz"), "Ghz")
rest = strings.TrimSpace(strings.TrimSuffix(rest, "G"))
f, err := strconv.ParseFloat(strings.TrimSpace(rest), 64)
if err != nil {
return 0
}
return int(math.Round(f * 1000))
}
func cpuinfoMaxMHz(cpuinfo string) int {
var max float64
for line := range strings.SplitSeq(cpuinfo, "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok || strings.TrimSpace(k) != "cpu MHz" {
continue
}
if f, err := strconv.ParseFloat(strings.TrimSpace(v), 64); err == nil && f > max {
max = f
}
}
return int(math.Round(max))
}
func cpuFreqMHz(root string) (min, max, cur int) {
min = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_min_freq"))
max = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_max_freq"))
cores, _ := filepath.Glob(filepath.Join(root, "cpu[0-9]*/cpufreq/scaling_cur_freq"))
for _, f := range cores {
if v := readKHzAsMHz(f); v > cur {
cur = v
}
}
return min, max, cur
}
func readKHzAsMHz(path string) int {
khz, err := strconv.Atoi(readTrim(path))
if err != nil {
return 0
}
return khz / 1000
}
func cpuModel(cpuinfo string) string {
var fallback string
for line := range strings.SplitSeq(cpuinfo, "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok {
continue
}
switch strings.TrimSpace(k) {
case "model name":
return strings.TrimSpace(v)
case "Model":
fallback = strings.TrimSpace(v)
}
}
return fallback
}
internal/modules/system/cpustat.go
+137
View File
@@ -0,0 +1,137 @@
package system
import (
"context"
"math"
"os"
"strconv"
"strings"
"sync"
"time"
)
// Sampler samples /proc/stat periodically and caches per-core CPU usage
// percentages. Create with New, start the background goroutine with Start, and
// read the latest snapshot with Snapshot.
type Sampler struct {
statPath string
interval time.Duration
mu sync.RWMutex
cache []CoreUsage
once sync.Once
}
// NewSampler creates a Sampler that reads statPath and samples every interval.
func NewSampler(statPath string, interval time.Duration) *Sampler {
return &Sampler{statPath: statPath, interval: interval}
}
// Start launches the background sampling goroutine. Only the first call starts
// it; subsequent calls are no-ops. The goroutine exits when ctx is cancelled.
func (s *Sampler) Start(ctx context.Context) {
s.once.Do(func() {
go s.loop(ctx)
})
}
// Snapshot returns a copy of the latest per-core usage snapshot. Returns nil
// before the first sample completes.
func (s *Sampler) Snapshot() []CoreUsage {
s.mu.RLock()
defer s.mu.RUnlock()
if s.cache == nil {
return nil
}
out := make([]CoreUsage, len(s.cache))
copy(out, s.cache)
return out
}
func (s *Sampler) loop(ctx context.Context) {
prev := readProcStat(s.statPath)
ticker := time.NewTicker(s.interval)
defer ticker.Stop()
for {
select {
case <-ctx.Done():
return
case <-ticker.C:
cur := readProcStat(s.statPath)
usage := computeUsage(prev, cur)
s.mu.Lock()
s.cache = usage
s.mu.Unlock()
prev = cur
}
}
}
// cpuCoreTicks holds the cumulative jiffies for one "cpuN" line.
type cpuCoreTicks struct {
core int
total uint64
idle uint64
}
// readProcStat reads /proc/stat and returns per-core tick totals. The
// aggregate "cpu" line (no digit suffix) is skipped.
func readProcStat(path string) []cpuCoreTicks {
data, _ := os.ReadFile(path)
var cores []cpuCoreTicks
for line := range strings.SplitSeq(string(data), "\n") {
if !strings.HasPrefix(line, "cpu") {
continue
}
fields := strings.Fields(line)
if len(fields) < 5 {
continue
}
name := fields[0]
if name == "cpu" {
continue
}
coreIdx, err := strconv.Atoi(strings.TrimPrefix(name, "cpu"))
if err != nil {
continue
}
var total, idle uint64
for _, f := range fields[1:] {
v, _ := strconv.ParseUint(f, 10, 64)
total += v
}
if len(fields) > 5 {
v4, _ := strconv.ParseUint(fields[4], 10, 64)
v5, _ := strconv.ParseUint(fields[5], 10, 64)
idle = v4 + v5
} else {
v4, _ := strconv.ParseUint(fields[4], 10, 64)
idle = v4
}
cores = append(cores, cpuCoreTicks{core: coreIdx, total: total, idle: idle})
}
return cores
}
// computeUsage converts two snapshots into per-core usage percentages.
func computeUsage(prev, cur []cpuCoreTicks) []CoreUsage {
prevMap := make(map[int]cpuCoreTicks, len(prev))
for _, c := range prev {
prevMap[c.core] = c
}
usage := make([]CoreUsage, 0, len(cur))
for _, c := range cur {
p, ok := prevMap[c.core]
if !ok {
continue
}
dTotal := c.total - p.total
dIdle := c.idle - p.idle
var pct float64
if dTotal > 0 {
pct = float64(dTotal-dIdle) / float64(dTotal) * 100
pct = math.Round(pct*10) / 10
}
usage = append(usage, CoreUsage{Core: c.core, UsagePct: pct})
}
return usage
}
internal/modules/system/cpustat_test.go
+134
View File
@@ -0,0 +1,134 @@
package system
import (
"context"
"os"
"path/filepath"
"reflect"
"testing"
"time"
)
func TestNewSampler(t *testing.T) {
s := NewSampler("/proc/stat", time.Second)
if s == nil {
t.Fatal("NewSampler returned nil")
}
if s.statPath != "/proc/stat" {
t.Errorf("statPath = %q, want /proc/stat", s.statPath)
}
if s.interval != time.Second {
t.Errorf("interval = %v, want 1s", s.interval)
}
}
func TestSamplerSnapshotsRealProcStat(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
s := NewSampler("/proc/stat", 10*time.Millisecond)
s.Start(ctx)
// Wait for at least two samples so there is a delta to compute.
time.Sleep(50 * time.Millisecond)
snap := s.Snapshot()
if snap == nil {
t.Fatal("Snapshot returned nil (expected at least one sample)")
}
if len(snap) == 0 {
t.Fatal("Snapshot returned empty (expected at least one core)")
}
for _, c := range snap {
if c.UsagePct < 0 || c.UsagePct > 100 {
t.Errorf("core %d: usage_pct = %f, want 0100", c.Core, c.UsagePct)
}
}
}
func TestSamplerReturnsCopy(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
s := NewSampler("/proc/stat", 10*time.Millisecond)
s.Start(ctx)
time.Sleep(50 * time.Millisecond)
snap1 := s.Snapshot()
snap2 := s.Snapshot()
// Both should be non-nil and deep-equal.
if snap1 == nil || snap2 == nil {
t.Fatal("Snapshot returned nil")
}
if !reflect.DeepEqual(snap1, snap2) {
t.Error("two sequential snapshots should be deep-equal")
}
// Mutating the returned slice should not affect the sampler.
if len(snap1) > 0 {
snap1[0].UsagePct = 999
if snap2[0].UsagePct == 999 {
t.Error("mutating one snapshot affected the other — expected a copy")
}
}
}
func TestSamplerStartOnce(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
s := NewSampler("/proc/stat", 10*time.Millisecond)
s.Start(ctx)
s.Start(ctx) // second call must not panic or create a second goroutine
time.Sleep(30 * time.Millisecond)
if snap := s.Snapshot(); snap == nil {
t.Fatal("Snapshot returned nil after Start")
}
}
func TestSamplerContextCancelStopsGoroutine(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
s := NewSampler("/proc/stat", 10*time.Millisecond)
s.Start(ctx)
time.Sleep(30 * time.Millisecond)
if snap := s.Snapshot(); snap == nil {
t.Fatal("Snapshot returned nil before cancel")
}
cancel()
// Give the goroutine time to exit. If it doesn't, the test will hang.
time.Sleep(20 * time.Millisecond)
// Snapshot should still return the last cached value (no panic).
if snap := s.Snapshot(); snap == nil {
t.Fatal("Snapshot returned nil after cancel (cache should persist)")
}
}
func TestSamplerWithFakeStat(t *testing.T) {
dir := t.TempDir()
statPath := filepath.Join(dir, "stat")
content := []byte("cpu 100 20 30 400 10 5 3 2 0 0\ncpu0 50 10 15 200 5 3 1 1 0 0\ncpu1 50 10 15 200 5 2 2 1 0 0\n")
if err := os.WriteFile(statPath, content, 0o644); err != nil {
t.Fatal(err)
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
s := NewSampler(statPath, 20*time.Millisecond)
s.Start(ctx)
time.Sleep(50 * time.Millisecond)
snap := s.Snapshot()
if snap == nil {
t.Fatal("Snapshot returned nil")
}
// With the stat file not changing between reads, deltas are zero → 0% usage.
for _, c := range snap {
if c.UsagePct != 0 {
t.Errorf("core %d: expected 0%% usage (static stat file), got %f", c.Core, c.UsagePct)
}
}
}
internal/modules/system/disks.go
+73
View File
@@ -0,0 +1,73 @@
package system
import (
"syscall"
"nadir/internal/mounts"
)
type DiskInfo struct {
Mountpoint string `json:"mountpoint" example:"/"`
Filesystem string `json:"filesystem" example:"/dev/nvme0n1p2" doc:"Backing device"`
FSType string `json:"fstype" example:"btrfs"`
TotalBytes uint64 `json:"total_bytes" example:"512000000000"`
FreeBytes uint64 `json:"free_bytes" example:"256000000000" doc:"Space available to unprivileged users"`
UsedBytes uint64 `json:"used_bytes" example:"256000000000"`
}
func diskInfo() []DiskInfo {
entries, err := mounts.Proc()
if err != nil {
return nil
}
disks := []DiskInfo{}
seen := map[string]bool{}
for _, e := range entries {
if pseudoFS[e.FSType] || seen[e.Mountpoint] {
continue
}
var st syscall.Statfs_t
if syscall.Statfs(e.Mountpoint, &st) != nil || st.Blocks == 0 {
continue
}
seen[e.Mountpoint] = true
bs := uint64(st.Bsize)
disks = append(disks, DiskInfo{
Mountpoint: e.Mountpoint,
Filesystem: e.Device,
FSType: e.FSType,
TotalBytes: st.Blocks * bs,
FreeBytes: st.Bavail * bs,
UsedBytes: (st.Blocks - st.Bfree) * bs,
})
}
return disks
}
var pseudoFS = map[string]bool{
"autofs": true,
"binfmt_misc": true,
"bpf": true,
"cgroup": true,
"cgroup2": true,
"configfs": true,
"debugfs": true,
"devpts": true,
"devtmpfs": true,
"fuse.gvfsd-fuse": true,
"fuse.lxcfs": true,
"fusectl": true,
"hugetlbfs": true,
"mqueue": true,
"nsfs": true,
"overlay": true,
"proc": true,
"pstore": true,
"ramfs": true,
"rpc_pipefs": true,
"securityfs": true,
"squashfs": true,
"sysfs": true,
"tmpfs": true,
"tracefs": true,
}
internal/modules/system/info.go
+2 -576
View File
@@ -2,21 +2,11 @@ package system
import (
"context"
"math"
"net"
"os"
"os/exec"
"path/filepath"
"runtime"
"strconv"
"strings"
"sync"
"syscall"
"time"
"nadir/internal/mounts"
"nadir/internal/oscmd"
"github.com/danielgtaylor/huma/v2"
)
@@ -36,69 +26,9 @@ type SystemInfoBody struct {
Temperatures []Temperature `json:"temperatures" doc:"Thermal sensor readings in Celsius"`
}
type OSInfo struct {
PrettyName string `json:"pretty_name" example:"Fedora Linux 44 (Workstation Edition)" doc:"Distro name from /etc/os-release PRETTY_NAME"`
Kernel string `json:"kernel" example:"7.0.12-201.fc44.x86_64" doc:"Running kernel release (uname -r)"`
Architecture string `json:"architecture" example:"x86_64" doc:"Machine hardware architecture (uname -m)"`
Hostname string `json:"hostname" example:"server01" doc:"System hostname"`
}
type CPUInfo struct {
Model string `json:"model" example:"AMD Ryzen 7 7840U" doc:"CPU model name"`
LogicalCPUs int `json:"logical_cpus" example:"16" doc:"Number of logical CPUs (cores × threads)"`
MinMHz int `json:"min_mhz" example:"400" doc:"Lowest frequency the scaling governor can select"`
MaxMHz int `json:"max_mhz" example:"5137" doc:"Highest frequency (boost ceiling)"`
CurrentMHz int `json:"current_mhz" example:"3157" doc:"Peak current clock across all cores (instantaneous snapshot; 0 if cpufreq unavailable)"`
}
type MemoryInfo struct {
TotalBytes uint64 `json:"total_bytes" example:"16384000000"`
AvailableBytes uint64 `json:"available_bytes" example:"8192000000" doc:"Memory available for new allocations without swapping"`
UsedBytes uint64 `json:"used_bytes" example:"8192000000" doc:"total - available"`
SwapTotalBytes uint64 `json:"swap_total_bytes" example:"8589934592"`
SwapFreeBytes uint64 `json:"swap_free_bytes" example:"8589934592"`
}
type LoadInfo struct {
Load1 float64 `json:"load1" example:"0.42"`
Load5 float64 `json:"load5" example:"0.55"`
Load15 float64 `json:"load15" example:"0.61"`
CPUUsage []CoreUsage `json:"cpu_usage" doc:"Per-core CPU usage percentage (sampled over ~1 s); empty until the first sample completes"`
}
// CoreUsage holds the usage percentage for a single logical core, computed as
// the delta of non-idle ticks over total ticks between two /proc/stat reads.
type CoreUsage struct {
Core int `json:"core" example:"0" doc:"Logical core index"`
UsagePct float64 `json:"usage_pct" example:"23.4" doc:"Usage percentage (0100)"`
}
type DiskInfo struct {
Mountpoint string `json:"mountpoint" example:"/"`
Filesystem string `json:"filesystem" example:"/dev/nvme0n1p2" doc:"Backing device"`
FSType string `json:"fstype" example:"btrfs"`
TotalBytes uint64 `json:"total_bytes" example:"512000000000"`
FreeBytes uint64 `json:"free_bytes" example:"256000000000" doc:"Space available to unprivileged users"`
UsedBytes uint64 `json:"used_bytes" example:"256000000000"`
}
type NetInterface struct {
Name string `json:"name" example:"eth0"`
MAC string `json:"mac" example:"aa:bb:cc:dd:ee:ff"`
Up bool `json:"up" doc:"Interface is administratively up"`
Addresses []string `json:"addresses" doc:"Assigned addresses in CIDR notation"`
}
type Temperature struct {
Chip string `json:"chip" example:"k10temp" doc:"hwmon chip name; identifies the source (k10temp/coretemp=CPU, amdgpu/nvidia=GPU, nvme=disk)"`
Label string `json:"label" example:"Tctl" doc:"Per-sensor label, or the chip name when the sensor is unlabelled"`
Celsius float64 `json:"celsius" example:"47.5"`
}
type GetInfoOutput struct{ Body SystemInfoBody }
func registerInfo(api huma.API) {
startCPUSampler()
func registerInfo(api huma.API, sampler *Sampler) {
huma.Register(api, huma.Operation{
OperationID: "system-get-info",
Method: "GET",
@@ -118,7 +48,7 @@ func registerInfo(api huma.API) {
OS: osInfo(),
CPU: cpuInfo(),
Memory: memInfo(),
Load: loadInfo(),
Load: loadInfo(sampler),
UptimeSec: uptime,
BootTime: boot.Format(time.RFC3339),
Disks: diskInfo(),
@@ -128,350 +58,6 @@ func registerInfo(api huma.API) {
})
}
func osInfo() OSInfo {
host, _ := os.Hostname()
return OSInfo{
PrettyName: osReleasePretty(),
Kernel: firstLine(oscmd.Run("uname", "-r")),
Architecture: firstLine(oscmd.Run("uname", "-m")),
Hostname: host,
}
}
// firstLine discards a command error and returns its (already trimmed) output,
// used where a missing value is acceptable.
func firstLine(out string, _ error) string { return out }
func osReleasePretty() string {
data, err := os.ReadFile("/etc/os-release")
if err != nil {
return ""
}
for line := range strings.SplitSeq(string(data), "\n") {
if v, ok := strings.CutPrefix(line, "PRETTY_NAME="); ok {
return strings.Trim(v, `"`)
}
}
return ""
}
func cpuInfo() CPUInfo {
data, _ := os.ReadFile("/proc/cpuinfo")
c := CPUInfo{Model: cpuModel(string(data)), LogicalCPUs: runtime.NumCPU()}
c.MinMHz, c.MaxMHz, c.CurrentMHz = cpuFreqMHz("/sys/devices/system/cpu")
// ponytail: cpufreq sysfs is absent on many VMs and stock Ubuntu server
// kernels; fall back to /proc/cpuinfo "cpu MHz" — VMs have a fixed clock,
// so min == max == cur is the honest answer.
mhz := cpuinfoMaxMHz(string(data))
// ponytail: ARM /proc/cpuinfo has no "cpu MHz" and often no "model name";
// lscpu decodes the ARM part-id table and reads DMI, so use it as last resort.
if c.Model == "" || mhz == 0 {
model, lscpuMHz := lscpuFallback()
if c.Model == "" {
c.Model = model
}
if mhz == 0 {
mhz = lscpuMHz
}
}
if mhz > 0 {
if c.CurrentMHz == 0 {
c.CurrentMHz = mhz
}
if c.MaxMHz == 0 {
c.MaxMHz = mhz
}
if c.MinMHz == 0 {
c.MinMHz = mhz
}
}
return c
}
// lscpuFallback parses `lscpu` for "Model name" and any embedded "@ X.X GHz"
// or "CPU max MHz:" value. Returns zeros when lscpu is missing or silent.
func lscpuFallback() (model string, mhz int) {
out, err := exec.Command("lscpu").Output()
if err != nil {
return "", 0
}
for line := range strings.SplitSeq(string(out), "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok {
continue
}
k, v = strings.TrimSpace(k), strings.TrimSpace(v)
switch k {
case "Model name":
if model == "" {
model = v
}
case "BIOS Model name":
if model == "" {
model = v
}
case "CPU max MHz", "CPU MHz":
if f, err := strconv.ParseFloat(v, 64); err == nil && int(f) > mhz {
mhz = int(math.Round(f))
}
}
}
if mhz == 0 {
mhz = parseGHzSuffix(model)
}
return model, mhz
}
// parseGHzSuffix pulls "2.0GHz" / "@ 2.0 GHz" out of a model string.
func parseGHzSuffix(s string) int {
i := strings.LastIndex(s, "@")
if i < 0 {
return 0
}
rest := strings.TrimSpace(s[i+1:])
rest = strings.TrimSuffix(strings.TrimSuffix(rest, "GHz"), "Ghz")
rest = strings.TrimSpace(strings.TrimSuffix(rest, "G"))
f, err := strconv.ParseFloat(strings.TrimSpace(rest), 64)
if err != nil {
return 0
}
return int(math.Round(f * 1000))
}
// cpuinfoMaxMHz returns the highest "cpu MHz" value across all cores in
// /proc/cpuinfo, rounded to an int. Returns 0 when no such line exists.
func cpuinfoMaxMHz(cpuinfo string) int {
var max float64
for line := range strings.SplitSeq(cpuinfo, "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok || strings.TrimSpace(k) != "cpu MHz" {
continue
}
if f, err := strconv.ParseFloat(strings.TrimSpace(v), 64); err == nil && f > max {
max = f
}
}
return int(math.Round(max))
}
// cpuFreqMHz reads cpufreq sysfs: min/max are stable hardware limits (from
// cpu0); current is the highest scaling_cur_freq across all cores — the "is it
// boosting" figure. Values are kHz in sysfs. Returns zeros when cpufreq is
// absent (e.g. some VMs).
func cpuFreqMHz(root string) (min, max, cur int) {
min = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_min_freq"))
max = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_max_freq"))
cores, _ := filepath.Glob(filepath.Join(root, "cpu[0-9]*/cpufreq/scaling_cur_freq"))
for _, f := range cores {
if v := readKHzAsMHz(f); v > cur {
cur = v
}
}
return min, max, cur
}
func readKHzAsMHz(path string) int {
khz, err := strconv.Atoi(readTrim(path))
if err != nil {
return 0
}
return khz / 1000
}
// cpuModel extracts the processor model from /proc/cpuinfo. x86 uses "model
// name"; many ARM boards use "Model" instead, so fall back to it.
func cpuModel(cpuinfo string) string {
var fallback string
for line := range strings.SplitSeq(cpuinfo, "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok {
continue
}
switch strings.TrimSpace(k) {
case "model name":
return strings.TrimSpace(v)
case "Model":
fallback = strings.TrimSpace(v)
}
}
return fallback
}
func memInfo() MemoryInfo {
data, _ := os.ReadFile("/proc/meminfo")
return parseMeminfo(data)
}
// parseMeminfo reads the kB values in /proc/meminfo and converts them to bytes.
func parseMeminfo(data []byte) MemoryInfo {
kv := map[string]uint64{}
for line := range strings.SplitSeq(string(data), "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok {
continue
}
fields := strings.Fields(v) // e.g. "16384000 kB"
if len(fields) == 0 {
continue
}
if n, err := strconv.ParseUint(fields[0], 10, 64); err == nil {
kv[k] = n * 1024 // values are in kB
}
}
return MemoryInfo{
TotalBytes: kv["MemTotal"],
AvailableBytes: kv["MemAvailable"],
UsedBytes: kv["MemTotal"] - kv["MemAvailable"],
SwapTotalBytes: kv["SwapTotal"],
SwapFreeBytes: kv["SwapFree"],
}
}
func loadInfo() LoadInfo {
data, _ := os.ReadFile("/proc/loadavg")
l := parseLoadavg(string(data))
l.CPUUsage = cachedCPUUsage()
return l
}
// parseLoadavg reads the three load averages from /proc/loadavg.
func parseLoadavg(loadavg string) LoadInfo {
f := strings.Fields(loadavg)
if len(f) < 3 {
return LoadInfo{}
}
at := func(i int) float64 { v, _ := strconv.ParseFloat(f[i], 64); return v }
return LoadInfo{Load1: at(0), Load5: at(1), Load15: at(2)}
}
// ---------------------------------------------------------------------------
// Per-core CPU usage sampler
// ---------------------------------------------------------------------------
//
// /proc/stat exposes cumulative jiffies per core:
//
// cpuN user nice system idle iowait irq softirq steal guest guest_nice
//
// We sample every second, compute the delta, and derive:
//
// usage% = (totalΔ idleΔ) / totalΔ × 100
//
// The result is cached behind a RWMutex so the HTTP handler never blocks.
var (
usageMu sync.RWMutex
usageCache []CoreUsage
)
func cachedCPUUsage() []CoreUsage {
usageMu.RLock()
defer usageMu.RUnlock()
// Return a copy so callers can't mutate the cache.
if usageCache == nil {
return nil
}
out := make([]CoreUsage, len(usageCache))
copy(out, usageCache)
return out
}
// startCPUSampler launches a goroutine that samples /proc/stat once per second
// for the lifetime of the process. Safe to call multiple times (only the first
// call starts the goroutine).
var samplerOnce sync.Once
func startCPUSampler() {
samplerOnce.Do(func() {
go cpuSamplerLoop("/proc/stat", 1*time.Second)
})
}
func cpuSamplerLoop(statPath string, interval time.Duration) {
prev := readProcStat(statPath)
for {
time.Sleep(interval)
cur := readProcStat(statPath)
usage := computeUsage(prev, cur)
usageMu.Lock()
usageCache = usage
usageMu.Unlock()
prev = cur
}
}
// cpuCoreTicks holds the cumulative jiffies for one "cpuN" line.
type cpuCoreTicks struct {
core int
total uint64
idle uint64
}
// readProcStat reads /proc/stat and returns per-core tick totals. The
// aggregate "cpu" line (no digit suffix) is skipped.
func readProcStat(path string) []cpuCoreTicks {
data, _ := os.ReadFile(path)
var cores []cpuCoreTicks
for line := range strings.SplitSeq(string(data), "\n") {
if !strings.HasPrefix(line, "cpu") {
continue
}
fields := strings.Fields(line)
if len(fields) < 5 {
continue
}
// Skip the aggregate "cpu" line; we only want "cpu0", "cpu1", …
name := fields[0]
if name == "cpu" {
continue
}
coreIdx, err := strconv.Atoi(strings.TrimPrefix(name, "cpu"))
if err != nil {
continue
}
// Fields: user(1) nice(2) system(3) idle(4) iowait(5) irq(6) softirq(7) steal(8) …
var total, idle uint64
for _, f := range fields[1:] {
v, _ := strconv.ParseUint(f, 10, 64)
total += v
}
// idle = idle + iowait (indices 4 and 5 in the original line).
if len(fields) > 5 {
v4, _ := strconv.ParseUint(fields[4], 10, 64)
v5, _ := strconv.ParseUint(fields[5], 10, 64)
idle = v4 + v5
} else {
v4, _ := strconv.ParseUint(fields[4], 10, 64)
idle = v4
}
cores = append(cores, cpuCoreTicks{core: coreIdx, total: total, idle: idle})
}
return cores
}
func computeUsage(prev, cur []cpuCoreTicks) []CoreUsage {
prevMap := make(map[int]cpuCoreTicks, len(prev))
for _, c := range prev {
prevMap[c.core] = c
}
usage := make([]CoreUsage, 0, len(cur))
for _, c := range cur {
p, ok := prevMap[c.core]
if !ok {
continue
}
dTotal := c.total - p.total
dIdle := c.idle - p.idle
var pct float64
if dTotal > 0 {
pct = float64(dTotal-dIdle) / float64(dTotal) * 100
// Round to one decimal.
pct = math.Round(pct*10) / 10
}
usage = append(usage, CoreUsage{Core: c.core, UsagePct: pct})
}
return usage
}
// uptimeAndBoot reads /proc/uptime (seconds since boot) and derives boot time.
// On any read error it returns zero values rather than failing the request.
func uptimeAndBoot() (int64, time.Time) {
@@ -490,163 +76,3 @@ func uptimeAndBoot() (int64, time.Time) {
boot := time.Now().Add(-time.Duration(secs * float64(time.Second))).UTC()
return int64(secs), boot
}
func diskInfo() []DiskInfo {
entries, err := mounts.Proc()
if err != nil {
return nil
}
disks := []DiskInfo{}
seen := map[string]bool{}
for _, e := range entries {
// ponytail: filter by fstype, not device path. LXC/Docker containers
// expose their rootfs as a ZFS dataset name, an overlayfs, or a bind
// path — never /dev/* — so a "must start with /dev/" check silently
// returned no disks on those hosts. statfs + non-zero blocks already
// excludes mounts that aren't real storage.
if pseudoFS[e.FSType] || seen[e.Mountpoint] {
continue
}
var st syscall.Statfs_t
if syscall.Statfs(e.Mountpoint, &st) != nil || st.Blocks == 0 {
continue
}
seen[e.Mountpoint] = true
bs := uint64(st.Bsize)
disks = append(disks, DiskInfo{
Mountpoint: e.Mountpoint,
Filesystem: e.Device,
FSType: e.FSType,
TotalBytes: st.Blocks * bs,
FreeBytes: st.Bavail * bs,
UsedBytes: (st.Blocks - st.Bfree) * bs,
})
}
return disks
}
// pseudoFS lists kernel-virtual filesystems that show up in /proc/mounts but
// aren't user-facing storage. squashfs covers snap loop mounts; fuse.lxcfs is
// LXC's per-container /proc/* shim. Anything not on this list and statfs-able
// with non-zero blocks is treated as real storage — covers ext*, btrfs, xfs,
// zfs, nfs, cifs, overlay, and the bind-mount cases inside Proxmox LXC.
var pseudoFS = map[string]bool{
"autofs": true,
"binfmt_misc": true,
"bpf": true,
"cgroup": true,
"cgroup2": true,
"configfs": true,
"debugfs": true,
"devpts": true,
"devtmpfs": true,
"fuse.gvfsd-fuse": true,
"fuse.lxcfs": true,
"fusectl": true,
"hugetlbfs": true,
"mqueue": true,
"nsfs": true,
"overlay": true,
"proc": true,
"pstore": true,
"ramfs": true,
"rpc_pipefs": true,
"securityfs": true,
"squashfs": true,
"sysfs": true,
"tmpfs": true,
"tracefs": true,
}
func netInfo() []NetInterface {
ifaces, err := net.Interfaces()
if err != nil {
return nil
}
out := []NetInterface{}
for _, ifi := range ifaces {
addrs, _ := ifi.Addrs()
strs := []string{}
for _, a := range addrs {
strs = append(strs, a.String())
}
out = append(out, NetInterface{
Name: ifi.Name,
MAC: ifi.HardwareAddr.String(),
Up: ifi.Flags&net.FlagUp != 0,
Addresses: strs,
})
}
return out
}
func tempInfo() []Temperature {
if t := readHwmonTemps("/sys/class/hwmon"); len(t) > 0 {
return t
}
// ponytail: stock Ubuntu server has no coretemp/k10temp loaded, so hwmon
// is empty; thermal_zone exposes ACPI sensors (coarser, no chip name).
return readThermalZones("/sys/class/thermal")
}
// readThermalZones reads /sys/class/thermal/thermal_zone*/temp as a fallback
// for hosts without hwmon chip drivers. "type" names the zone (e.g. acpitz,
// x86_pkg_temp); used as both chip and label.
func readThermalZones(root string) []Temperature {
zones, _ := filepath.Glob(filepath.Join(root, "thermal_zone*"))
temps := []Temperature{}
for _, dir := range zones {
milli, err := strconv.Atoi(readTrim(filepath.Join(dir, "temp")))
if err != nil {
continue
}
c := float64(milli) / 1000
if c <= 0 || c >= 150 {
continue
}
name := readTrim(filepath.Join(dir, "type"))
if name == "" {
name = filepath.Base(dir)
}
temps = append(temps, Temperature{Chip: name, Label: name, Celsius: c})
}
return temps
}
// readHwmonTemps walks /sys/class/hwmon, which (unlike /sys/class/thermal, that
// only exposes generic ACPI zones like "acpitz") names each chip — so callers
// can split CPU (k10temp/coretemp) from GPU (amdgpu/nvidia) from disk (nvme).
// Each tempN_input may carry a tempN_label; when absent we fall back to the
// chip name. Best-effort: unreadable, empty, or implausible sensors are skipped.
func readHwmonTemps(root string) []Temperature {
chips, _ := filepath.Glob(filepath.Join(root, "hwmon*"))
temps := []Temperature{}
for _, dir := range chips {
chip := readTrim(filepath.Join(dir, "name"))
inputs, _ := filepath.Glob(filepath.Join(dir, "temp*_input"))
for _, in := range inputs {
milli, err := strconv.Atoi(readTrim(in))
if err != nil {
continue
}
c := float64(milli) / 1000
// Disabled/placeholder sensors report absurd values (e.g. -0.15 or
// 179.8 °C). Drop anything outside a plausible band.
if c <= 0 || c >= 150 {
continue
}
label := readTrim(strings.TrimSuffix(in, "_input") + "_label")
if label == "" {
label = chip
}
temps = append(temps, Temperature{Chip: chip, Label: label, Celsius: c})
}
}
return temps
}
// readTrim reads a sysfs file and trims it; a missing file yields "".
func readTrim(path string) string {
b, _ := os.ReadFile(path)
return strings.TrimSpace(string(b))
}
internal/modules/system/load.go
+37
View File
@@ -0,0 +1,37 @@
package system
import (
"os"
"strconv"
"strings"
)
// CoreUsage holds the usage percentage for a single logical core, computed as
// the delta of non-idle ticks over total ticks between two /proc/stat reads.
type CoreUsage struct {
Core int `json:"core" example:"0" doc:"Logical core index"`
UsagePct float64 `json:"usage_pct" example:"23.4" doc:"Usage percentage (0100)"`
}
type LoadInfo struct {
Load1 float64 `json:"load1" example:"0.42"`
Load5 float64 `json:"load5" example:"0.55"`
Load15 float64 `json:"load15" example:"0.61"`
CPUUsage []CoreUsage `json:"cpu_usage" doc:"Per-core CPU usage percentage (sampled over ~1 s); empty until the first sample completes"`
}
func loadInfo(sampler *Sampler) LoadInfo {
data, _ := os.ReadFile("/proc/loadavg")
l := parseLoadavg(string(data))
l.CPUUsage = sampler.Snapshot()
return l
}
func parseLoadavg(loadavg string) LoadInfo {
f := strings.Fields(loadavg)
if len(f) < 3 {
return LoadInfo{}
}
at := func(i int) float64 { v, _ := strconv.ParseFloat(f[i], 64); return v }
return LoadInfo{Load1: at(0), Load5: at(1), Load15: at(2)}
}
internal/modules/system/memory.go
+44
View File
@@ -0,0 +1,44 @@
package system
import (
"os"
"strconv"
"strings"
)
type MemoryInfo struct {
TotalBytes uint64 `json:"total_bytes" example:"16384000000"`
AvailableBytes uint64 `json:"available_bytes" example:"8192000000" doc:"Memory available for new allocations without swapping"`
UsedBytes uint64 `json:"used_bytes" example:"8192000000" doc:"total - available"`
SwapTotalBytes uint64 `json:"swap_total_bytes" example:"8589934592"`
SwapFreeBytes uint64 `json:"swap_free_bytes" example:"8589934592"`
}
func memInfo() MemoryInfo {
data, _ := os.ReadFile("/proc/meminfo")
return parseMeminfo(data)
}
func parseMeminfo(data []byte) MemoryInfo {
kv := map[string]uint64{}
for line := range strings.SplitSeq(string(data), "\n") {
k, v, ok := strings.Cut(line, ":")
if !ok {
continue
}
fields := strings.Fields(v)
if len(fields) == 0 {
continue
}
if n, err := strconv.ParseUint(fields[0], 10, 64); err == nil {
kv[k] = n * 1024
}
}
return MemoryInfo{
TotalBytes: kv["MemTotal"],
AvailableBytes: kv["MemAvailable"],
UsedBytes: kv["MemTotal"] - kv["MemAvailable"],
SwapTotalBytes: kv["SwapTotal"],
SwapFreeBytes: kv["SwapFree"],
}
}
internal/modules/system/module.go
+13 -3
View File
@@ -1,6 +1,9 @@
package system
import (
"context"
"time"
"nadir/internal/rbac"
"github.com/danielgtaylor/huma/v2"
@@ -8,9 +11,15 @@ import (
const ModuleID = "system"
type Module struct{}
type Module struct {
sampler *Sampler
}
func New() *Module { return &Module{} }
func New() *Module {
return &Module{
sampler: NewSampler("/proc/stat", 1*time.Second),
}
}
func (m *Module) ID() string { return ModuleID }
@@ -19,7 +28,8 @@ func (m *Module) Permissions() []rbac.Permission {
}
func (m *Module) Register(api huma.API) {
registerInfo(api)
m.sampler.Start(context.Background())
registerInfo(api, m.sampler)
registerHostname(api)
registerTimedate(api)
registerLocale(api)
internal/modules/system/network.go
+32
View File
@@ -0,0 +1,32 @@
package system
import "net"
type NetInterface struct {
Name string `json:"name" example:"eth0"`
MAC string `json:"mac" example:"aa:bb:cc:dd:ee:ff"`
Up bool `json:"up" doc:"Interface is administratively up"`
Addresses []string `json:"addresses" doc:"Assigned addresses in CIDR notation"`
}
func netInfo() []NetInterface {
ifaces, err := net.Interfaces()
if err != nil {
return nil
}
out := []NetInterface{}
for _, ifi := range ifaces {
addrs, _ := ifi.Addrs()
strs := []string{}
for _, a := range addrs {
strs = append(strs, a.String())
}
out = append(out, NetInterface{
Name: ifi.Name,
MAC: ifi.HardwareAddr.String(),
Up: ifi.Flags&net.FlagUp != 0,
Addresses: strs,
})
}
return out
}
internal/modules/system/os.go
+42
View File
@@ -0,0 +1,42 @@
package system
import (
"os"
"strings"
"nadir/internal/oscmd"
)
type OSInfo struct {
PrettyName string `json:"pretty_name" example:"Fedora Linux 44 (Workstation Edition)" doc:"Distro name from /etc/os-release PRETTY_NAME"`
Kernel string `json:"kernel" example:"7.0.12-201.fc44.x86_64" doc:"Running kernel release (uname -r)"`
Architecture string `json:"architecture" example:"x86_64" doc:"Machine hardware architecture (uname -m)"`
Hostname string `json:"hostname" example:"server01" doc:"System hostname"`
}
func osInfo() OSInfo {
host, _ := os.Hostname()
return OSInfo{
PrettyName: osReleasePretty(),
Kernel: firstLine(oscmd.Run("uname", "-r")),
Architecture: firstLine(oscmd.Run("uname", "-m")),
Hostname: host,
}
}
// firstLine discards a command error and returns its (already trimmed) output,
// used where a missing value is acceptable.
func firstLine(out string, _ error) string { return out }
func osReleasePretty() string {
data, err := os.ReadFile("/etc/os-release")
if err != nil {
return ""
}
for line := range strings.SplitSeq(string(data), "\n") {
if v, ok := strings.CutPrefix(line, "PRETTY_NAME="); ok {
return strings.Trim(v, `"`)
}
}
return ""
}
internal/modules/system/system_handler_test.go
+1 -1
View File
@@ -22,7 +22,7 @@ func TestSystemHandlers(t *testing.T) {
registerTimedate(api)
registerLocale(api)
registerPower(api)
registerInfo(api)
registerInfo(api, NewSampler("/proc/stat", 0))
// Mock uname for GET /api/system/info
oscmd.SetMock("uname", func(args []string) oscmd.MockCommand {
internal/modules/system/temperature.go
+73
View File
@@ -0,0 +1,73 @@
package system
import (
"os"
"path/filepath"
"strconv"
"strings"
)
type Temperature struct {
Chip string `json:"chip" example:"k10temp" doc:"hwmon chip name; identifies the source (k10temp/coretemp=CPU, amdgpu/nvidia=GPU, nvme=disk)"`
Label string `json:"label" example:"Tctl" doc:"Per-sensor label, or the chip name when the sensor is unlabelled"`
Celsius float64 `json:"celsius" example:"47.5"`
}
func tempInfo() []Temperature {
if t := readHwmonTemps("/sys/class/hwmon"); len(t) > 0 {
return t
}
return readThermalZones("/sys/class/thermal")
}
func readThermalZones(root string) []Temperature {
zones, _ := filepath.Glob(filepath.Join(root, "thermal_zone*"))
temps := []Temperature{}
for _, dir := range zones {
milli, err := strconv.Atoi(readTrim(filepath.Join(dir, "temp")))
if err != nil {
continue
}
c := float64(milli) / 1000
if c <= 0 || c >= 150 {
continue
}
name := readTrim(filepath.Join(dir, "type"))
if name == "" {
name = filepath.Base(dir)
}
temps = append(temps, Temperature{Chip: name, Label: name, Celsius: c})
}
return temps
}
func readHwmonTemps(root string) []Temperature {
chips, _ := filepath.Glob(filepath.Join(root, "hwmon*"))
temps := []Temperature{}
for _, dir := range chips {
chip := readTrim(filepath.Join(dir, "name"))
inputs, _ := filepath.Glob(filepath.Join(dir, "temp*_input"))
for _, in := range inputs {
milli, err := strconv.Atoi(readTrim(in))
if err != nil {
continue
}
c := float64(milli) / 1000
if c <= 0 || c >= 150 {
continue
}
label := readTrim(strings.TrimSuffix(in, "_input") + "_label")
if label == "" {
label = chip
}
temps = append(temps, Temperature{Chip: chip, Label: label, Celsius: c})
}
}
return temps
}
// readTrim reads a sysfs file and trims it; a missing file yields "".
func readTrim(path string) string {
b, _ := os.ReadFile(path)
return strings.TrimSpace(string(b))
}
internal/openapitest/openapi_test.go
+8 -2
View File
@@ -14,7 +14,6 @@ import (
"nadir/internal/auth"
"nadir/internal/meta"
"nadir/internal/module"
"nadir/internal/modules/audit"
"nadir/internal/modules/groups"
"nadir/internal/modules/networking"
"nadir/internal/modules/packages"
@@ -28,6 +27,12 @@ import (
"github.com/danielgtaylor/huma/v2/adapters/humago"
)
type auditModule struct{}
func (auditModule) ID() string { return "audit" }
func (auditModule) Permissions() []rbac.Permission { return []rbac.Permission{rbac.Read} }
func (auditModule) Register(huma.API) {}
func TestOpenAPISchemaNoCollisions(t *testing.T) {
auditStore, err := auditlog.New(filepath.Join(t.TempDir(), "audit.db"))
if err != nil {
@@ -48,7 +53,7 @@ func TestOpenAPISchemaNoCollisions(t *testing.T) {
packages.New(),
networking.New(),
storage.New(),
audit.New(auditStore),
auditModule{},
}
mux := http.NewServeMux()
@@ -59,6 +64,7 @@ func TestOpenAPISchemaNoCollisions(t *testing.T) {
meta.Register(api, mods)
meta.RegisterHealth(api, sessions)
meta.RegisterWhoami(api, sessions, nil, roles, mods)
meta.RegisterAudit(api, auditStore)
auth.RegisterLogin(api, sessions, auditStore, true)
auth.RegisterLogout(api, sessions, true)
internal/oscmd/oscmd.go
+18
View File
@@ -14,6 +14,7 @@ import (
"os/exec"
"strings"
"sync"
"syscall"
"time"
)
@@ -276,6 +277,23 @@ func ParseKV(lines []string) map[string]string {
return m
}
// RunDetached starts name with args in a new process group (Setsid) and returns
// immediately once the child has started. The child is reaped in the background
// so it does not become a zombie.
//
// Use this for operations where the synchronous path would kill the caller
// (e.g. "systemctl restart nadir" would SIGTERM the process serving the
// request before the response is written).
func RunDetached(name string, args ...string) (*StatusOutput, error) {
cmd := exec.Command(name, args...)
cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
if err := cmd.Start(); err != nil {
return nil, err
}
go cmd.Wait()
return OK(), nil
}
// StatusOutput is the shared response for write operations that just report
// success. Reusing one type means all such endpoints share a single OpenAPI
// schema.