cleanup

Adds GPUInfo struct and readGPUsFromSysfs parsing DRM card entries
(/sys/class/drm/card*). Supports:
- AMD GPUs (amdgpu driver): VRAM totals/utilization from sysfs files
- NVIDIA GPUs: enrichment via nvidia-smi query
- Intel/other: basic PCI vendor/device/driver identification

Includes full test coverage for AMD enrichment, i915 fallback, missing
sysfs dir, and non-GPU DRM entry filtering.

.claude/settings.local.json

@@ -1,15 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(go get *)",
-      "Bash(go build *)",
-      "Bash(go vet *)",
-      "Read(//usr/lib/**)",
-      "Read(//proc/**)",
-      "Bash(systemctl show *)",
-      "Bash(echo \"exit=$?\")",
-      "Bash(systemctl list-units *)",
-      "Bash(go test *)"
-    ]
-  }
-}

.gitignore

@@ -13,4 +13,5 @@ config.yml
 
 CLAUDE.md
 
-minisign.key
+minisign.key
+./.claude

README.md

@@ -19,7 +19,7 @@ Functionality is organized into **modules**. Each module owns a slice of the
 API and declares its own permission vocabulary.
 
 - **System** - Dashboard overview (OS/kernel, CPU, memory, disks, load, uptime,
-  network interfaces, temperatures); get/set hostname; time, timezone, and NTP;
+  network interfaces, GPU, temperatures); get/set hostname; time, timezone, and NTP;
   locale and console keymap; reboot and power off.
 - **Services** - List and inspect systemd units; start / stop / restart / enable
   / disable; read service logs from the journal or an allowlisted file, as a
@@ -29,10 +29,11 @@ API and declares its own permission vocabulary.
 - **Groups** - List, inspect, create, and delete local groups.
 - **Packages** - List installed packages and available updates; install, remove,
   and upgrade - streamed live over SSE. Auto-detects `dnf`, `apt`, or `pacman`.
-- **Networking** - List network interfaces, routing tables, and DNS settings; configure IPv4 settings with temporary applying and safety auto-rollback; bring interfaces up or down.
+- **Networking** - List network interfaces, routing tables, and DNS settings; configure IPv4 settings with temporary applying and safety auto-rollback; bring interfaces up or down; edit `/etc/hosts`.
+- **Storage** - List active mounts and `/etc/fstab` entries; add, edit, and delete fstab entries; mount and unmount filesystems.
 - **Audit** - Read-only trail of every privileged write (who, what, when, result).
 - **Meta** - Self-description for clients: `/api/_modules`, `/api/whoami`,
-  `/api/health`.
+  `/api/health`; trigger a self-update via `POST /api/update`.
 
 ### Security model at a glance
 
@@ -159,14 +160,18 @@ assigns the admin role to the installing user.
 
 | Command                                          | Effect                                                                      |
 | ------------------------------------------------ | --------------------------------------------------------------------------- |
-| `nadir [run] [-d]`                               | Start the server. `-d` / `--detach` runs it in the background.              |
-| `nadir --save-config`                            | Save the default configuration template to the target path and exit.        |
-| `nadir install`                                  | Install + enable the systemd service (starts now and on boot).              |
-| `nadir uninstall`                                | Stop, disable, and remove the systemd service.                              |
-| `nadir start` \| `stop` \| `restart` \| `status` | Control the running service.                                                |
-| `nadir enable` \| `disable`                      | Toggle start-on-boot without removing the unit.                             |
-| `nadir logs`                                     | Follow logs - journald if installed as a service, otherwise the detach log. |
-| `nadir help`                                     | Show usage.                                                                 |
+| `nadir [run] [-d]`                               | Start the server. `-d` / `--detach` runs it in the background.                                            |
+| `nadir --save-config`                            | Save the default configuration template to the target path and exit.                                      |
+| `nadir install`                                  | Install + enable the systemd service (starts now and on boot).                                            |
+| `nadir uninstall`                                | Stop, disable, and remove the systemd service.                                                            |
+| `nadir start` \| `stop` \| `restart` \| `status` | Control the running service.                                                                             |
+| `nadir enable` \| `disable`                      | Toggle start-on-boot without removing the unit.                                                           |
+| `nadir logs`                                     | Follow logs - journald if installed as a service, otherwise the detach log.                               |
+| `nadir update [--check] [--force]`               | Download and install the latest release (requires `server.release_repo` in config). `--check` reports the available version without downloading; `--force` re-downloads even when already current. |
+| `nadir token add <name>`                         | Mint a machine API token (shown once, not stored in plain text).                                          |
+| `nadir token rm <name>`                          | Revoke a token immediately (no restart needed).                                                           |
+| `nadir token ls`                                 | List token names (not the raw keys).                                                                      |
+| `nadir help`                                     | Show usage.                                                                                               |
 
 Most commands need root.
 
@@ -187,6 +192,7 @@ server:
   # tls_key:  /etc/nadir/tls/key.pem
   hostname: 100.64.0.189
   port: 9999
+  # release_repo: https://gitea.example.com/owner/nadir  # enables `nadir update`
 
 # Quote "*" - bare * is YAML alias syntax and fails to parse.
 roles:
@@ -216,6 +222,7 @@ log_files:
 | `tls_cert`, `tls_key` | -       | PEM paths. When both are set (and `trust_proxy` is off), nadir terminates TLS with this pair.                                                                         |
 | `hostname`            | -       | Address to bind. Use `127.0.0.1` for local-only, or an overlay/VPN address to expose nadir only on that interface.                                                    |
 | `port`                | -       | TCP port to listen on.                                                                                                                                                |
+| `release_repo`        | -       | Gitea repo URL (`https://host/owner/repo`). When set, enables `nadir update` and `POST /api/update`. Must be `https://`.                                              |
 
 TLS selection is covered in [Deployment note 2](#2-tls-three-modes).
 
@@ -389,7 +396,27 @@ forwarded headers are trustworthy. Without step 1 you're trusting every peer on
 the overlay - fine for a single-tenant network you fully control, risky on a
 shared one.
 
-### 4. Connecting a dashboard (machine clients)
+### 4. Self-update
+
+When `server.release_repo` points at a Gitea repo, nadir can update itself:
+
+```bash
+sudo nadir update           # download + install latest, restart service
+sudo nadir update --check   # report available version, do nothing
+sudo nadir update --force   # re-download even if already at latest
+```
+
+The updater:
+1. Fetches the latest release from the Gitea API.
+2. Downloads the binary for the host's architecture (`linux-amd64`, `linux-arm64`, …).
+3. Verifies the release: checks the minisign signature on `sha256sums.txt`, then checks the binary's SHA-256 against it. Refuses to install if either check fails.
+4. Atomically replaces the running binary (`os.Rename` on the same filesystem) and runs `systemctl restart nadir`.
+
+The same flow is also reachable via `POST /api/update` (requires the admin wildcard role), which runs the updater detached and returns 202 immediately. Poll `GET /api/health` to confirm the new version is running after the restart drops in-flight connections.
+
+`release_repo` must use `https://` — the update downloads and executes the binary, and a plaintext URL would expose the host to on-path replacement.
+
+### 5. Connecting a dashboard (machine clients)
 
 To manage one or more Nadir instances via a central dashboard or non-interactive client, authenticate requests using a static Bearer token rather than interactive PAM credentials.
 
@@ -439,22 +466,23 @@ To connect a browser-based dashboard hosted on a different origin, choose one of
 ## Layout
 
 ```
-cmd/                  process entry point + CLI (run / install / logs …), TLS, service wiring
-internal/auth         PAM auth, sessions, login/logout, login throttle, PAM service install
+cmd/                  process entry point + CLI (run / install / update / token / logs …), TLS, service wiring
+internal/auth         PAM auth, sessions, login/logout, login throttle, bearer tokens, PAM service install
+internal/auditlog     SQLite-backed audit log writer
 internal/config       config.yaml loader + startup validation
-internal/meta         /api/_modules, /api/whoami, /api/health discovery endpoints
+internal/meta         /api/_modules, /api/whoami, /api/health, /api/update discovery + update endpoints
 internal/module       the Module interface
 internal/modules      concrete modules:
-                        system   - info, hostname, time/timezone/NTP, locale/keymap, power
-                        services - systemd unit control + journal/file logs (snapshot + SSE)
-                        users    - local accounts
-                        groups   - local groups
-                        packages - dnf/apt/pacman install/remove/upgrade (streamed)
-                        audit    - read-only audit trail
-                        networking - network interfaces, routing tables, DNS, and IP configurations
+                        system     - info, hostname, time/timezone/NTP, locale/keymap, power
+                        services   - systemd unit control + journal/file logs (snapshot + SSE)
+                        users      - local accounts
+                        groups     - local groups
+                        packages   - dnf/apt/pacman install/remove/upgrade (streamed)
+                        networking - interfaces, routing tables, DNS, IP config, /etc/hosts
+                        storage    - active mounts, /etc/fstab read/write, mount/unmount
+internal/mounts       /proc/mounts parser (used by storage module)
 internal/oscmd        shared command runner (timeouts, stderr surfacing) + helpers
 internal/rbac         roles, permissions ("*" wildcards), HTTP middleware (RBAC + CSRF)
-internal/audit        SQLite-backed audit log writer
 ```
 
 ## API docs

cmd/server/server.go

@@ -24,7 +24,6 @@ import (
 	"nadir/internal/config"
 	"nadir/internal/meta"
 	"nadir/internal/module"
-	"nadir/internal/modules/audit"
 	"nadir/internal/modules/groups"
 	"nadir/internal/modules/networking"
 	"nadir/internal/modules/packages"
@@ -38,6 +37,15 @@ import (
 	"github.com/danielgtaylor/huma/v2/adapters/humago"
 )
 
+// auditModule is a synthetic module so the config validator knows the "audit"
+// permission vocabulary. The actual endpoint is registered by meta.RegisterAudit —
+// a full module for one GET is too shallow.
+type auditModule struct{}
+
+func (auditModule) ID() string                     { return "audit" }
+func (auditModule) Permissions() []rbac.Permission { return []rbac.Permission{rbac.Read} }
+func (auditModule) Register(huma.API)              {}
+
 // main is a thin command dispatcher. With no subcommand (or "run") it starts the
 // server; the rest manage nadir as a systemd service or tail its logs. Service
 // plumbing lives in service.go, TLS in tls.go.
@@ -210,7 +218,7 @@ func runServer() {
 		packages.New(),
 		networking.New(),
 		storage.New(),
-		audit.New(auditStore),
+		auditModule{},
 	}
 
 	roles := rbac.New()
@@ -246,6 +254,7 @@ func runServer() {
 	meta.RegisterHealth(api, sessions)
 	meta.RegisterWhoami(api, sessions, tokenAuth, roles, mods)
 	meta.RegisterUpdate(api, configPath)
+	meta.RegisterAudit(api, auditStore)
 
 	auth.RegisterLogin(api, sessions, auditStore, cfg.SecureCookie())
 	auth.RegisterLogout(api, sessions, cfg.SecureCookie())

cmd/server/service.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bufio"
 	"flag"
 	"fmt"
 	"io"
@@ -8,8 +9,11 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strconv"
+	"strings"
 	"syscall"
 
+	"github.com/mattn/go-isatty"
+
 	"nadir/internal/auth"
 	"nadir/internal/config"
 )
@@ -137,6 +141,125 @@ func installService(args []string) error {
 	isUnsecure := *unsecureOpt || optCount == 0
 	isTrustProxy := *trustProxyOpt
 
+	cfgPath, err := resolveConfigPath()
+	if err != nil {
+		return err
+	}
+
+	shouldWriteConfig := false
+	if _, err := os.Stat(cfgPath); os.IsNotExist(err) {
+		shouldWriteConfig = true
+	}
+
+	username := getUsername()
+	var logFiles map[string][]string
+
+	if fs.NFlag() == 0 && (isatty.IsTerminal(os.Stdin.Fd()) || isatty.IsCygwinTerminal(os.Stdin.Fd())) {
+		reader := bufio.NewReader(os.Stdin)
+
+		if !shouldWriteConfig {
+			fmt.Printf("Configuration file already exists at %s. Overwrite? [y/N] (default n): ", cfgPath)
+			overwriteInput, _ := reader.ReadString('\n')
+			overwriteInput = strings.ToLower(strings.TrimSpace(overwriteInput))
+			if overwriteInput != "y" && overwriteInput != "yes" {
+				fmt.Println("Keeping existing configuration. Proceeding with installation...")
+				if existingCfg, loadErr := config.Load(cfgPath); loadErr == nil {
+					*hostnameOpt = existingCfg.Server.Hostname
+					if p, err := strconv.Atoi(existingCfg.Server.Port); err == nil {
+						*portOpt = p
+					}
+					isTLS = existingCfg.Server.TLSCert != "" && existingCfg.Server.TLSKey != ""
+					isTrustProxy = existingCfg.Server.TrustProxy
+					isUnsecure = !isTLS && !isTrustProxy
+				}
+				goto skipConfigPrompt
+			}
+			shouldWriteConfig = true
+		}
+
+		fmt.Println("Configuring Nadir installation:")
+		fmt.Println("  1) Serve plaintext HTTP directly (unsecure) [default]")
+		fmt.Println("  2) Generate persistent self-signed TLS cert/key and enable HTTPS (tls)")
+		fmt.Println("  3) Serve plaintext HTTP behind a trusted TLS-terminating reverse proxy (trust-proxy)")
+		fmt.Print("Enter choice [1-3] (default 1): ")
+		choice, _ := reader.ReadString('\n')
+		choice = strings.TrimSpace(choice)
+		if choice == "" || choice == "1" {
+			isUnsecure = true
+			isTLS = false
+			isTrustProxy = false
+		} else if choice == "2" {
+			isTLS = true
+			isUnsecure = false
+			isTrustProxy = false
+		} else if choice == "3" {
+			isTrustProxy = true
+			isTLS = false
+			isUnsecure = false
+		} else {
+			return fmt.Errorf("invalid choice: %q", choice)
+		}
+
+		fmt.Printf("Enter hostname to bind to (default %s): ", *hostnameOpt)
+		hostChoice, _ := reader.ReadString('\n')
+		hostChoice = strings.TrimSpace(hostChoice)
+		if hostChoice != "" {
+			*hostnameOpt = hostChoice
+		}
+
+		fmt.Printf("Enter port to bind to (default %d): ", *portOpt)
+		portChoice, _ := reader.ReadString('\n')
+		portChoice = strings.TrimSpace(portChoice)
+		if portChoice != "" {
+			p, err := strconv.Atoi(portChoice)
+			if err != nil || p <= 0 || p > 65535 {
+				return fmt.Errorf("invalid port: %q", portChoice)
+			}
+			*portOpt = p
+		}
+
+		fmt.Printf("Enter main admin username (default %s): ", username)
+		userChoice, _ := reader.ReadString('\n')
+		userChoice = strings.TrimSpace(userChoice)
+		if userChoice != "" {
+			username = userChoice
+		}
+
+		fmt.Print("Would you like to expose any log files to the Nadir UI? [y/N] (default n): ")
+		logInput, _ := reader.ReadString('\n')
+		logInput = strings.ToLower(strings.TrimSpace(logInput))
+		if logInput == "y" || logInput == "yes" {
+			logFiles = make(map[string][]string)
+			for {
+				fmt.Print("  Enter service/unit name (e.g. nginx): ")
+				unit, _ := reader.ReadString('\n')
+				unit = strings.TrimSpace(unit)
+				if unit == "" {
+					fmt.Println("  Service name cannot be empty. Skipping.")
+					continue
+				}
+
+				fmt.Printf("  Enter absolute path to log file for %s: ", unit)
+				path, _ := reader.ReadString('\n')
+				path = strings.TrimSpace(path)
+				if path == "" {
+					fmt.Println("  Path cannot be empty. Skipping.")
+					continue
+				}
+
+				logFiles[unit] = append(logFiles[unit], path)
+
+				fmt.Print("  Add another log file? [y/N] (default n): ")
+				another, _ := reader.ReadString('\n')
+				another = strings.ToLower(strings.TrimSpace(another))
+				if another != "y" && another != "yes" {
+					break
+				}
+			}
+		}
+	}
+
+skipConfigPrompt:
 	// Provision the PAM service the server authenticates against, so it exists
 	// before the unit starts rather than appearing on first login. Idempotent:
 	// EnsurePAMService leaves an existing /etc/pam.d/nadir untouched. runServer
@@ -181,11 +304,6 @@ func installService(args []string) error {
 		}
 	}
 
-	cfgPath, err := resolveConfigPath()
-	if err != nil {
-		return err
-	}
-
 	// Construct configuration template content based on installation options
 	secureTLSVal := "true"
 	trustProxyLine := "# trust_proxy: false"
@@ -204,11 +322,21 @@ func installService(args []string) error {
 		keyLine = "# tls_key:  /var/lib/nadir/tls/key.pem"
 	}
 
-	username := getUsername()
 	configContent := fmt.Sprintf(configTemplateBase, secureTLSVal, trustProxyLine, certLine, keyLine, *hostnameOpt, *portOpt, username)
+	if len(logFiles) > 0 {
+		var logFilesSection strings.Builder
+		logFilesSection.WriteString("\nlog_files:\n")
+		for unit, paths := range logFiles {
+			logFilesSection.WriteString(fmt.Sprintf("  %s:\n", unit))
+			for _, path := range paths {
+				logFilesSection.WriteString(fmt.Sprintf("    - %s\n", path))
+			}
+		}
+		configContent += logFilesSection.String()
+	}
 
-	// Ensure default config file exists
-	if _, err := os.Stat(cfgPath); os.IsNotExist(err) {
+	// Ensure default config file exists or we explicitly overwrote it
+	if shouldWriteConfig {
 		if err := saveDefaultConfig(cfgPath, configContent); err != nil {
 			return err
 		}

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/jedisct1/go-minisign v0.0.0-20260527172527-a09352b57a22
-	github.com/mattn/go-isatty v0.0.21 // indirect
+	github.com/mattn/go-isatty v0.0.21
 	github.com/ncruces/go-strftime v1.0.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	golang.org/x/crypto v0.52.0 // indirect

install.sh.tmpl

@@ -99,7 +99,11 @@ do_install() {
 
   echo "binary installed at /usr/local/bin/nadir"
   echo "installing as a systemd service ..."
-  /usr/local/bin/nadir install
+  if [ -c /dev/tty ]; then
+    /usr/local/bin/nadir install < /dev/tty
+  else
+    /usr/local/bin/nadir install
+  fi
 
   echo
   echo "done. check status with: nadir status"

internal/meta/audit.go

@@ -1,33 +1,13 @@
-package audit
+package meta
 
 import (
 	"context"
 
 	"nadir/internal/auditlog"
-	"nadir/internal/rbac"
 
 	"github.com/danielgtaylor/huma/v2"
 )
 
-const ModuleID = "audit"
-
-type Module struct {
-	store *auditlog.Store
-}
-
-func New(store *auditlog.Store) *Module { return &Module{store: store} }
-
-func (m *Module) ID() string   { return ModuleID }
-
-// Permissions: read to view the audit trail. There is no write - entries are
-// produced by the middleware, never by an API call.
-func (m *Module) Permissions() []rbac.Permission {
-	return []rbac.Permission{rbac.Read}
-}
-
-// Types are named AuditList* (not ListInput/ListOutput) because Huma derives
-// OpenAPI schema names from the Go type name alone, not package-qualified, so a
-// bare "ListOutput" here would collide with the packages module's.
 type AuditListInput struct {
 	Limit int `query:"limit" default:"200" minimum:"1" maximum:"10000" doc:"Max entries to return, newest first"`
 }
@@ -38,7 +18,11 @@ type AuditListOutput struct {
 	}
 }
 
-func (m *Module) Register(api huma.API) {
+// RegisterAudit wires GET /api/audit. It lives in meta because a full module
+// for a single read-only endpoint is too shallow — the interface is nearly as
+// wide as the implementation. The audit trail is produced by the RBAC
+// middleware; this endpoint provides read-only access to it.
+func RegisterAudit(api huma.API, store *auditlog.Store) {
 	huma.Register(api, huma.Operation{
 		OperationID: "audit-list",
 		Method:      "GET",
@@ -46,11 +30,11 @@ func (m *Module) Register(api huma.API) {
 		Summary:     "List recorded actions",
 		Description: "Returns the audit trail of privileged write operations " +
 			"(who, what, when, result), newest first.",
-		Tags:     []string{"Audit"},
-		Metadata: map[string]any{"module": ModuleID, "permission": "read"},
+		Tags:     []string{"Meta", "Audit"},
+		Metadata: map[string]any{"module": "audit", "permission": "read"},
 		Errors:   []int{401, 403, 500},
 	}, func(ctx context.Context, in *AuditListInput) (*AuditListOutput, error) {
-		entries, err := m.store.List(in.Limit)
+		entries, err := store.List(in.Limit)
 		if err != nil {
 			return nil, huma.Error500InternalServerError("read audit log failed", err)
 		}

internal/modules/services/services.go

@@ -3,10 +3,8 @@ package services
 import (
 	"context"
 	"encoding/json"
-	"os/exec"
 	"regexp"
 	"strings"
-	"syscall"
 
 	"nadir/internal/oscmd"
 
@@ -166,14 +164,11 @@ func isSelf(unit string) bool {
 // Returns success once the subprocess has *started* — the actual systemd
 // operation may complete after the response is sent, which is the whole point.
 func runDetached(action, unit string) (*oscmd.StatusOutput, error) {
-	cmd := exec.Command("systemctl", action, "--", unit)
-	cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
-	if err := cmd.Start(); err != nil {
+	out, err := oscmd.RunDetached("systemctl", action, "--", unit)
+	if err != nil {
 		return nil, huma.Error500InternalServerError("could not start detached systemctl", err)
 	}
-	// Reap in the background so the child doesn't become a zombie.
-	go cmd.Wait()
-	return oscmd.OK(), nil
+	return out, nil
 }
 
 // validateUnit guards against empty, flag-like, or malformed unit names.

internal/modules/system/cpu.go

@@ -0,0 +1,146 @@
+package system
+
+import (
+	"math"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"strings"
+
+	"nadir/internal/oscmd"
+)
+
+type CPUInfo struct {
+	Model       string `json:"model" example:"AMD Ryzen 7 7840U" doc:"CPU model name"`
+	LogicalCPUs int    `json:"logical_cpus" example:"16" doc:"Number of logical CPUs (cores × threads)"`
+	MinMHz      int    `json:"min_mhz" example:"400" doc:"Lowest frequency the scaling governor can select"`
+	MaxMHz      int    `json:"max_mhz" example:"5137" doc:"Highest frequency (boost ceiling)"`
+	CurrentMHz  int    `json:"current_mhz" example:"3157" doc:"Peak current clock across all cores (instantaneous snapshot; 0 if cpufreq unavailable)"`
+}
+
+func cpuInfo() CPUInfo {
+	data, _ := os.ReadFile("/proc/cpuinfo")
+	c := CPUInfo{Model: cpuModel(string(data)), LogicalCPUs: runtime.NumCPU()}
+	c.MinMHz, c.MaxMHz, c.CurrentMHz = cpuFreqMHz("/sys/devices/system/cpu")
+	mhz := cpuinfoMaxMHz(string(data))
+	if c.Model == "" || mhz == 0 {
+		model, lscpuMHz := lscpuFallback()
+		if c.Model == "" {
+			c.Model = model
+		}
+		if mhz == 0 {
+			mhz = lscpuMHz
+		}
+	}
+	if mhz > 0 {
+		if c.CurrentMHz == 0 {
+			c.CurrentMHz = mhz
+		}
+		if c.MaxMHz == 0 {
+			c.MaxMHz = mhz
+		}
+		if c.MinMHz == 0 {
+			c.MinMHz = mhz
+		}
+	}
+	return c
+}
+
+func lscpuFallback() (model string, mhz int) {
+	out, err := oscmd.Run("lscpu")
+	if err != nil {
+		return "", 0
+	}
+	for line := range strings.SplitSeq(out, "\n") {
+		k, v, ok := strings.Cut(line, ":")
+		if !ok {
+			continue
+		}
+		k, v = strings.TrimSpace(k), strings.TrimSpace(v)
+		switch k {
+		case "Model name":
+			if model == "" {
+				model = v
+			}
+		case "BIOS Model name":
+			if model == "" {
+				model = v
+			}
+		case "CPU max MHz", "CPU MHz":
+			if f, err := strconv.ParseFloat(v, 64); err == nil && int(f) > mhz {
+				mhz = int(math.Round(f))
+			}
+		}
+	}
+	if mhz == 0 {
+		mhz = parseGHzSuffix(model)
+	}
+	return model, mhz
+}
+
+func parseGHzSuffix(s string) int {
+	i := strings.LastIndex(s, "@")
+	if i < 0 {
+		return 0
+	}
+	rest := strings.TrimSpace(s[i+1:])
+	rest = strings.TrimSuffix(strings.TrimSuffix(rest, "GHz"), "Ghz")
+	rest = strings.TrimSpace(strings.TrimSuffix(rest, "G"))
+	f, err := strconv.ParseFloat(strings.TrimSpace(rest), 64)
+	if err != nil {
+		return 0
+	}
+	return int(math.Round(f * 1000))
+}
+
+func cpuinfoMaxMHz(cpuinfo string) int {
+	var max float64
+	for line := range strings.SplitSeq(cpuinfo, "\n") {
+		k, v, ok := strings.Cut(line, ":")
+		if !ok || strings.TrimSpace(k) != "cpu MHz" {
+			continue
+		}
+		if f, err := strconv.ParseFloat(strings.TrimSpace(v), 64); err == nil && f > max {
+			max = f
+		}
+	}
+	return int(math.Round(max))
+}
+
+func cpuFreqMHz(root string) (min, max, cur int) {
+	min = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_min_freq"))
+	max = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_max_freq"))
+	cores, _ := filepath.Glob(filepath.Join(root, "cpu[0-9]*/cpufreq/scaling_cur_freq"))
+	for _, f := range cores {
+		if v := readKHzAsMHz(f); v > cur {
+			cur = v
+		}
+	}
+	return min, max, cur
+}
+
+func readKHzAsMHz(path string) int {
+	khz, err := strconv.Atoi(readTrim(path))
+	if err != nil {
+		return 0
+	}
+	return khz / 1000
+}
+
+func cpuModel(cpuinfo string) string {
+	var fallback string
+	for line := range strings.SplitSeq(cpuinfo, "\n") {
+		k, v, ok := strings.Cut(line, ":")
+		if !ok {
+			continue
+		}
+		switch strings.TrimSpace(k) {
+		case "model name":
+			return strings.TrimSpace(v)
+		case "Model":
+			fallback = strings.TrimSpace(v)
+		}
+	}
+	return fallback
+}

internal/modules/system/cpustat.go

@@ -0,0 +1,137 @@
+package system
+
+import (
+	"context"
+	"math"
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+)
+
+// Sampler samples /proc/stat periodically and caches per-core CPU usage
+// percentages. Create with New, start the background goroutine with Start, and
+// read the latest snapshot with Snapshot.
+type Sampler struct {
+	statPath string
+	interval time.Duration
+	mu       sync.RWMutex
+	cache    []CoreUsage
+	once     sync.Once
+}
+
+// NewSampler creates a Sampler that reads statPath and samples every interval.
+func NewSampler(statPath string, interval time.Duration) *Sampler {
+	return &Sampler{statPath: statPath, interval: interval}
+}
+
+// Start launches the background sampling goroutine. Only the first call starts
+// it; subsequent calls are no-ops. The goroutine exits when ctx is cancelled.
+func (s *Sampler) Start(ctx context.Context) {
+	s.once.Do(func() {
+		go s.loop(ctx)
+	})
+}
+
+// Snapshot returns a copy of the latest per-core usage snapshot. Returns nil
+// before the first sample completes.
+func (s *Sampler) Snapshot() []CoreUsage {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if s.cache == nil {
+		return nil
+	}
+	out := make([]CoreUsage, len(s.cache))
+	copy(out, s.cache)
+	return out
+}
+
+func (s *Sampler) loop(ctx context.Context) {
+	prev := readProcStat(s.statPath)
+	ticker := time.NewTicker(s.interval)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-ticker.C:
+			cur := readProcStat(s.statPath)
+			usage := computeUsage(prev, cur)
+			s.mu.Lock()
+			s.cache = usage
+			s.mu.Unlock()
+			prev = cur
+		}
+	}
+}
+
+// cpuCoreTicks holds the cumulative jiffies for one "cpuN" line.
+type cpuCoreTicks struct {
+	core  int
+	total uint64
+	idle  uint64
+}
+
+// readProcStat reads /proc/stat and returns per-core tick totals. The
+// aggregate "cpu" line (no digit suffix) is skipped.
+func readProcStat(path string) []cpuCoreTicks {
+	data, _ := os.ReadFile(path)
+	var cores []cpuCoreTicks
+	for line := range strings.SplitSeq(string(data), "\n") {
+		if !strings.HasPrefix(line, "cpu") {
+			continue
+		}
+		fields := strings.Fields(line)
+		if len(fields) < 5 {
+			continue
+		}
+		name := fields[0]
+		if name == "cpu" {
+			continue
+		}
+		coreIdx, err := strconv.Atoi(strings.TrimPrefix(name, "cpu"))
+		if err != nil {
+			continue
+		}
+		var total, idle uint64
+		for _, f := range fields[1:] {
+			v, _ := strconv.ParseUint(f, 10, 64)
+			total += v
+		}
+		if len(fields) > 5 {
+			v4, _ := strconv.ParseUint(fields[4], 10, 64)
+			v5, _ := strconv.ParseUint(fields[5], 10, 64)
+			idle = v4 + v5
+		} else {
+			v4, _ := strconv.ParseUint(fields[4], 10, 64)
+			idle = v4
+		}
+		cores = append(cores, cpuCoreTicks{core: coreIdx, total: total, idle: idle})
+	}
+	return cores
+}
+
+// computeUsage converts two snapshots into per-core usage percentages.
+func computeUsage(prev, cur []cpuCoreTicks) []CoreUsage {
+	prevMap := make(map[int]cpuCoreTicks, len(prev))
+	for _, c := range prev {
+		prevMap[c.core] = c
+	}
+	usage := make([]CoreUsage, 0, len(cur))
+	for _, c := range cur {
+		p, ok := prevMap[c.core]
+		if !ok {
+			continue
+		}
+		dTotal := c.total - p.total
+		dIdle := c.idle - p.idle
+		var pct float64
+		if dTotal > 0 {
+			pct = float64(dTotal-dIdle) / float64(dTotal) * 100
+			pct = math.Round(pct*10) / 10
+		}
+		usage = append(usage, CoreUsage{Core: c.core, UsagePct: pct})
+	}
+	return usage
+}

internal/modules/system/cpustat_test.go

@@ -0,0 +1,134 @@
+package system
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+	"time"
+)
+
+func TestNewSampler(t *testing.T) {
+	s := NewSampler("/proc/stat", time.Second)
+	if s == nil {
+		t.Fatal("NewSampler returned nil")
+	}
+	if s.statPath != "/proc/stat" {
+		t.Errorf("statPath = %q, want /proc/stat", s.statPath)
+	}
+	if s.interval != time.Second {
+		t.Errorf("interval = %v, want 1s", s.interval)
+	}
+}
+
+func TestSamplerSnapshotsRealProcStat(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	s := NewSampler("/proc/stat", 10*time.Millisecond)
+	s.Start(ctx)
+	// Wait for at least two samples so there is a delta to compute.
+	time.Sleep(50 * time.Millisecond)
+
+	snap := s.Snapshot()
+	if snap == nil {
+		t.Fatal("Snapshot returned nil (expected at least one sample)")
+	}
+	if len(snap) == 0 {
+		t.Fatal("Snapshot returned empty (expected at least one core)")
+	}
+	for _, c := range snap {
+		if c.UsagePct < 0 || c.UsagePct > 100 {
+			t.Errorf("core %d: usage_pct = %f, want 0–100", c.Core, c.UsagePct)
+		}
+	}
+}
+
+func TestSamplerReturnsCopy(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	s := NewSampler("/proc/stat", 10*time.Millisecond)
+	s.Start(ctx)
+	time.Sleep(50 * time.Millisecond)
+
+	snap1 := s.Snapshot()
+	snap2 := s.Snapshot()
+
+	// Both should be non-nil and deep-equal.
+	if snap1 == nil || snap2 == nil {
+		t.Fatal("Snapshot returned nil")
+	}
+	if !reflect.DeepEqual(snap1, snap2) {
+		t.Error("two sequential snapshots should be deep-equal")
+	}
+
+	// Mutating the returned slice should not affect the sampler.
+	if len(snap1) > 0 {
+		snap1[0].UsagePct = 999
+		if snap2[0].UsagePct == 999 {
+			t.Error("mutating one snapshot affected the other — expected a copy")
+		}
+	}
+}
+
+func TestSamplerStartOnce(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	s := NewSampler("/proc/stat", 10*time.Millisecond)
+	s.Start(ctx)
+	s.Start(ctx) // second call must not panic or create a second goroutine
+	time.Sleep(30 * time.Millisecond)
+
+	if snap := s.Snapshot(); snap == nil {
+		t.Fatal("Snapshot returned nil after Start")
+	}
+}
+
+func TestSamplerContextCancelStopsGoroutine(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	s := NewSampler("/proc/stat", 10*time.Millisecond)
+	s.Start(ctx)
+
+	time.Sleep(30 * time.Millisecond)
+	if snap := s.Snapshot(); snap == nil {
+		t.Fatal("Snapshot returned nil before cancel")
+	}
+
+	cancel()
+	// Give the goroutine time to exit. If it doesn't, the test will hang.
+	time.Sleep(20 * time.Millisecond)
+	// Snapshot should still return the last cached value (no panic).
+	if snap := s.Snapshot(); snap == nil {
+		t.Fatal("Snapshot returned nil after cancel (cache should persist)")
+	}
+}
+
+func TestSamplerWithFakeStat(t *testing.T) {
+	dir := t.TempDir()
+	statPath := filepath.Join(dir, "stat")
+	content := []byte("cpu  100 20 30 400 10 5 3 2 0 0\ncpu0 50 10 15 200 5 3 1 1 0 0\ncpu1 50 10 15 200 5 2 2 1 0 0\n")
+	if err := os.WriteFile(statPath, content, 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	s := NewSampler(statPath, 20*time.Millisecond)
+	s.Start(ctx)
+	time.Sleep(50 * time.Millisecond)
+
+	snap := s.Snapshot()
+	if snap == nil {
+		t.Fatal("Snapshot returned nil")
+	}
+	// With the stat file not changing between reads, deltas are zero → 0% usage.
+	for _, c := range snap {
+		if c.UsagePct != 0 {
+			t.Errorf("core %d: expected 0%% usage (static stat file), got %f", c.Core, c.UsagePct)
+		}
+	}
+}

internal/modules/system/disks.go

@@ -0,0 +1,73 @@
+package system
+
+import (
+	"syscall"
+
+	"nadir/internal/mounts"
+)
+
+type DiskInfo struct {
+	Mountpoint string `json:"mountpoint" example:"/"`
+	Filesystem string `json:"filesystem" example:"/dev/nvme0n1p2" doc:"Backing device"`
+	FSType     string `json:"fstype" example:"btrfs"`
+	TotalBytes uint64 `json:"total_bytes" example:"512000000000"`
+	FreeBytes  uint64 `json:"free_bytes" example:"256000000000" doc:"Space available to unprivileged users"`
+	UsedBytes  uint64 `json:"used_bytes" example:"256000000000"`
+}
+
+func diskInfo() []DiskInfo {
+	entries, err := mounts.Proc()
+	if err != nil {
+		return nil
+	}
+	disks := []DiskInfo{}
+	seen := map[string]bool{}
+	for _, e := range entries {
+		if pseudoFS[e.FSType] || seen[e.Mountpoint] {
+			continue
+		}
+		var st syscall.Statfs_t
+		if syscall.Statfs(e.Mountpoint, &st) != nil || st.Blocks == 0 {
+			continue
+		}
+		seen[e.Mountpoint] = true
+		bs := uint64(st.Bsize)
+		disks = append(disks, DiskInfo{
+			Mountpoint: e.Mountpoint,
+			Filesystem: e.Device,
+			FSType:     e.FSType,
+			TotalBytes: st.Blocks * bs,
+			FreeBytes:  st.Bavail * bs,
+			UsedBytes:  (st.Blocks - st.Bfree) * bs,
+		})
+	}
+	return disks
+}
+
+var pseudoFS = map[string]bool{
+	"autofs":           true,
+	"binfmt_misc":      true,
+	"bpf":              true,
+	"cgroup":           true,
+	"cgroup2":          true,
+	"configfs":         true,
+	"debugfs":          true,
+	"devpts":           true,
+	"devtmpfs":         true,
+	"fuse.gvfsd-fuse":  true,
+	"fuse.lxcfs":       true,
+	"fusectl":          true,
+	"hugetlbfs":        true,
+	"mqueue":           true,
+	"nsfs":             true,
+	"overlay":          true,
+	"proc":             true,
+	"pstore":           true,
+	"ramfs":            true,
+	"rpc_pipefs":       true,
+	"securityfs":       true,
+	"squashfs":         true,
+	"sysfs":            true,
+	"tmpfs":            true,
+	"tracefs":          true,
+}

internal/modules/system/gpu.go

@@ -0,0 +1,187 @@
+package system
+
+import (
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"nadir/internal/oscmd"
+)
+
+type GPUInfo struct {
+	Model             string  `json:"model" example:"AMD Radeon RX 7900 XTX" doc:"GPU model name, or vendor:device hex ID if lspci unavailable"`
+	Vendor            string  `json:"vendor" example:"1002" doc:"PCI vendor ID (hex)"`
+	DeviceID          string  `json:"device_id" example:"744c" doc:"PCI device ID (hex)"`
+	Driver            string  `json:"driver" example:"amdgpu" doc:"Kernel driver in use"`
+	MemoryTotalBytes  uint64  `json:"memory_total_bytes" example:"8589934592" doc:"Total VRAM in bytes (driver-dependent; 0 if unavailable)"`
+	MemoryUsedBytes   uint64  `json:"memory_used_bytes" example:"27267072" doc:"Used VRAM in bytes (driver-dependent; 0 if unavailable)"`
+	UtilizationPct    float64 `json:"utilization_pct" example:"23.5" doc:"GPU compute utilization percentage (driver-dependent; 0 if unavailable)"`
+	MemUtilizationPct float64 `json:"mem_utilization_pct" example:"15.0" doc:"GPU memory controller utilization percentage (driver-dependent; 0 if unavailable)"`
+}
+
+func gpuInfo() []GPUInfo {
+	return readGPUsFromSysfs("/sys/class/drm")
+}
+
+func readGPUsFromSysfs(drmRoot string) []GPUInfo {
+	entries, err := os.ReadDir(drmRoot)
+	if err != nil {
+		return nil
+	}
+
+	seen := map[string]bool{}
+	var gpus []GPUInfo
+
+	for _, e := range entries {
+		if !isGPUCard(e.Name()) {
+			continue
+		}
+
+		pciAddr, vendor, device, driver := readGPUFromCard(drmRoot, e.Name())
+		if pciAddr == "" || seen[pciAddr] {
+			continue
+		}
+		seen[pciAddr] = true
+
+		model := vendor + ":" + device
+		if m := lookupGPUName(pciAddr); m != "" {
+			model = m
+		}
+
+		gpu := GPUInfo{
+			Model:    model,
+			Vendor:   vendor,
+			DeviceID: device,
+			Driver:   driver,
+		}
+
+		devPath := filepath.Join(drmRoot, e.Name(), "device")
+		enrichGPUInfo(&gpu, devPath, pciAddr, driver)
+		gpus = append(gpus, gpu)
+	}
+
+	return gpus
+}
+
+func enrichGPUInfo(gpu *GPUInfo, devPath, pciAddr, driver string) {
+	switch driver {
+	case "amdgpu":
+		enrichAMDGPU(gpu, devPath)
+	case "nvidia":
+		enrichNvidiaGPU(gpu, pciAddr)
+	}
+}
+
+func enrichAMDGPU(gpu *GPUInfo, devPath string) {
+	if total := readUint64FromFile(filepath.Join(devPath, "mem_info_vram_total")); total > 0 {
+		gpu.MemoryTotalBytes = total
+		gpu.MemoryUsedBytes = readUint64FromFile(filepath.Join(devPath, "mem_info_vram_used"))
+	}
+	if pct := readIntFromFile(filepath.Join(devPath, "gpu_busy_percent")); pct >= 0 {
+		gpu.UtilizationPct = float64(pct)
+	}
+	if pct := readIntFromFile(filepath.Join(devPath, "mem_busy_percent")); pct >= 0 {
+		gpu.MemUtilizationPct = float64(pct)
+	}
+}
+
+func enrichNvidiaGPU(gpu *GPUInfo, pciAddr string) {
+	out, err := oscmd.Run("nvidia-smi",
+		"-i", pciAddr,
+		"--query-gpu=memory.total,memory.used,utilization.gpu,utilization.memory",
+		"--format=csv,noheader,nounits",
+	)
+	if err != nil {
+		return
+	}
+	parts := strings.Split(strings.TrimSpace(out), ", ")
+	if len(parts) < 4 {
+		return
+	}
+	if total, err := strconv.ParseUint(parts[0], 10, 64); err == nil && total > 0 {
+		gpu.MemoryTotalBytes = total * 1024 * 1024
+		if used, err := strconv.ParseUint(parts[1], 10, 64); err == nil {
+			gpu.MemoryUsedBytes = used * 1024 * 1024
+		}
+	}
+	if pct, err := strconv.ParseFloat(parts[2], 64); err == nil {
+		gpu.UtilizationPct = pct
+	}
+	if pct, err := strconv.ParseFloat(parts[3], 64); err == nil {
+		gpu.MemUtilizationPct = pct
+	}
+}
+
+func isGPUCard(name string) bool {
+	if !strings.HasPrefix(name, "card") {
+		return false
+	}
+	if len(name) == 4 {
+		return false
+	}
+	ch := name[4]
+	return ch >= '0' && ch <= '9'
+}
+
+func readGPUFromCard(drmRoot, name string) (pciAddr, vendor, device, driver string) {
+	cardPath := filepath.Join(drmRoot, name)
+	devPath := filepath.Join(cardPath, "device")
+
+	resolved, err := filepath.EvalSymlinks(cardPath)
+	if err != nil {
+		return "", "", "", ""
+	}
+
+	parts := strings.Split(resolved, "/")
+	for i, p := range parts {
+		if p == "drm" && i > 0 {
+			pciAddr = parts[i-1]
+			break
+		}
+	}
+	if pciAddr == "" {
+		return "", "", "", ""
+	}
+
+	vendor = strings.TrimPrefix(readTrim(filepath.Join(devPath, "vendor")), "0x")
+	device = strings.TrimPrefix(readTrim(filepath.Join(devPath, "device")), "0x")
+	driver = readDriver(devPath)
+	return
+}
+
+func readDriver(devPath string) string {
+	target, err := os.Readlink(filepath.Join(devPath, "driver"))
+	if err != nil {
+		return ""
+	}
+	return filepath.Base(target)
+}
+
+func lookupGPUName(pciAddr string) string {
+	out, err := oscmd.Run("lspci", "-nns", pciAddr)
+	if err != nil {
+		return ""
+	}
+	_, rest, ok := strings.Cut(out, " ")
+	if !ok {
+		return ""
+	}
+	return strings.TrimSpace(rest)
+}
+
+func readUint64FromFile(path string) uint64 {
+	v, err := strconv.ParseUint(readTrim(path), 10, 64)
+	if err != nil {
+		return 0
+	}
+	return v
+}
+
+func readIntFromFile(path string) int {
+	v, err := strconv.Atoi(readTrim(path))
+	if err != nil {
+		return -1
+	}
+	return v
+}

internal/modules/system/info.go

@@ -2,26 +2,16 @@ package system
 
 import (
 	"context"
-	"math"
-	"net"
 	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
 	"strconv"
 	"strings"
-	"sync"
-	"syscall"
 	"time"
 
-	"nadir/internal/mounts"
-	"nadir/internal/oscmd"
-
 	"github.com/danielgtaylor/huma/v2"
 )
 
 // SystemInfoBody is the dashboard overview: OS identity plus live CPU, memory,
-// disk, load, network, and temperature readings. Every section is best-effort —
+// disk, load, network, GPU, and temperature readings. Every section is best-effort —
 // a source that's unavailable (e.g. no thermal zones in a VM) yields a zero
 // value or empty list rather than failing the whole call.
 type SystemInfoBody struct {
@@ -34,71 +24,12 @@ type SystemInfoBody struct {
 	Disks             []DiskInfo     `json:"disks" doc:"Mounted block-device filesystems"`
 	NetworkInterfaces []NetInterface `json:"network_interfaces" doc:"Network interfaces and their addresses"`
 	Temperatures      []Temperature  `json:"temperatures" doc:"Thermal sensor readings in Celsius"`
-}
-
-type OSInfo struct {
-	PrettyName   string `json:"pretty_name" example:"Fedora Linux 44 (Workstation Edition)" doc:"Distro name from /etc/os-release PRETTY_NAME"`
-	Kernel       string `json:"kernel" example:"7.0.12-201.fc44.x86_64" doc:"Running kernel release (uname -r)"`
-	Architecture string `json:"architecture" example:"x86_64" doc:"Machine hardware architecture (uname -m)"`
-	Hostname     string `json:"hostname" example:"server01" doc:"System hostname"`
-}
-
-type CPUInfo struct {
-	Model       string `json:"model" example:"AMD Ryzen 7 7840U" doc:"CPU model name"`
-	LogicalCPUs int    `json:"logical_cpus" example:"16" doc:"Number of logical CPUs (cores × threads)"`
-	MinMHz      int    `json:"min_mhz" example:"400" doc:"Lowest frequency the scaling governor can select"`
-	MaxMHz      int    `json:"max_mhz" example:"5137" doc:"Highest frequency (boost ceiling)"`
-	CurrentMHz  int    `json:"current_mhz" example:"3157" doc:"Peak current clock across all cores (instantaneous snapshot; 0 if cpufreq unavailable)"`
-}
-
-type MemoryInfo struct {
-	TotalBytes     uint64 `json:"total_bytes" example:"16384000000"`
-	AvailableBytes uint64 `json:"available_bytes" example:"8192000000" doc:"Memory available for new allocations without swapping"`
-	UsedBytes      uint64 `json:"used_bytes" example:"8192000000" doc:"total - available"`
-	SwapTotalBytes uint64 `json:"swap_total_bytes" example:"8589934592"`
-	SwapFreeBytes  uint64 `json:"swap_free_bytes" example:"8589934592"`
-}
-
-type LoadInfo struct {
-	Load1    float64     `json:"load1" example:"0.42"`
-	Load5    float64     `json:"load5" example:"0.55"`
-	Load15   float64     `json:"load15" example:"0.61"`
-	CPUUsage []CoreUsage `json:"cpu_usage" doc:"Per-core CPU usage percentage (sampled over ~1 s); empty until the first sample completes"`
-}
-
-// CoreUsage holds the usage percentage for a single logical core, computed as
-// the delta of non-idle ticks over total ticks between two /proc/stat reads.
-type CoreUsage struct {
-	Core    int     `json:"core" example:"0" doc:"Logical core index"`
-	UsagePct float64 `json:"usage_pct" example:"23.4" doc:"Usage percentage (0–100)"`
-}
-
-type DiskInfo struct {
-	Mountpoint string `json:"mountpoint" example:"/"`
-	Filesystem string `json:"filesystem" example:"/dev/nvme0n1p2" doc:"Backing device"`
-	FSType     string `json:"fstype" example:"btrfs"`
-	TotalBytes uint64 `json:"total_bytes" example:"512000000000"`
-	FreeBytes  uint64 `json:"free_bytes" example:"256000000000" doc:"Space available to unprivileged users"`
-	UsedBytes  uint64 `json:"used_bytes" example:"256000000000"`
-}
-
-type NetInterface struct {
-	Name      string   `json:"name" example:"eth0"`
-	MAC       string   `json:"mac" example:"aa:bb:cc:dd:ee:ff"`
-	Up        bool     `json:"up" doc:"Interface is administratively up"`
-	Addresses []string `json:"addresses" doc:"Assigned addresses in CIDR notation"`
-}
-
-type Temperature struct {
-	Chip    string  `json:"chip" example:"k10temp" doc:"hwmon chip name; identifies the source (k10temp/coretemp=CPU, amdgpu/nvidia=GPU, nvme=disk)"`
-	Label   string  `json:"label" example:"Tctl" doc:"Per-sensor label, or the chip name when the sensor is unlabelled"`
-	Celsius float64 `json:"celsius" example:"47.5"`
+	GPUs              []GPUInfo      `json:"gpus" doc:"Graphics processors detected via DRM sysfs"`
 }
 
 type GetInfoOutput struct{ Body SystemInfoBody }
 
-func registerInfo(api huma.API) {
-	startCPUSampler()
+func registerInfo(api huma.API, sampler *Sampler) {
 	huma.Register(api, huma.Operation{
 		OperationID: "system-get-info",
 		Method:      "GET",
@@ -106,9 +37,9 @@ func registerInfo(api huma.API) {
 		Summary:     "Get system information",
 		Description: "Returns an overview for a dashboard: OS/kernel identity, CPU, " +
 			"memory and swap, mounted disks, load averages, uptime, network " +
-			"interfaces, and temperatures. All values come from cheap local reads " +
-			"(/proc, /sys, syscalls) with no D-Bus dependency; each section is " +
-			"best-effort.",
+			"interfaces, temperatures, and GPU information. All values come from cheap " +
+			"local reads (/proc, /sys, syscalls) with no D-Bus dependency; each " +
+			"section is best-effort.",
 		Tags:     []string{tagSystem},
 		Metadata: op("read"),
 		Errors:   readErrors,
@@ -118,360 +49,17 @@ func registerInfo(api huma.API) {
 			OS:                osInfo(),
 			CPU:               cpuInfo(),
 			Memory:            memInfo(),
-			Load:              loadInfo(),
+			Load:              loadInfo(sampler),
 			UptimeSec:         uptime,
 			BootTime:          boot.Format(time.RFC3339),
 			Disks:             diskInfo(),
 			NetworkInterfaces: netInfo(),
 			Temperatures:      tempInfo(),
+			GPUs:              gpuInfo(),
 		}}, nil
 	})
 }
 
-func osInfo() OSInfo {
-	host, _ := os.Hostname()
-	return OSInfo{
-		PrettyName:   osReleasePretty(),
-		Kernel:       firstLine(oscmd.Run("uname", "-r")),
-		Architecture: firstLine(oscmd.Run("uname", "-m")),
-		Hostname:     host,
-	}
-}
-
-// firstLine discards a command error and returns its (already trimmed) output,
-// used where a missing value is acceptable.
-func firstLine(out string, _ error) string { return out }
-
-func osReleasePretty() string {
-	data, err := os.ReadFile("/etc/os-release")
-	if err != nil {
-		return ""
-	}
-	for line := range strings.SplitSeq(string(data), "\n") {
-		if v, ok := strings.CutPrefix(line, "PRETTY_NAME="); ok {
-			return strings.Trim(v, `"`)
-		}
-	}
-	return ""
-}
-
-func cpuInfo() CPUInfo {
-	data, _ := os.ReadFile("/proc/cpuinfo")
-	c := CPUInfo{Model: cpuModel(string(data)), LogicalCPUs: runtime.NumCPU()}
-	c.MinMHz, c.MaxMHz, c.CurrentMHz = cpuFreqMHz("/sys/devices/system/cpu")
-	// ponytail: cpufreq sysfs is absent on many VMs and stock Ubuntu server
-	// kernels; fall back to /proc/cpuinfo "cpu MHz" — VMs have a fixed clock,
-	// so min == max == cur is the honest answer.
-	mhz := cpuinfoMaxMHz(string(data))
-	// ponytail: ARM /proc/cpuinfo has no "cpu MHz" and often no "model name";
-	// lscpu decodes the ARM part-id table and reads DMI, so use it as last resort.
-	if c.Model == "" || mhz == 0 {
-		model, lscpuMHz := lscpuFallback()
-		if c.Model == "" {
-			c.Model = model
-		}
-		if mhz == 0 {
-			mhz = lscpuMHz
-		}
-	}
-	if mhz > 0 {
-		if c.CurrentMHz == 0 {
-			c.CurrentMHz = mhz
-		}
-		if c.MaxMHz == 0 {
-			c.MaxMHz = mhz
-		}
-		if c.MinMHz == 0 {
-			c.MinMHz = mhz
-		}
-	}
-	return c
-}
-
-// lscpuFallback parses `lscpu` for "Model name" and any embedded "@ X.X GHz"
-// or "CPU max MHz:" value. Returns zeros when lscpu is missing or silent.
-func lscpuFallback() (model string, mhz int) {
-	out, err := exec.Command("lscpu").Output()
-	if err != nil {
-		return "", 0
-	}
-	for line := range strings.SplitSeq(string(out), "\n") {
-		k, v, ok := strings.Cut(line, ":")
-		if !ok {
-			continue
-		}
-		k, v = strings.TrimSpace(k), strings.TrimSpace(v)
-		switch k {
-		case "Model name":
-			if model == "" {
-				model = v
-			}
-		case "BIOS Model name":
-			if model == "" {
-				model = v
-			}
-		case "CPU max MHz", "CPU MHz":
-			if f, err := strconv.ParseFloat(v, 64); err == nil && int(f) > mhz {
-				mhz = int(math.Round(f))
-			}
-		}
-	}
-	if mhz == 0 {
-		mhz = parseGHzSuffix(model)
-	}
-	return model, mhz
-}
-
-// parseGHzSuffix pulls "2.0GHz" / "@ 2.0 GHz" out of a model string.
-func parseGHzSuffix(s string) int {
-	i := strings.LastIndex(s, "@")
-	if i < 0 {
-		return 0
-	}
-	rest := strings.TrimSpace(s[i+1:])
-	rest = strings.TrimSuffix(strings.TrimSuffix(rest, "GHz"), "Ghz")
-	rest = strings.TrimSpace(strings.TrimSuffix(rest, "G"))
-	f, err := strconv.ParseFloat(strings.TrimSpace(rest), 64)
-	if err != nil {
-		return 0
-	}
-	return int(math.Round(f * 1000))
-}
-
-// cpuinfoMaxMHz returns the highest "cpu MHz" value across all cores in
-// /proc/cpuinfo, rounded to an int. Returns 0 when no such line exists.
-func cpuinfoMaxMHz(cpuinfo string) int {
-	var max float64
-	for line := range strings.SplitSeq(cpuinfo, "\n") {
-		k, v, ok := strings.Cut(line, ":")
-		if !ok || strings.TrimSpace(k) != "cpu MHz" {
-			continue
-		}
-		if f, err := strconv.ParseFloat(strings.TrimSpace(v), 64); err == nil && f > max {
-			max = f
-		}
-	}
-	return int(math.Round(max))
-}
-
-// cpuFreqMHz reads cpufreq sysfs: min/max are stable hardware limits (from
-// cpu0); current is the highest scaling_cur_freq across all cores — the "is it
-// boosting" figure. Values are kHz in sysfs. Returns zeros when cpufreq is
-// absent (e.g. some VMs).
-func cpuFreqMHz(root string) (min, max, cur int) {
-	min = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_min_freq"))
-	max = readKHzAsMHz(filepath.Join(root, "cpu0/cpufreq/cpuinfo_max_freq"))
-	cores, _ := filepath.Glob(filepath.Join(root, "cpu[0-9]*/cpufreq/scaling_cur_freq"))
-	for _, f := range cores {
-		if v := readKHzAsMHz(f); v > cur {
-			cur = v
-		}
-	}
-	return min, max, cur
-}
-
-func readKHzAsMHz(path string) int {
-	khz, err := strconv.Atoi(readTrim(path))
-	if err != nil {
-		return 0
-	}
-	return khz / 1000
-}
-
-// cpuModel extracts the processor model from /proc/cpuinfo. x86 uses "model
-// name"; many ARM boards use "Model" instead, so fall back to it.
-func cpuModel(cpuinfo string) string {
-	var fallback string
-	for line := range strings.SplitSeq(cpuinfo, "\n") {
-		k, v, ok := strings.Cut(line, ":")
-		if !ok {
-			continue
-		}
-		switch strings.TrimSpace(k) {
-		case "model name":
-			return strings.TrimSpace(v)
-		case "Model":
-			fallback = strings.TrimSpace(v)
-		}
-	}
-	return fallback
-}
-
-func memInfo() MemoryInfo {
-	data, _ := os.ReadFile("/proc/meminfo")
-	return parseMeminfo(data)
-}
-
-// parseMeminfo reads the kB values in /proc/meminfo and converts them to bytes.
-func parseMeminfo(data []byte) MemoryInfo {
-	kv := map[string]uint64{}
-	for line := range strings.SplitSeq(string(data), "\n") {
-		k, v, ok := strings.Cut(line, ":")
-		if !ok {
-			continue
-		}
-		fields := strings.Fields(v) // e.g. "16384000 kB"
-		if len(fields) == 0 {
-			continue
-		}
-		if n, err := strconv.ParseUint(fields[0], 10, 64); err == nil {
-			kv[k] = n * 1024 // values are in kB
-		}
-	}
-	return MemoryInfo{
-		TotalBytes:     kv["MemTotal"],
-		AvailableBytes: kv["MemAvailable"],
-		UsedBytes:      kv["MemTotal"] - kv["MemAvailable"],
-		SwapTotalBytes: kv["SwapTotal"],
-		SwapFreeBytes:  kv["SwapFree"],
-	}
-}
-
-func loadInfo() LoadInfo {
-	data, _ := os.ReadFile("/proc/loadavg")
-	l := parseLoadavg(string(data))
-	l.CPUUsage = cachedCPUUsage()
-	return l
-}
-
-// parseLoadavg reads the three load averages from /proc/loadavg.
-func parseLoadavg(loadavg string) LoadInfo {
-	f := strings.Fields(loadavg)
-	if len(f) < 3 {
-		return LoadInfo{}
-	}
-	at := func(i int) float64 { v, _ := strconv.ParseFloat(f[i], 64); return v }
-	return LoadInfo{Load1: at(0), Load5: at(1), Load15: at(2)}
-}
-
-// ---------------------------------------------------------------------------
-// Per-core CPU usage sampler
-// ---------------------------------------------------------------------------
-//
-// /proc/stat exposes cumulative jiffies per core:
-//
-//   cpuN user nice system idle iowait irq softirq steal guest guest_nice
-//
-// We sample every second, compute the delta, and derive:
-//
-//   usage% = (totalΔ − idleΔ) / totalΔ × 100
-//
-// The result is cached behind a RWMutex so the HTTP handler never blocks.
-
-var (
-	usageMu    sync.RWMutex
-	usageCache []CoreUsage
-)
-
-func cachedCPUUsage() []CoreUsage {
-	usageMu.RLock()
-	defer usageMu.RUnlock()
-	// Return a copy so callers can't mutate the cache.
-	if usageCache == nil {
-		return nil
-	}
-	out := make([]CoreUsage, len(usageCache))
-	copy(out, usageCache)
-	return out
-}
-
-// startCPUSampler launches a goroutine that samples /proc/stat once per second
-// for the lifetime of the process. Safe to call multiple times (only the first
-// call starts the goroutine).
-var samplerOnce sync.Once
-
-func startCPUSampler() {
-	samplerOnce.Do(func() {
-		go cpuSamplerLoop("/proc/stat", 1*time.Second)
-	})
-}
-
-func cpuSamplerLoop(statPath string, interval time.Duration) {
-	prev := readProcStat(statPath)
-	for {
-		time.Sleep(interval)
-		cur := readProcStat(statPath)
-		usage := computeUsage(prev, cur)
-		usageMu.Lock()
-		usageCache = usage
-		usageMu.Unlock()
-		prev = cur
-	}
-}
-
-// cpuCoreTicks holds the cumulative jiffies for one "cpuN" line.
-type cpuCoreTicks struct {
-	core  int
-	total uint64
-	idle  uint64
-}
-
-// readProcStat reads /proc/stat and returns per-core tick totals. The
-// aggregate "cpu" line (no digit suffix) is skipped.
-func readProcStat(path string) []cpuCoreTicks {
-	data, _ := os.ReadFile(path)
-	var cores []cpuCoreTicks
-	for line := range strings.SplitSeq(string(data), "\n") {
-		if !strings.HasPrefix(line, "cpu") {
-			continue
-		}
-		fields := strings.Fields(line)
-		if len(fields) < 5 {
-			continue
-		}
-		// Skip the aggregate "cpu" line; we only want "cpu0", "cpu1", …
-		name := fields[0]
-		if name == "cpu" {
-			continue
-		}
-		coreIdx, err := strconv.Atoi(strings.TrimPrefix(name, "cpu"))
-		if err != nil {
-			continue
-		}
-		// Fields: user(1) nice(2) system(3) idle(4) iowait(5) irq(6) softirq(7) steal(8) …
-		var total, idle uint64
-		for _, f := range fields[1:] {
-			v, _ := strconv.ParseUint(f, 10, 64)
-			total += v
-		}
-		// idle = idle + iowait (indices 4 and 5 in the original line).
-		if len(fields) > 5 {
-			v4, _ := strconv.ParseUint(fields[4], 10, 64)
-			v5, _ := strconv.ParseUint(fields[5], 10, 64)
-			idle = v4 + v5
-		} else {
-			v4, _ := strconv.ParseUint(fields[4], 10, 64)
-			idle = v4
-		}
-		cores = append(cores, cpuCoreTicks{core: coreIdx, total: total, idle: idle})
-	}
-	return cores
-}
-
-func computeUsage(prev, cur []cpuCoreTicks) []CoreUsage {
-	prevMap := make(map[int]cpuCoreTicks, len(prev))
-	for _, c := range prev {
-		prevMap[c.core] = c
-	}
-	usage := make([]CoreUsage, 0, len(cur))
-	for _, c := range cur {
-		p, ok := prevMap[c.core]
-		if !ok {
-			continue
-		}
-		dTotal := c.total - p.total
-		dIdle := c.idle - p.idle
-		var pct float64
-		if dTotal > 0 {
-			pct = float64(dTotal-dIdle) / float64(dTotal) * 100
-			// Round to one decimal.
-			pct = math.Round(pct*10) / 10
-		}
-		usage = append(usage, CoreUsage{Core: c.core, UsagePct: pct})
-	}
-	return usage
-}
-
 // uptimeAndBoot reads /proc/uptime (seconds since boot) and derives boot time.
 // On any read error it returns zero values rather than failing the request.
 func uptimeAndBoot() (int64, time.Time) {
@@ -490,163 +78,3 @@ func uptimeAndBoot() (int64, time.Time) {
 	boot := time.Now().Add(-time.Duration(secs * float64(time.Second))).UTC()
 	return int64(secs), boot
 }
-
-func diskInfo() []DiskInfo {
-	entries, err := mounts.Proc()
-	if err != nil {
-		return nil
-	}
-	disks := []DiskInfo{}
-	seen := map[string]bool{}
-	for _, e := range entries {
-		// ponytail: filter by fstype, not device path. LXC/Docker containers
-		// expose their rootfs as a ZFS dataset name, an overlayfs, or a bind
-		// path — never /dev/* — so a "must start with /dev/" check silently
-		// returned no disks on those hosts. statfs + non-zero blocks already
-		// excludes mounts that aren't real storage.
-		if pseudoFS[e.FSType] || seen[e.Mountpoint] {
-			continue
-		}
-		var st syscall.Statfs_t
-		if syscall.Statfs(e.Mountpoint, &st) != nil || st.Blocks == 0 {
-			continue
-		}
-		seen[e.Mountpoint] = true
-		bs := uint64(st.Bsize)
-		disks = append(disks, DiskInfo{
-			Mountpoint: e.Mountpoint,
-			Filesystem: e.Device,
-			FSType:     e.FSType,
-			TotalBytes: st.Blocks * bs,
-			FreeBytes:  st.Bavail * bs,
-			UsedBytes:  (st.Blocks - st.Bfree) * bs,
-		})
-	}
-	return disks
-}
-
-// pseudoFS lists kernel-virtual filesystems that show up in /proc/mounts but
-// aren't user-facing storage. squashfs covers snap loop mounts; fuse.lxcfs is
-// LXC's per-container /proc/* shim. Anything not on this list and statfs-able
-// with non-zero blocks is treated as real storage — covers ext*, btrfs, xfs,
-// zfs, nfs, cifs, overlay, and the bind-mount cases inside Proxmox LXC.
-var pseudoFS = map[string]bool{
-	"autofs":        true,
-	"binfmt_misc":   true,
-	"bpf":           true,
-	"cgroup":        true,
-	"cgroup2":       true,
-	"configfs":      true,
-	"debugfs":       true,
-	"devpts":        true,
-	"devtmpfs":      true,
-	"fuse.gvfsd-fuse": true,
-	"fuse.lxcfs":    true,
-	"fusectl":       true,
-	"hugetlbfs":     true,
-	"mqueue":        true,
-	"nsfs":          true,
-	"overlay":       true,
-	"proc":          true,
-	"pstore":        true,
-	"ramfs":         true,
-	"rpc_pipefs":    true,
-	"securityfs":    true,
-	"squashfs":      true,
-	"sysfs":         true,
-	"tmpfs":         true,
-	"tracefs":       true,
-}
-
-func netInfo() []NetInterface {
-	ifaces, err := net.Interfaces()
-	if err != nil {
-		return nil
-	}
-	out := []NetInterface{}
-	for _, ifi := range ifaces {
-		addrs, _ := ifi.Addrs()
-		strs := []string{}
-		for _, a := range addrs {
-			strs = append(strs, a.String())
-		}
-		out = append(out, NetInterface{
-			Name:      ifi.Name,
-			MAC:       ifi.HardwareAddr.String(),
-			Up:        ifi.Flags&net.FlagUp != 0,
-			Addresses: strs,
-		})
-	}
-	return out
-}
-
-func tempInfo() []Temperature {
-	if t := readHwmonTemps("/sys/class/hwmon"); len(t) > 0 {
-		return t
-	}
-	// ponytail: stock Ubuntu server has no coretemp/k10temp loaded, so hwmon
-	// is empty; thermal_zone exposes ACPI sensors (coarser, no chip name).
-	return readThermalZones("/sys/class/thermal")
-}
-
-// readThermalZones reads /sys/class/thermal/thermal_zone*/temp as a fallback
-// for hosts without hwmon chip drivers. "type" names the zone (e.g. acpitz,
-// x86_pkg_temp); used as both chip and label.
-func readThermalZones(root string) []Temperature {
-	zones, _ := filepath.Glob(filepath.Join(root, "thermal_zone*"))
-	temps := []Temperature{}
-	for _, dir := range zones {
-		milli, err := strconv.Atoi(readTrim(filepath.Join(dir, "temp")))
-		if err != nil {
-			continue
-		}
-		c := float64(milli) / 1000
-		if c <= 0 || c >= 150 {
-			continue
-		}
-		name := readTrim(filepath.Join(dir, "type"))
-		if name == "" {
-			name = filepath.Base(dir)
-		}
-		temps = append(temps, Temperature{Chip: name, Label: name, Celsius: c})
-	}
-	return temps
-}
-
-// readHwmonTemps walks /sys/class/hwmon, which (unlike /sys/class/thermal, that
-// only exposes generic ACPI zones like "acpitz") names each chip — so callers
-// can split CPU (k10temp/coretemp) from GPU (amdgpu/nvidia) from disk (nvme).
-// Each tempN_input may carry a tempN_label; when absent we fall back to the
-// chip name. Best-effort: unreadable, empty, or implausible sensors are skipped.
-func readHwmonTemps(root string) []Temperature {
-	chips, _ := filepath.Glob(filepath.Join(root, "hwmon*"))
-	temps := []Temperature{}
-	for _, dir := range chips {
-		chip := readTrim(filepath.Join(dir, "name"))
-		inputs, _ := filepath.Glob(filepath.Join(dir, "temp*_input"))
-		for _, in := range inputs {
-			milli, err := strconv.Atoi(readTrim(in))
-			if err != nil {
-				continue
-			}
-			c := float64(milli) / 1000
-			// Disabled/placeholder sensors report absurd values (e.g. -0.15 or
-			// 179.8 °C). Drop anything outside a plausible band.
-			if c <= 0 || c >= 150 {
-				continue
-			}
-			label := readTrim(strings.TrimSuffix(in, "_input") + "_label")
-			if label == "" {
-				label = chip
-			}
-			temps = append(temps, Temperature{Chip: chip, Label: label, Celsius: c})
-		}
-	}
-	return temps
-}
-
-// readTrim reads a sysfs file and trims it; a missing file yields "".
-func readTrim(path string) string {
-	b, _ := os.ReadFile(path)
-	return strings.TrimSpace(string(b))
-}

internal/modules/system/info_test.go

@@ -6,6 +6,106 @@ import (
 	"testing"
 )
 
+func TestReadGPUsFromSysfs(t *testing.T) {
+	root := t.TempDir()
+
+	// card0 — AMD GPU with VRAM and utilization files
+	pciDev := filepath.Join(root, "devices/pci0000:00/0000:00:02.0")
+	mkdirAll(t, pciDev)
+	write(t, pciDev, ".", "vendor", "0x1002")
+	write(t, pciDev, ".", "device", "0x7480")
+	write(t, pciDev, ".", "mem_info_vram_total", "8573157376")
+	write(t, pciDev, ".", "mem_info_vram_used", "27267072")
+	write(t, pciDev, ".", "gpu_busy_percent", "23")
+	write(t, pciDev, ".", "mem_busy_percent", "15")
+
+	driverDir := filepath.Join(root, "bus/pci/drivers/amdgpu")
+	mkdirAll(t, driverDir)
+	mustSymlink(t, driverDir, filepath.Join(pciDev, "driver"))
+
+	cardTarget := filepath.Join(pciDev, "drm", "card0")
+	mkdirAll(t, cardTarget)
+	mustSymlink(t, pciDev, filepath.Join(cardTarget, "device"))
+	mustSymlink(t, cardTarget, filepath.Join(root, "card0"))
+
+	// Distractors
+	write(t, root, ".", "card0-HDMI-1", "distract")
+	write(t, root, ".", "renderD128", "distract")
+
+	gpus := readGPUsFromSysfs(root)
+	if len(gpus) != 1 {
+		t.Fatalf("want 1 GPU, got %d: %+v", len(gpus), gpus)
+	}
+	if gpus[0].Vendor != "1002" {
+		t.Errorf("vendor = %q, want 1002", gpus[0].Vendor)
+	}
+	if gpus[0].DeviceID != "7480" {
+		t.Errorf("device_id = %q, want 7480", gpus[0].DeviceID)
+	}
+	if gpus[0].Driver != "amdgpu" {
+		t.Errorf("driver = %q, want amdgpu", gpus[0].Driver)
+	}
+	if gpus[0].MemoryTotalBytes != 8573157376 {
+		t.Errorf("MemoryTotalBytes = %d, want 8573157376", gpus[0].MemoryTotalBytes)
+	}
+	if gpus[0].MemoryUsedBytes != 27267072 {
+		t.Errorf("MemoryUsedBytes = %d, want 27267072", gpus[0].MemoryUsedBytes)
+	}
+	if gpus[0].UtilizationPct != 23.0 {
+		t.Errorf("UtilizationPct = %f, want 23.0", gpus[0].UtilizationPct)
+	}
+	if gpus[0].MemUtilizationPct != 15.0 {
+		t.Errorf("MemUtilizationPct = %f, want 15.0", gpus[0].MemUtilizationPct)
+	}
+}
+
+func TestReadGPUsFromSysfsNoEnrichment(t *testing.T) {
+	root := t.TempDir()
+
+	// i915 GPU with no VRAM or utilization files
+	pciDev := filepath.Join(root, "devices/pci0000:00/0000:00:02.0")
+	mkdirAll(t, pciDev)
+	write(t, pciDev, ".", "vendor", "0x8086")
+	write(t, pciDev, ".", "device", "0x46a6")
+
+	driverDir := filepath.Join(root, "bus/pci/drivers/i915")
+	mkdirAll(t, driverDir)
+	mustSymlink(t, driverDir, filepath.Join(pciDev, "driver"))
+
+	cardTarget := filepath.Join(pciDev, "drm", "card0")
+	mkdirAll(t, cardTarget)
+	mustSymlink(t, pciDev, filepath.Join(cardTarget, "device"))
+	mustSymlink(t, cardTarget, filepath.Join(root, "card0"))
+
+	gpus := readGPUsFromSysfs(root)
+	if len(gpus) != 1 {
+		t.Fatalf("want 1 GPU, got %d", len(gpus))
+	}
+	if gpus[0].MemoryTotalBytes != 0 || gpus[0].MemoryUsedBytes != 0 {
+		t.Errorf("expected 0 VRAM for i915, got total=%d used=%d", gpus[0].MemoryTotalBytes, gpus[0].MemoryUsedBytes)
+	}
+	if gpus[0].UtilizationPct != 0 || gpus[0].MemUtilizationPct != 0 {
+		t.Errorf("expected 0 utilization for i915, got gpu=%f mem=%f", gpus[0].UtilizationPct, gpus[0].MemUtilizationPct)
+	}
+}
+
+func TestReadGPUsFromSysfsMissingDir(t *testing.T) {
+	gpus := readGPUsFromSysfs("/nonexistent/drm")
+	if gpus != nil {
+		t.Errorf("expected nil, got %+v", gpus)
+	}
+}
+
+func TestReadGPUsFromSysfsSkipsNonGPU(t *testing.T) {
+	root := t.TempDir()
+	write(t, root, ".", "renderD128", "x")
+	write(t, root, ".", "card0-HDMI-1", "x")
+	gpus := readGPUsFromSysfs(root)
+	if len(gpus) != 0 {
+		t.Errorf("expected 0 GPUs, got %d", len(gpus))
+	}
+}
+
 func TestReadHwmonTemps(t *testing.T) {
 	root := t.TempDir()
 	// k10temp: CPU, labelled Tctl.
@@ -33,6 +133,20 @@ func TestReadHwmonTemps(t *testing.T) {
 	}
 }
 
+func mkdirAll(t *testing.T, path string) {
+	t.Helper()
+	if err := os.MkdirAll(path, 0o755); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func mustSymlink(t *testing.T, target, link string) {
+	t.Helper()
+	if err := os.Symlink(target, link); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func write(t *testing.T, root, chip, file, val string) {
 	t.Helper()
 	dir := filepath.Join(root, chip)

internal/modules/system/load.go

@@ -0,0 +1,37 @@
+package system
+
+import (
+	"os"
+	"strconv"
+	"strings"
+)
+
+// CoreUsage holds the usage percentage for a single logical core, computed as
+// the delta of non-idle ticks over total ticks between two /proc/stat reads.
+type CoreUsage struct {
+	Core      int     `json:"core" example:"0" doc:"Logical core index"`
+	UsagePct  float64 `json:"usage_pct" example:"23.4" doc:"Usage percentage (0–100)"`
+}
+
+type LoadInfo struct {
+	Load1    float64     `json:"load1" example:"0.42"`
+	Load5    float64     `json:"load5" example:"0.55"`
+	Load15   float64     `json:"load15" example:"0.61"`
+	CPUUsage []CoreUsage `json:"cpu_usage" doc:"Per-core CPU usage percentage (sampled over ~1 s); empty until the first sample completes"`
+}
+
+func loadInfo(sampler *Sampler) LoadInfo {
+	data, _ := os.ReadFile("/proc/loadavg")
+	l := parseLoadavg(string(data))
+	l.CPUUsage = sampler.Snapshot()
+	return l
+}
+
+func parseLoadavg(loadavg string) LoadInfo {
+	f := strings.Fields(loadavg)
+	if len(f) < 3 {
+		return LoadInfo{}
+	}
+	at := func(i int) float64 { v, _ := strconv.ParseFloat(f[i], 64); return v }
+	return LoadInfo{Load1: at(0), Load5: at(1), Load15: at(2)}
+}

internal/modules/system/memory.go

@@ -0,0 +1,44 @@
+package system
+
+import (
+	"os"
+	"strconv"
+	"strings"
+)
+
+type MemoryInfo struct {
+	TotalBytes     uint64 `json:"total_bytes" example:"16384000000"`
+	AvailableBytes uint64 `json:"available_bytes" example:"8192000000" doc:"Memory available for new allocations without swapping"`
+	UsedBytes      uint64 `json:"used_bytes" example:"8192000000" doc:"total - available"`
+	SwapTotalBytes uint64 `json:"swap_total_bytes" example:"8589934592"`
+	SwapFreeBytes  uint64 `json:"swap_free_bytes" example:"8589934592"`
+}
+
+func memInfo() MemoryInfo {
+	data, _ := os.ReadFile("/proc/meminfo")
+	return parseMeminfo(data)
+}
+
+func parseMeminfo(data []byte) MemoryInfo {
+	kv := map[string]uint64{}
+	for line := range strings.SplitSeq(string(data), "\n") {
+		k, v, ok := strings.Cut(line, ":")
+		if !ok {
+			continue
+		}
+		fields := strings.Fields(v)
+		if len(fields) == 0 {
+			continue
+		}
+		if n, err := strconv.ParseUint(fields[0], 10, 64); err == nil {
+			kv[k] = n * 1024
+		}
+	}
+	return MemoryInfo{
+		TotalBytes:     kv["MemTotal"],
+		AvailableBytes: kv["MemAvailable"],
+		UsedBytes:      kv["MemTotal"] - kv["MemAvailable"],
+		SwapTotalBytes: kv["SwapTotal"],
+		SwapFreeBytes:  kv["SwapFree"],
+	}
+}

internal/modules/system/module.go

@@ -1,6 +1,9 @@
 package system
 
 import (
+	"context"
+	"time"
+
 	"nadir/internal/rbac"
 
 	"github.com/danielgtaylor/huma/v2"
@@ -8,9 +11,15 @@ import (
 
 const ModuleID = "system"
 
-type Module struct{}
+type Module struct {
+	sampler *Sampler
+}
 
-func New() *Module { return &Module{} }
+func New() *Module {
+	return &Module{
+		sampler: NewSampler("/proc/stat", 1*time.Second),
+	}
+}
 
 func (m *Module) ID() string   { return ModuleID }
 
@@ -19,7 +28,8 @@ func (m *Module) Permissions() []rbac.Permission {
 }
 
 func (m *Module) Register(api huma.API) {
-	registerInfo(api)
+	m.sampler.Start(context.Background())
+	registerInfo(api, m.sampler)
 	registerHostname(api)
 	registerTimedate(api)
 	registerLocale(api)

internal/modules/system/network.go

@@ -0,0 +1,32 @@
+package system
+
+import "net"
+
+type NetInterface struct {
+	Name      string   `json:"name" example:"eth0"`
+	MAC       string   `json:"mac" example:"aa:bb:cc:dd:ee:ff"`
+	Up        bool     `json:"up" doc:"Interface is administratively up"`
+	Addresses []string `json:"addresses" doc:"Assigned addresses in CIDR notation"`
+}
+
+func netInfo() []NetInterface {
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return nil
+	}
+	out := []NetInterface{}
+	for _, ifi := range ifaces {
+		addrs, _ := ifi.Addrs()
+		strs := []string{}
+		for _, a := range addrs {
+			strs = append(strs, a.String())
+		}
+		out = append(out, NetInterface{
+			Name:      ifi.Name,
+			MAC:       ifi.HardwareAddr.String(),
+			Up:        ifi.Flags&net.FlagUp != 0,
+			Addresses: strs,
+		})
+	}
+	return out
+}

internal/modules/system/os.go

@@ -0,0 +1,42 @@
+package system
+
+import (
+	"os"
+	"strings"
+
+	"nadir/internal/oscmd"
+)
+
+type OSInfo struct {
+	PrettyName   string `json:"pretty_name" example:"Fedora Linux 44 (Workstation Edition)" doc:"Distro name from /etc/os-release PRETTY_NAME"`
+	Kernel       string `json:"kernel" example:"7.0.12-201.fc44.x86_64" doc:"Running kernel release (uname -r)"`
+	Architecture string `json:"architecture" example:"x86_64" doc:"Machine hardware architecture (uname -m)"`
+	Hostname     string `json:"hostname" example:"server01" doc:"System hostname"`
+}
+
+func osInfo() OSInfo {
+	host, _ := os.Hostname()
+	return OSInfo{
+		PrettyName:   osReleasePretty(),
+		Kernel:       firstLine(oscmd.Run("uname", "-r")),
+		Architecture: firstLine(oscmd.Run("uname", "-m")),
+		Hostname:     host,
+	}
+}
+
+// firstLine discards a command error and returns its (already trimmed) output,
+// used where a missing value is acceptable.
+func firstLine(out string, _ error) string { return out }
+
+func osReleasePretty() string {
+	data, err := os.ReadFile("/etc/os-release")
+	if err != nil {
+		return ""
+	}
+	for line := range strings.SplitSeq(string(data), "\n") {
+		if v, ok := strings.CutPrefix(line, "PRETTY_NAME="); ok {
+			return strings.Trim(v, `"`)
+		}
+	}
+	return ""
+}

internal/modules/system/system_handler_test.go

@@ -22,7 +22,7 @@ func TestSystemHandlers(t *testing.T) {
 	registerTimedate(api)
 	registerLocale(api)
 	registerPower(api)
-	registerInfo(api)
+	registerInfo(api, NewSampler("/proc/stat", 0))
 
 	// Mock uname for GET /api/system/info
 	oscmd.SetMock("uname", func(args []string) oscmd.MockCommand {
@@ -34,6 +34,14 @@ func TestSystemHandlers(t *testing.T) {
 		}
 		return oscmd.MockCommand{ExitCode: 1}
 	})
+	// Mock lspci to prevent real calls in case the test host has GPUs.
+	oscmd.SetMock("lspci", func(args []string) oscmd.MockCommand {
+		return oscmd.MockCommand{ExitCode: 1}
+	})
+	// Mock nvidia-smi: return failure so enrichment is a no-op.
+	oscmd.SetMock("nvidia-smi", func(args []string) oscmd.MockCommand {
+		return oscmd.MockCommand{ExitCode: 1}
+	})
 	defer oscmd.ClearMocks()
 
 	// 1. Test GET /api/system/info

internal/modules/system/temperature.go

@@ -0,0 +1,73 @@
+package system
+
+import (
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+type Temperature struct {
+	Chip    string  `json:"chip" example:"k10temp" doc:"hwmon chip name; identifies the source (k10temp/coretemp=CPU, amdgpu/nvidia=GPU, nvme=disk)"`
+	Label   string  `json:"label" example:"Tctl" doc:"Per-sensor label, or the chip name when the sensor is unlabelled"`
+	Celsius float64 `json:"celsius" example:"47.5"`
+}
+
+func tempInfo() []Temperature {
+	if t := readHwmonTemps("/sys/class/hwmon"); len(t) > 0 {
+		return t
+	}
+	return readThermalZones("/sys/class/thermal")
+}
+
+func readThermalZones(root string) []Temperature {
+	zones, _ := filepath.Glob(filepath.Join(root, "thermal_zone*"))
+	temps := []Temperature{}
+	for _, dir := range zones {
+		milli, err := strconv.Atoi(readTrim(filepath.Join(dir, "temp")))
+		if err != nil {
+			continue
+		}
+		c := float64(milli) / 1000
+		if c <= 0 || c >= 150 {
+			continue
+		}
+		name := readTrim(filepath.Join(dir, "type"))
+		if name == "" {
+			name = filepath.Base(dir)
+		}
+		temps = append(temps, Temperature{Chip: name, Label: name, Celsius: c})
+	}
+	return temps
+}
+
+func readHwmonTemps(root string) []Temperature {
+	chips, _ := filepath.Glob(filepath.Join(root, "hwmon*"))
+	temps := []Temperature{}
+	for _, dir := range chips {
+		chip := readTrim(filepath.Join(dir, "name"))
+		inputs, _ := filepath.Glob(filepath.Join(dir, "temp*_input"))
+		for _, in := range inputs {
+			milli, err := strconv.Atoi(readTrim(in))
+			if err != nil {
+				continue
+			}
+			c := float64(milli) / 1000
+			if c <= 0 || c >= 150 {
+				continue
+			}
+			label := readTrim(strings.TrimSuffix(in, "_input") + "_label")
+			if label == "" {
+				label = chip
+			}
+			temps = append(temps, Temperature{Chip: chip, Label: label, Celsius: c})
+		}
+	}
+	return temps
+}
+
+// readTrim reads a sysfs file and trims it; a missing file yields "".
+func readTrim(path string) string {
+	b, _ := os.ReadFile(path)
+	return strings.TrimSpace(string(b))
+}

internal/openapitest/openapi_test.go

@@ -14,7 +14,6 @@ import (
 	"nadir/internal/auth"
 	"nadir/internal/meta"
 	"nadir/internal/module"
-	"nadir/internal/modules/audit"
 	"nadir/internal/modules/groups"
 	"nadir/internal/modules/networking"
 	"nadir/internal/modules/packages"
@@ -28,6 +27,12 @@ import (
 	"github.com/danielgtaylor/huma/v2/adapters/humago"
 )
 
+type auditModule struct{}
+
+func (auditModule) ID() string                     { return "audit" }
+func (auditModule) Permissions() []rbac.Permission { return []rbac.Permission{rbac.Read} }
+func (auditModule) Register(huma.API)              {}
+
 func TestOpenAPISchemaNoCollisions(t *testing.T) {
 	auditStore, err := auditlog.New(filepath.Join(t.TempDir(), "audit.db"))
 	if err != nil {
@@ -48,7 +53,7 @@ func TestOpenAPISchemaNoCollisions(t *testing.T) {
 		packages.New(),
 		networking.New(),
 		storage.New(),
-		audit.New(auditStore),
+		auditModule{},
 	}
 
 	mux := http.NewServeMux()
@@ -59,6 +64,7 @@ func TestOpenAPISchemaNoCollisions(t *testing.T) {
 	meta.Register(api, mods)
 	meta.RegisterHealth(api, sessions)
 	meta.RegisterWhoami(api, sessions, nil, roles, mods)
+	meta.RegisterAudit(api, auditStore)
 	auth.RegisterLogin(api, sessions, auditStore, true)
 	auth.RegisterLogout(api, sessions, true)
 

internal/oscmd/oscmd.go

@@ -14,6 +14,7 @@ import (
 	"os/exec"
 	"strings"
 	"sync"
+	"syscall"
 	"time"
 )
 
@@ -276,6 +277,23 @@ func ParseKV(lines []string) map[string]string {
 	return m
 }
 
+// RunDetached starts name with args in a new process group (Setsid) and returns
+// immediately once the child has started. The child is reaped in the background
+// so it does not become a zombie.
+//
+// Use this for operations where the synchronous path would kill the caller
+// (e.g. "systemctl restart nadir" would SIGTERM the process serving the
+// request before the response is written).
+func RunDetached(name string, args ...string) (*StatusOutput, error) {
+	cmd := exec.Command(name, args...)
+	cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
+	if err := cmd.Start(); err != nil {
+		return nil, err
+	}
+	go cmd.Wait()
+	return OK(), nil
+}
+
 // StatusOutput is the shared response for write operations that just report
 // success. Reusing one type means all such endpoints share a single OpenAPI
 // schema.