urania/nadir-webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
e862a75fd0ffb3a483183b69fcebc573a1bd0295
nadir-webui/messages/en.json
T
urania c86726ec9a feat: refined ui
2026-06-26 00:31:29 +02:00

923 lines
60 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"$schema": "https://inlang.com/schema/inlang-message-format",
"account": "Account",
"admin_config_auth_description": "Sign-in, registration and second-factor policy.",
"admin_config_auth_title": "Authentication",
"admin_config_description": "Runtime configuration for the dashboard. Stored in the database; falls back to environment values.",
"admin_config_disable_signup": "Disable public registration",
"admin_config_disable_signup_hint": "Only existing admins can invite new users.",
"admin_config_enable_2fa": "Require two-factor authentication",
"admin_config_enable_2fa_hint": "All users must set up TOTP on next sign-in.",
"admin_config_enable_email_password": "Allow email + password sign-in",
"admin_config_enable_email_password_hint": "Disable to restrict logins to OAuth providers.",
"admin_config_origin": "Public dashboard URL",
"admin_config_origin_hint": "Used to build auth callback URLs and email links.",
"admin_config_restart_required": "applies after restart",
"admin_config_smtp_description": "Outbound mail for password resets, verification and 2FA codes. Password is encrypted at rest.",
"admin_config_smtp_from": "From address",
"admin_config_smtp_host": "Host",
"admin_config_smtp_missing": "Configure SMTP host before sending a test email.",
"admin_config_smtp_pass": "Password",
"admin_config_smtp_pass_hint": "Leave blank to keep the current password.",
"admin_config_smtp_port": "Port",
"admin_config_smtp_ssl": "Use TLS/SSL",
"admin_config_smtp_ssl_hint": "Enable for port 465; leave off for STARTTLS on 587.",
"admin_config_smtp_test": "Send test",
"admin_config_smtp_test_body": "This is a test email from your Nadir dashboard.",
"admin_config_smtp_test_sent": "Test email sent.",
"admin_config_smtp_test_subject": "Nadir SMTP test",
"admin_config_smtp_test_to": "Send test email to",
"admin_config_smtp_title": "Mail (SMTP)",
"admin_config_smtp_user": "Username",
"admin_config_social_client_id": "Client ID",
"admin_config_social_client_secret": "Client secret",
"admin_config_social_description": "OAuth client credentials for sign-in providers. Secrets are encrypted at rest.",
"admin_config_social_secret_hint": "Leave blank to keep the current secret.",
"admin_config_social_title": "Social providers",
"agent_update_failed": "Agent update did not complete - check `nadir logs` on the host",
"agent_update_started": "Updating agent... ({from} → {to})",
"agent_update_success": "Agent updated to {version}",
"agent_updates": "Agent outdated",
"already_have_account": "Already have an account?",
"appname": "NadiЯ",
"back_to_login": "Back to login",
"backup_code": "Backup code",
"backup_codes_notice": "Store these somewhere safe. Each code works once if you lose your device.",
"backup_codes_title": "Save your backup codes",
"cancel": "Cancel",
"check_your_email": "Check your email",
"code": "Code",
"confirm_password": "Confirm password",
"continue_action": "Continue",
"copied": "Copied",
"copy": "Copy",
"copy_failed": "Failed to copy",
"create_account": "Create account",
"dashboard": "Dashboard",
"dashboard_architecture": "Architecture",
"dashboard_auto_refresh": "Auto-refresh",
"dashboard_ascending": "Ascending",
"dashboard_clock": "Clock",
"dashboard_col_actions": "Actions",
"dashboard_col_free": "Free",
"dashboard_col_ip": "IP",
"dashboard_col_method": "Method",
"dashboard_col_mount": "Mount",
"dashboard_col_name": "Name",
"dashboard_col_path": "Path",
"dashboard_col_sensor": "Sensor",
"dashboard_col_size": "Size",
"dashboard_col_status": "Status",
"dashboard_col_temp": "Temp",
"dashboard_col_time": "Time",
"dashboard_col_usage": "Usage",
"dashboard_col_user": "User",
"dashboard_cpu": "CPU",
"dashboard_cpu_detail": "{cores} cores · {current} ({min}{max})",
"dashboard_descending": "Descending",
"dashboard_dns": "DNS",
"dashboard_filter_display": "Display",
"dashboard_filter_title": "Filter",
"dashboard_free_of": "{free} free of {total}",
"dashboard_gpu": "GPU",
"dashboard_gpu_compute": "Compute",
"dashboard_gpu_vram": "VRAM",
"dashboard_hardware_clock": "Hardware clock",
"dashboard_interval_10s": "Every 10s",
"dashboard_interval_30s": "Every 30s",
"dashboard_interval_5s": "Every 5s",
"dashboard_interval_custom": "Custom",
"dashboard_interval_second": "Every second",
"dashboard_kernel": "Kernel",
"dashboard_keymap": "Keymap",
"dashboard_language": "Language",
"dashboard_load_average": "Load Average",
"dashboard_load_detail": "{loadPct}% of {cores}c · 5m {load5} · 15m {load15}",
"dashboard_local_time": "Local time",
"dashboard_locale": "Locale",
"dashboard_logical_cores": "{cores} logical cores",
"dashboard_machines_description": "Manage all servers connected to this dashboard.",
"dashboard_memory": "Memory",
"dashboard_nameserver": "Nameserver",
"dashboard_network": "Network",
"dashboard_next": "Next",
"dashboard_none": "none",
"dashboard_not_synced": "Not synced",
"dashboard_nothing_to_show": "Nothing to show.",
"dashboard_os": "OS",
"dashboard_packages": "Packages",
"dashboard_page_of": "Page {page} of {total}",
"dashboard_pagination_info": "{start}{end} of {total}",
"dashboard_pause": "Pause auto-refresh",
"dashboard_prev": "Prev",
"dashboard_recent_activity": "Recent activity",
"dashboard_refresh": "Refresh",
"dashboard_resume": "Resume auto-refresh",
"dashboard_rows_per_page": "Rows per page",
"dashboard_search_placeholder": "Search",
"dashboard_since": "since {bootTime}",
"dashboard_status_down": "down",
"dashboard_status_up": "up",
"dashboard_storage": "Storage",
"dashboard_swap": "Swap {swapPct}%",
"dashboard_synchronized": "Synchronized",
"dashboard_syncing": "Syncing…",
"dashboard_system": "System",
"dashboard_temperatures": "Temperatures",
"dashboard_time": "Time",
"dashboard_timezone": "Timezone",
"dashboard_up_to_date": "up to date",
"dashboard_updates": "{count} updates",
"dashboard_uptime": "Uptime",
"dashboard_used_percent": "{used}% used",
"dashboard_utc": "UTC",
"delete": "Delete",
"download": "Download",
"edit": "Edit",
"email": "Email",
"email_complete_body": "Your account has been created. Choose a password to finish setting it up.",
"email_complete_button": "Set password",
"email_complete_heading": "Complete your registration",
"email_complete_subject": "Complete your registration",
"email_greeting": "Hi {name},",
"email_link_fallback": "If the button doesn't work, copy and paste this link into your browser:",
"email_otp_body": "Use this code to finish signing in:",
"email_otp_heading": "Your verification code",
"email_otp_ignore": "If you didn't try to sign in, you can safely ignore this email.",
"email_otp_subject": "Your verification code",
"email_placeholder": "admin@example.com",
"email_reset_body": "We received a request to reset the password for your account. Click the button below to choose a new password.",
"email_reset_button": "Reset password",
"email_reset_heading": "Reset your password",
"email_reset_ignore": "If you didn't request a password reset, you can safely ignore this email. Your password will remain unchanged.",
"email_reset_subject": "Reset your password",
"email_verify_body": "Click the button below to verify your email address and activate your account.",
"email_verify_button": "Verify email",
"email_verify_heading": "Verify your email",
"email_verify_ignore": "If you didn't create an account, you can safely ignore this email.",
"email_verify_subject": "Verify your email address",
"enter_password_to_continue": "Confirm your password to continue",
"error_action_back": "Go back",
"error_action_home": "Go home",
"error_action_retry": "Try again",
"error_code_label": "Error {status}",
"error_details": "Details",
"error_generic_description": "Something went wrong while loading this page.",
"error_generic_title": "Unexpected error",
"error_not_found_description": "The page or resource you are looking for could not be found. It may have been removed, renamed, or never existed.",
"error_not_found_title": "Not found",
"error_unauthorized_description": "You do not have access to this resource. Try signing in again or contact your administrator.",
"error_unauthorized_title": "Access denied",
"errors_address_invalid": "Enter a valid URL, e.g. http://127.0.0.1:9999",
"errors_email_invalid": "Enter a valid email address",
"errors_generic": "An error occurred during this operation, please review Nadir Logs for more information.",
"errors_hostname_invalid": "Enter a valid hostname (RFC 1123).",
"errors_invalid_code": "Invalid or expired code, try again.",
"errors_non_empty": "This field is required",
"errors_not_found": "This item has not been found",
"errors_password_too_short": "Password must be at least {min} characters",
"errors_port_invalid": "Enter a port between 1 and 65535",
"errors_password_weak": "Use upper- and lower-case letters and at least one number.",
"errors_passwords_no_match": "Passwords do not match",
"errors_unauthenticated": "Unauthenticated",
"errors_username_too_short": "Username must be at least {min} characters",
"errors_wrong_credentials": "Wrong credentials, try again.",
"finish": "Finish",
"forbidden": "You are not allowed to this operation.",
"forgot_password": "Forgot your password?",
"forgot_password_description": "Enter your email and we'll send you a reset link.",
"forgot_password_title": "Forgot your password?",
"groups": "Groups",
"groups_add": "Add group",
"groups_add_member": "Add member",
"groups_add_member_action": "add",
"groups_add_member_description": "Adds this group to the user's supplementary set.",
"groups_add_member_no_results": "No matching users.",
"groups_add_member_search_placeholder": "Search user…",
"groups_add_member_title": "Add member to {name}",
"groups_col_gid": "GID",
"groups_col_members": "Members",
"groups_gid_optional": "GID (optional)",
"groups_create_description": "Adds a Unix group via groupadd.",
"groups_create_field_system": "System group",
"groups_create_title": "Create group",
"groups_created": "Group created",
"groups_delete_description": "Runs groupdel. Fails if it is the primary group of any existing user.",
"groups_delete_title": "Delete {name}?",
"groups_deleted": "Group deleted",
"groups_filter_show_system": "Show system groups",
"groups_filter_system_gid_hint": "(gid < 1000)",
"groups_member_added": "Added {username}",
"groups_member_removed": "Removed {username}",
"groups_members_description": "Supplementary members are managed via <code>usermod -G</code> on each user. Primary-group members (users whose primary gid is {gid}) appear below but cannot be removed from here.",
"groups_members_title": "Members",
"groups_nav_description": "Unix groups from /etc/group on this machine.",
"groups_nav_title": "Groups",
"groups_no_results": "No groups found.",
"groups_remove_member_aria": "Remove {name}",
"groups_no_supplementary_members": "No supplementary members.",
"groups_not_found": "Group not found: {name}",
"groups_primary_empty": "None.",
"groups_primary_label": "Primary ({count})",
"groups_search_placeholder": "Search name or gid…",
"groups_supplementary_label": "Supplementary ({count})",
"home": "Home",
"invalid_reset_link": "This link is invalid or has expired.",
"landing_cta_desc": "Deploy your own instance and manage your servers from any device.",
"landing_cta_title": "Ready to take control?",
"landing_features_dashboard": "Live performance metrics",
"landing_features_dashboard_desc": "Inspect real-time CPU performance heatmaps, memory consumption metrics, network bandwidth usage, and storage capacity graphs.",
"landing_features_networking": "Network administration",
"landing_features_networking_desc": "Configure network settings dynamically. Review interfaces, inspect routing tables, modify local hosts files, and configure system DNS resolution.",
"landing_features_services": "Systemd service control",
"landing_features_services_desc": "Control systemd services directly from the browser. Start, stop, restart units, toggle boot behavior, and follow log streams.",
"landing_features_storage": "Filesystem and storage",
"landing_features_storage_desc": "Monitor storage devices and filesystems. Mount and unmount storage volumes, view disk partitions, and configure fstab details.",
"landing_features_terminal": "Interactive terminal",
"landing_features_terminal_desc": "Open secure terminal windows connected directly to target hosts. Features terminal multiplexing, size auto-fitting, and persistent sessions.",
"landing_features_title": "Complete server control",
"landing_features_desc": "No complex configuration files or rigid wrappers. Nadir exposes standard system abstractions directly, letting you perform everyday administration actions natively.",
"landing_features_users": "User and group management",
"landing_features_users_desc": "Manage system user accounts and group assignments. Edit user privileges, view memberships, and authenticate via secure PAM rules.",
"landing_footer_docs": "Documentation",
"landing_footer_gitea": "GiTea",
"landing_footer_subtitle": "Self-hosted, open-source server management.",
"landing_hero_cta_github": "View source",
"landing_hero_cta_start": "Get started",
"landing_hero_title": "Modern server administration, unified.",
"landing_hero_tagline": "An open-source console and lightweight agent built to inspect, manage, and secure your Linux hosts from any browser. Simple architecture, complete control.",
"landing_arch_title": "Dual architecture, simple deployment",
"landing_arch_desc": "Nadir separates your presentation layer from target host runtimes. The frontend operates as a stateless console, and the lightweight Go agent manages your systems directly.",
"landing_arch_frontend_title": "Nadir Web UI",
"landing_arch_frontend_desc": "The central operations dashboard. Served as a stateless Docker container. Sign in, manage server associations, and monitor all nodes.",
"landing_arch_backend_title": "Nadir Agent",
"landing_arch_backend_desc": "The per-host service daemon. Lightweight binary compiled in Go. Runs as root under PAM authentication, providing local system access.",
"landing_how_title": "Deploy in under two minutes",
"landing_how_desc": "Follow these simple steps to run the Web UI and link your first target host.",
"landing_how_step1_title": "Spin up the Web UI",
"landing_how_step1_desc": "Deploy the stateless web dashboard using Docker. This interface will coordinate your registered agents. Access the web setup at port 3000 to configure your dashboard admin account.",
"landing_how_step2_title": "Bootstrap the target server",
"landing_how_step2_desc": "Run the installation script on the host machine you want to manage. The script automatically detects the host architecture (amd64/arm64), fetches the latest tagged binary release from Gitea, verifies SHA-256 integrity, configures a systemd unit, and installs a PAM configuration file.",
"landing_security_note": "Security note:",
"landing_security_note_text": "The bootstrap installer requires root privileges. It generates a self-signed TLS certificate automatically if secure TLS is configured.",
"landing_security_architecture_title": "Deployment security and architecture",
"landing_security_architecture_desc": "Because the nadir-agent operates with root privileges, it should never be exposed directly to the public internet. By default, it binds to localhost. It is designed to be co-located on the same server as the Web UI communicating over loopback, or securely accessed across nodes over a private VPN (such as WireGuard, Tailscale, or Netbird). While agent installations support generating self-signed TLS certificates automatically, operating within a trusted private network boundary remains the recommended deployment model.",
"landing_how_step3_title": "Link in the dashboard",
"landing_how_step3_desc": "When the agent installation completes, it outputs a dashboard association token. Copy this Bearer token, log into the Web UI dashboard, click \"Add Machine,\" enter the IP/address and token, and start administering your server.",
"landing_screenshot_dashboard": "Machine dashboard with real-time performance metrics, CPU heatmap, memory usage, and network activity.",
"landing_screenshot_hero_label": "Dashboard overview with real-time metrics",
"landing_screenshot_machines": "Multi-server overview showing all connected machines with health status.",
"landing_screenshot_services": "Service management table with start, stop, and restart controls for systemd units.",
"landing_screenshots_title": "See it in action",
"landing_start_code": "bun install && cp .env.example .env && bun run db:push && bun run dev",
"landing_tech_linux": "Linux",
"landing_tech_opensource": "Open Source",
"landing_tech_selfhosted": "Self-Hosted",
"landing_start_desc": "Prerequisites: Bun and a reachable nadir-agent instance.",
"landing_start_title": "Get started in minutes",
"landing_stats_linux": "Linux-native",
"landing_stats_opensource": "Open source",
"landing_stats_setup": "One-command setup",
"login": "Login",
"more": "More",
"login_social_description": "You have to login to use this platform. Use your favorite social or your credentials",
"login_with": "Login with <span class=capitalize>{social}</span>",
"logout": "Logout",
"machine_actions": "Server actions",
"machine_add": "Add server",
"machine_add_description": "Connect a new server to manage from this dashboard.",
"machine_address": "Address",
"machine_address_placeholder": "http://127.0.0.1:9999",
"machine_delete_confirm": "This permanently removes \"{name}\" from the database. The connected server is not touched.",
"machine_delete_title": "Delete server?",
"machine_edit": "Edit server",
"machine_edit_description": "Update the connection details for this server.",
"machine_name": "Name",
"machine_name_placeholder": "Production server",
"machine_none": "No servers yet.",
"machine_offline": "Offline",
"machine_offline_code": "Error 502",
"machine_offline_description": "Could not reach the nadir-agent at {address}. The host may be down, the agent stopped, or the address is wrong.",
"machine_offline_details": "Show error details",
"machine_offline_node_dest": "Agent",
"machine_offline_node_proxy": "Web UI",
"machine_offline_node_you": "You",
"machine_offline_status_connected": "CONNECTED",
"machine_offline_status_unreachable": "UNREACHABLE",
"machine_offline_title": "{name} is offline",
"machine_online": "Online",
"machine_refresh_health": "Refresh status",
"machine_reorder": "Reorder servers",
"machine_reorder_done": "Done reordering",
"machine_save": "Add server",
"machine_save_edit": "Save changes",
"machine_search_placeholder": "Search servers…",
"machine_token": "Token",
"machine_token_keep": "Leave blank to keep the current token.",
"machine_token_placeholder": "Agent bearer token",
"manual_entry_key": "Can't scan? Enter this key in your authenticator app manually:",
"name": "Name",
"nav_admin": "Admin",
"nav_admin_config": "Config",
"nav_admin_config_desc": "Application-wide configuration.",
"nav_admin_users": "Users",
"nav_admin_users_desc": "Manage user accounts, roles and access.",
"nav_dashboard_overview": "Overview",
"nav_dashboard_overview_desc": "System status at a glance.",
"nav_networking": "Networking",
"nav_networking_dns": "DNS",
"nav_networking_dns_desc": "Nameservers from /etc/resolv.conf.",
"nav_networking_hosts": "Hosts",
"nav_networking_hosts_desc": "Static host entries in /etc/hosts.",
"nav_networking_interfaces": "Interfaces",
"nav_networking_interfaces_desc": "Network interfaces and their addresses.",
"nav_networking_routes": "Routes",
"nav_networking_routes_desc": "Kernel routing table.",
"nav_packages": "Packages",
"nav_packages_installed": "Installed packages",
"nav_packages_installed_desc": "List, search, and remove installed software packages.",
"nav_packages_updates": "Available updates",
"nav_packages_updates_desc": "Check and install updates for existing packages.",
"nav_services": "Services",
"nav_services_desc": "Manage systemd service units.",
"nav_storage": "Storage",
"nav_storage_fstab": "Fstab",
"nav_storage_fstab_desc": "Persistent mount definitions in /etc/fstab.",
"nav_storage_mounts": "Mounts",
"nav_storage_mounts_desc": "Active filesystem mounts on this machine.",
"nav_system": "System",
"nav_system_datetime": "Date & Time",
"nav_system_datetime_desc": "Clock, timezone and time synchronisation.",
"nav_system_hostname": "Hostname",
"nav_system_hostname_desc": "Identify this machine on the network.",
"nav_system_localization": "Localization",
"nav_system_localization_desc": "Language, locale and region settings.",
"nav_system_nadir": "Nadir Agent",
"nav_system_nadir_desc": "Active modules and user permissions.",
"nav_system_power": "Power",
"nav_system_power_desc": "Reboot or power off the machine.",
"nav_system_terminal": "Terminal",
"nav_system_terminal_desc": "Open an interactive terminal session on this host.",
"nav_users_groups": "Groups",
"nav_users_groups_desc": "Unix groups from /etc/group.",
"nav_users_system_users": "System users",
"nav_users_system_users_desc": "PAM/Unix accounts on this machine.",
"networking_apply": "Apply",
"networking_apply_confirm_body": "The agent will activate this configuration and auto-revert after {seconds}s unless you confirm. Make sure you can still reach the host after applying.",
"networking_apply_confirm_title": "Apply with rollback?",
"networking_apply_done": "Configuration applied — waiting for confirmation.",
"networking_col_destination": "Destination",
"networking_col_gateway": "Gateway",
"networking_col_hostnames": "Hostnames",
"networking_col_interface": "Interface",
"networking_col_ip": "IP",
"networking_col_ipv4": "IPv4",
"networking_col_ipv6": "IPv6",
"networking_col_mac": "MAC",
"networking_col_metric": "Metric",
"networking_col_mtu": "MTU",
"networking_col_name": "Name",
"networking_col_source": "Source",
"networking_col_state": "State",
"networking_configure": "Configure",
"networking_configure_description": "Apply addressing, gateway, DNS and static routes. Changes auto-rollback after the configured timeout unless confirmed.",
"networking_confirm": "Confirm",
"networking_confirmed": "Change confirmed.",
"networking_details": "Details",
"networking_dns_add": "Add nameserver",
"networking_dns_description": "Read-only view of the system resolver. Configure per interface.",
"networking_dns_per_interface_hint": "DNS is set per interface; there is no standalone write endpoint.",
"networking_dns_placeholder": "1.1.1.1",
"networking_dns_section": "DNS",
"networking_dns_section_hint": "Resolvers for this interface (IPv4 or IPv6).",
"networking_dns_servers": "Nameservers",
"networking_host_add": "Add host",
"networking_host_add_description": "Map an IP to one or more hostnames. Multiple names separated by spaces.",
"networking_host_edit": "Edit host",
"networking_host_remove": "Remove host",
"networking_host_remove_description": "This will delete the entry from /etc/hosts.",
"networking_host_remove_title": "Remove {ip}?",
"networking_host_removed": "Host entry removed.",
"networking_host_saved": "Host entry saved.",
"networking_hosts_description": "Static name-to-address mappings in /etc/hosts.",
"networking_hosts_search_placeholder": "Search by IP or hostname...",
"networking_interfaces_description": "Network interfaces and their current addresses.",
"networking_interfaces_search_placeholder": "Search by name, MAC, address...",
"networking_ipv4_section": "IPv4",
"networking_ipv4_section_hint": "Static address or DHCP.",
"networking_ipv6_section": "IPv6",
"networking_ipv6_section_hint": "Auto (SLAAC), static, or ignore to disable.",
"networking_link_down": "Bring down",
"networking_link_down_done": "Interface {name} brought down.",
"networking_link_up": "Bring up",
"networking_link_up_done": "Interface {name} brought up.",
"networking_method_dhcp": "DHCP",
"networking_method_ignore": "Ignore (disable)",
"networking_method_slaac": "Auto (SLAAC)",
"networking_method_static": "Static",
"networking_no_dns": "No nameservers configured.",
"networking_no_hosts": "No host entries.",
"networking_no_interfaces": "No interfaces.",
"networking_no_routes": "No routes.",
"networking_pending_banner": "Pending change on {iface} — auto-rollback in {seconds}s.",
"networking_rollback": "Rollback",
"networking_rollback_seconds": "Rollback timeout (seconds)",
"networking_rollback_seconds_hint": "Auto-revert after this many seconds unless confirmed. Leave 0 for the agent default (60s).",
"networking_rolled_back": "Change rolled back.",
"networking_route_add": "Add route",
"networking_route_destination": "Destination (CIDR or 'default')",
"networking_route_gateway": "Next-hop gateway",
"networking_routes_description": "Kernel routing table.",
"networking_routes_search_placeholder": "Search by destination, gateway, interface...",
"networking_routes_section": "Static routes",
"networking_routes_section_hint": "Optional routes installed alongside this interface.",
"new_password": "New password",
"no_account": "No account yet?",
"optional": "Optional",
"or": "Or",
"packages_col_name": "Package",
"packages_col_version": "Version",
"packages_install": "Install Package",
"packages_install_button": "Install",
"packages_install_desc": "Enter the name of the package you want to install from the repositories.",
"packages_install_started": "Installing package {name}...",
"packages_install_success": "Package {name} installed successfully.",
"packages_manager_label": "Package Manager",
"packages_no_packages": "No packages found.",
"packages_no_updates": "No updates available.",
"packages_remove_confirm_desc": "This will uninstall {name} from the host. Any dependent packages might also be affected.",
"packages_remove_confirm_title": "Remove {name}?",
"packages_remove_started": "Removing package {name}...",
"packages_remove_success": "Package {name} removed successfully.",
"packages_search_placeholder": "Search packages by name...",
"packages_stream_connection_error": "Connection Error: {message}",
"packages_stream_error": "ERROR: {message}",
"packages_stream_failed": "Operation failed.",
"packages_terminal_desc": "Streaming output from the package manager.",
"packages_update_available": "Update available {from} > {to}",
"packages_update_single": "Update",
"packages_update_started": "Upgrading package {name}...",
"packages_update_success": "Package {name} upgraded successfully.",
"packages_upgrade_all": "Upgrade All",
"packages_upgrade_success": "Upgrade completed successfully.",
"pagination_next": "Next",
"pagination_page_of": "Page {page} of {pages}",
"pagination_previous": "Previous",
"password": "Password",
"password_hint": "At least 8 characters, mixing upper- and lower-case letters and a number.",
"prefix": "Prefix",
"remember_me": "Remember me",
"reset_link_sent": "If an account exists for that email, a reset link is on its way.",
"reset_password_action": "Update password",
"reset_password_description": "Choose a strong password you don't use anywhere else.",
"reset_password_title": "Set a new password",
"save": "Save",
"saved": "Saved",
"scan_qr": "Add this key to your authenticator app, then enter the generated code below.",
"send_reset_link": "Send reset link",
"seo_desc_admin_config": "Application-wide configuration settings.",
"seo_desc_admin_users": "Manage user accounts, roles and access.",
"seo_desc_auth_2fa": "Verify your identity with a two-factor authentication code.",
"seo_desc_auth_forgot_password": "Reset your password via email.",
"seo_desc_auth_reset_password": "Choose a new password for your account.",
"seo_desc_auth_setup_2fa": "Add an extra layer of security with two-factor authentication.",
"seo_desc_auth_sign_in": "Sign in to manage your servers.",
"seo_desc_auth_sign_up": "Create an account to get started.",
"seo_desc_dashboard": "Server overview and health at a glance.",
"seo_desc_machine_detail": "System status, performance metrics and key information for this machine.",
"seo_desc_networking": "Network interfaces, routes, hosts and DNS configuration.",
"seo_desc_networking_dns": "Nameserver configuration from /etc/resolv.conf.",
"seo_desc_networking_hosts": "Static host entries in /etc/hosts.",
"seo_desc_networking_interfaces": "Network interfaces and their addresses.",
"seo_desc_networking_routes": "Kernel routing table.",
"seo_desc_packages": "Manage installed packages and system updates.",
"seo_desc_packages_installed": "List, search, and remove installed software packages.",
"seo_desc_packages_updates": "Check and install available package updates.",
"seo_desc_root": "Web-based server management dashboard.",
"seo_desc_services": "List, filter, and manage systemd service units.",
"seo_desc_services_detail": "Manage and monitor a systemd service unit.",
"seo_desc_storage": "Filesystem mounts and fstab configuration.",
"seo_desc_storage_fstab": "Persistent mount definitions in /etc/fstab.",
"seo_desc_storage_mounts": "Active filesystem mounts on this machine.",
"seo_desc_system": "Date and time, hostname, localization and power controls.",
"seo_desc_system_datetime": "Clock, timezone and time synchronisation settings.",
"seo_desc_system_hostname": "View and change the machine hostname.",
"seo_desc_system_localization": "Language, locale and region settings.",
"seo_desc_system_nadir": "View active modules and permission matrix for the connected Nadir agent.",
"seo_desc_system_power": "Reboot or power off the machine.",
"seo_desc_users": "PAM/Unix user accounts on this machine.",
"seo_desc_users_detail": "View and manage a PAM/Unix user account.",
"seo_desc_users_groups": "Unix groups from /etc/group on this machine.",
"seo_desc_users_groups_detail": "View and manage a Unix group.",
"seo_title_admin_config": "Config",
"seo_title_admin_users": "Users",
"seo_title_auth_2fa": "Two-factor authentication",
"seo_title_auth_forgot_password": "Forgot password",
"seo_title_auth_reset_password": "Reset password",
"seo_title_auth_setup_2fa": "Set up two-factor authentication",
"seo_title_auth_sign_in": "Sign in",
"seo_title_auth_sign_up": "Sign up",
"seo_title_dashboard": "Dashboard",
"seo_title_networking": "Networking",
"seo_title_networking_dns": "DNS",
"seo_title_networking_hosts": "Hosts",
"seo_title_networking_interfaces": "Interfaces",
"seo_title_networking_routes": "Routes",
"seo_title_packages": "Packages",
"seo_title_packages_installed": "Installed packages",
"seo_title_packages_updates": "Available updates",
"seo_title_root": "Home",
"seo_title_services": "Services",
"seo_title_storage": "Storage",
"seo_title_storage_fstab": "Fstab",
"seo_title_storage_mounts": "Mounts",
"seo_title_system": "System",
"seo_title_system_datetime": "Date and time",
"seo_title_system_hostname": "Hostname",
"seo_title_system_localization": "Localization",
"seo_title_system_nadir": "Nadir Agent",
"seo_title_system_power": "Power",
"seo_title_users": "System users",
"seo_title_users_groups": "Groups",
"services_action_disable": "Disable",
"services_action_disabled": "Service {name} disabled successfully.",
"services_action_enable": "Enable",
"services_action_enabled": "Service {name} enabled successfully.",
"services_action_restart": "Restart",
"services_action_restarted": "Service {name} restarted successfully.",
"services_action_start": "Start",
"services_action_started": "Service {name} started successfully.",
"services_action_stop": "Stop",
"services_action_stopped": "Service {name} stopped successfully.",
"services_active_filter": "Active State",
"services_col_active": "Active State",
"services_col_description": "Description",
"services_col_load": "Load State",
"services_col_sub": "Sub State",
"services_col_unit": "Unit",
"services_description": "List, filter, and manage systemd service units.",
"services_details_active_state": "Active State",
"services_details_load_state": "Load State",
"services_details_sub_state": "Sub State",
"services_details_title": "Service Details",
"services_details_unit_file_state": "Startup Type",
"services_filter_active": "Active",
"services_filter_dead": "Dead",
"services_filter_error": "Error",
"services_filter_exited": "Exited",
"services_filter_failed": "Failed",
"services_filter_inactive": "Inactive",
"services_filter_loaded": "Loaded",
"services_filter_masked": "Masked",
"services_filter_not_found": "Not Found",
"services_filter_other": "Other",
"services_filter_running": "Running",
"services_filter_title": "Filter Services",
"services_load_filter": "Load State",
"services_logs_autoscroll": "Autoscroll",
"services_logs_clear": "Clear",
"services_logs_empty": "No log entries.",
"services_logs_filters": "Filters",
"services_logs_lines": "Lines",
"services_logs_live": "Live",
"services_logs_live_streaming": "Streaming",
"services_logs_priority": "Max priority",
"services_logs_search_placeholder": "Filter log lines...",
"services_logs_since": "Since",
"services_logs_since_15m": "Last 15 minutes",
"services_logs_since_1h": "Last hour",
"services_logs_since_6h": "Last 6 hours",
"services_logs_since_all": "All",
"services_logs_since_today": "Today",
"services_logs_since_yesterday": "Since yesterday",
"services_logs_title": "Logs",
"services_no_services": "No services found.",
"services_search_placeholder": "Search service units...",
"services_sub_filter": "Sub State",
"services_title": "Services",
"settings": "Settings",
"setup_2fa_description": "Add an extra layer of security to your account.",
"setup_2fa_title": "Set up two-factor authentication",
"sign_up": "Sign up",
"sign_up_description": "Sign up with your email and a username.",
"sign_up_title": "Create your account",
"storage_badge_fstab": "fstab",
"storage_col_device": "Device",
"storage_col_dump": "Dump",
"storage_col_fstype": "Type",
"storage_col_mountpoint": "Mount point",
"storage_col_options": "Options",
"storage_col_pass": "Pass",
"storage_filter_show_pseudo": "Show pseudo filesystems",
"storage_filter_show_pseudo_hint": "proc, sysfs, tmpfs, cgroup, …",
"storage_fstab_description": "Persistent mount definitions from /etc/fstab.",
"storage_mount_add": "Add mount",
"storage_mount_add_description": "Appends an /etc/fstab entry and mounts it. If the mount fails the entry is rolled back.",
"storage_mount_added": "Filesystem mounted",
"storage_mount_remove": "Unmount",
"storage_mount_remove_description": "Unmounts the filesystem and removes its /etc/fstab entry. This cannot be undone.",
"storage_mount_remove_title": "Unmount {mountpoint}?",
"storage_mount_removed": "Filesystem unmounted",
"storage_mounts_description": "Active mounts from the kernel mount table.",
"storage_mounts_search_placeholder": "Search by device, mount point or type…",
"storage_no_fstab": "No fstab entries.",
"storage_no_mounts": "No mounts found.",
"system_hostname_current": "Current hostname",
"system_hostname_invalid": "Hostname is invalid",
"system_locale_generate": "Generate new locale",
"system_locale_generate_button": "Generate",
"system_locale_generate_desc": "Install a new locale on the host. On Debian/Ubuntu/Arch this uncomments the entry in /etc/locale.gen and runs locale-gen; on RHEL/Fedora it uses localedef.",
"system_locale_generate_invalid": "Use the form xx_XX.UTF-8 (e.g. fr_FR.UTF-8)",
"system_locale_generate_placeholder": "e.g. ja_JP.UTF-8",
"system_locale_keymap": "Console keymap",
"system_locale_lang": "System locale (LANG)",
"system_locale_language": "Fallback language (LANGUAGE)",
"system_locale_language_add": "Add language",
"system_locale_language_button": "Save",
"system_locale_language_desc": "Set the fallback language priority list for system messages and translations (optional).",
"system_locale_language_empty": "No fallback language set.",
"system_locale_no_keymap_found": "No keymap found.",
"system_locale_no_locale_found": "No locale found.",
"system_locale_search_keymap_placeholder": "Search keymap…",
"system_locale_search_locale_placeholder": "Search locale…",
"system_locale_x11": "X11 layout",
"system_power_confirm_description": "The machine will be unreachable while it shuts down. This cannot be undone from here.",
"system_power_confirm_poweroff_title": "Power off this machine?",
"system_power_confirm_reboot_title": "Reboot this machine?",
"system_power_poweroff": "Power off",
"system_power_reboot": "Reboot",
"system_section_configuration": "Configuration",
"system_section_identity": "Identity",
"system_section_power": "Power",
"system_time_clock": "Clock",
"system_time_current": "Current time",
"system_time_manual": "Manual time",
"system_time_manual_hint": "Set the system clock to a specific RFC3339 time. Available only when NTP is off.",
"system_time_no_timezone_found": "No timezone found.",
"system_time_ntp": "Network time (NTP)",
"system_time_ntp_hint": "Automatically synchronize the clock with NTP servers.",
"system_time_ntp_not_synced": "Not synchronized",
"system_time_ntp_synced": "Synchronized",
"system_time_search_timezone_placeholder": "Search timezone…",
"system_time_timezone": "Timezone",
"syslog_alert": "1 alert",
"syslog_crit": "2 crit",
"syslog_debug": "7 debug",
"syslog_emerg": "0 emerg",
"syslog_err": "3 err",
"syslog_info": "6 info",
"syslog_notice": "5 notice",
"syslog_warning": "4 warning",
"terms_notice": "By clicking continue, you agree to our <a class='link' href={terms}>Terms of Service</a> and <a class='link' href={privacy}>Privacy Policy</a>.",
"terminal_auth_private_key": "Private Key",
"terminal_credential_cleared": "Saved credentials cleared",
"terminal_credential_forgotten": "Forgot saved credentials for {username}",
"terminal_credential_load_failed": "Could not load saved credentials",
"terminal_credential_saved_toast": "Credentials saved for {username}",
"terminal_connect": "Connect",
"terminal_connect_desc": "Connect to this host via SSH.",
"terminal_discard": "Discard",
"terminal_download_history": "Download history",
"terminal_forget": "Forget",
"terminal_history_truncated": "Output truncated, last 2 MB shown",
"terminal_connecting": "Connecting…",
"terminal_connecting_desc": "Opening SSH session to {credential} on port {port}",
"terminal_loaded_from_saved": "Loaded saved credentials",
"terminal_password_placeholder": "Enter password",
"terminal_port": "Port",
"terminal_private_key_placeholder": "Paste your SSH private key (including headers)",
"terminal_remember_credential": "Remember credentials",
"terminal_saved_credential_for": "Saved credentials for {username}",
"terminal_section_auth": "Authentication",
"terminal_section_connection": "Connection",
"terminal_session_ended": "Session ended",
"terminal_ssh_failed": "SSH connection failed",
"terminal_use_saved": "Use saved",
"theme": "Theme",
"theme_dark": "Dark",
"theme_light": "Light",
"theme_system": "System",
"trust_device": "Trust this device for 30 days",
"two_factor_description": "Enter the 6-digit code from your authenticator app.",
"two_factor_title": "Two-factor authentication",
"use_authenticator": "Use authenticator app",
"use_backup_code": "Use a backup code",
"username": "Username",
"username_placeholder": "admin",
"users_action_set_password": "Set password",
"users_actions": "Actions",
"users_active": "Active",
"users_add": "Add User",
"users_ban": "Ban",
"users_ban_reason": "Reason (optional)",
"users_banned": "Banned",
"users_col_comment": "Comment",
"users_col_home": "Home",
"users_col_type": "Type",
"users_col_uid": "UID",
"users_create": "Create",
"users_create_description": "Add a new user to the system.",
"users_create_field_comment": "Comment (GECOS)",
"users_create_field_create_home": "Create home directory",
"users_create_field_shell": "Shell",
"users_create_field_system": "System account",
"users_create_title": "Create user",
"users_created": "User created",
"users_created_at": "Joined",
"users_delete": "Delete",
"users_delete_ban_email": "Also ban this email",
"users_delete_confirm_description": "This permanently removes the user. Optionally ban the email to prevent re-registration.",
"users_delete_confirm_title": "Delete user?",
"users_delete_description": "Runs userdel on the host. This cannot be undone.",
"users_delete_field_remove_home": "Also remove home directory and mail spool",
"users_delete_title": "Delete {username}?",
"users_deleted": "User deleted",
"users_description": "Manage application users.",
"users_details": "Details",
"users_edit": "Edit",
"users_edit_description": "Update user details.",
"users_edit_title": "Edit user",
"users_filter": "Filter",
"users_filter_24h": "Last 24h",
"users_filter_30d": "Last 30 days",
"users_filter_7d": "Last 7 days",
"users_filter_active": "Active",
"users_filter_any_time": "Any Time",
"users_filter_count": "{n} filters active",
"users_filter_date_from": "From",
"users_filter_date_range": "Date Range",
"users_filter_date_to": "To",
"users_filter_display": "Display",
"users_filter_email_verified": "Email verified only",
"users_filter_joined": "Joined",
"users_filter_online_only": "Online users only",
"users_filter_reset": "Reset All",
"users_filter_shell_only": "Login-capable shell only",
"users_filter_show_banned": "Show banned users",
"users_filter_show_system": "Show system users",
"users_filter_system_uid_hint": "(uid < 1000)",
"users_filter_title": "Filter Users",
"users_group_primary_badge": "(primary)",
"users_group_sys_badge": "sys",
"users_groups_title": "Groups",
"users_groups_updated": "Groups updated",
"users_invite": "Invite",
"users_invite_description": "Send an email invitation. The user sets their own password.",
"users_invite_title": "Invite user",
"users_invited": "Invitation sent",
"users_nav_description": "PAM/Unix accounts from /etc/passwd on this machine.",
"users_nav_title": "System users",
"users_next": "Next",
"users_no_gecos": "No GECOS comment",
"users_no_groups": "No groups.",
"users_no_results": "No users found.",
"users_page_of": "Page {page} of {total}",
"users_pam_create_description": "Adds a PAM account via useradd. Password stays locked until you set one.",
"users_pam_groups_description": "Supplementary groups. Replaces the full set via <code>usermod -G</code>. Primary group is set at user creation and not editable here.",
"users_pam_search_placeholder": "Search username, GECOS, uid…",
"users_pending": "Pending",
"users_pending_expires": "Invite expires {date}",
"users_pending_no_invite": "Email not verified",
"users_prev": "Previous",
"users_primary_gid": "Primary GID",
"users_primary_group": "Primary group",
"users_resend_invite": "Resend invite",
"users_role": "Role",
"users_role_admin": "Admin",
"users_role_user": "User",
"users_rows_per_page": "Rows per page",
"users_saved": "User saved",
"users_search_placeholder": "Search by email…",
"users_set_password_description": "Piped to chpasswd over stdin; never appears in the process list.",
"users_set_password_title": "Set password — {username}",
"users_status": "Status",
"users_title": "Users",
"users_type_system": "system",
"users_type_user": "user",
"users_unban": "Unban",
"verification_sent": "We sent a verification link to {email}. Click it to activate your account.",
"verify": "Verify",
"verify_your_email": "You need to first verify your email address",
"welcome_back": "Welcome back",
"system_nadir_username": "Authenticated User",
"system_nadir_permissions": "Resolved Permissions",
"system_nadir_modules": "Registered Modules",
"system_nadir_no_permissions": "No permissions defined",
"docs_title": "Docs",
"docs_go_to_dashboard": "Go to Dashboard",
"docs_nav_intro": "Introduction",
"docs_nav_installation": "Installation",
"docs_nav_architecture": "Architecture",
"docs_nav_security": "Security & VPN",
"docs_nav_limitations": "Limitations & License",
"docs_intro_title": "Introduction",
"docs_intro_desc": "Welcome to the Nadir documentation. Nadir is a lightweight, modular Linux system-administration suite that provides modern, self-hosted web management panels for your servers.",
"docs_intro_how_title": "How it works",
"docs_intro_how_desc": "Nadir is divided into two distinct parts: a central <strong>Web UI (Frontend)</strong> and a per-host <strong>Agent (Backend)</strong>. The frontend does not talk to your operating system directly; instead, it registers multiple agent nodes using secure API tokens and makes server-to-server HTTP queries to manage your systems.",
"docs_intro_modules_title": "Core modules",
"docs_intro_modules_desc": "Functionality is organized into isolated modules. Each module manages a slice of system configuration and defines its own role-based access control (RBAC) permission vocabulary.",
"docs_intro_mod_system_desc": "Dashboard overview (OS, kernel, CPU, memory, load, uptime, temperatures), hostname configuration, and date/time/NTP settings.",
"docs_intro_mod_services_desc": "List and inspect systemd units. Start, stop, restart, enable, or disable units, and stream journald logs live over SSE.",
"docs_intro_mod_users_desc": "Manage local PAM/Unix user accounts and group assignments. Run useradd/groupadd utilities natively.",
"docs_intro_mod_storage_desc": "Monitor storage devices, partition layouts, and active mounts. View and modify /etc/fstab configurations.",
"docs_intro_mod_networking_desc": "Manage network interfaces, routing tables, and DNS settings. Supports temporary configuration and safety auto-rollback.",
"docs_intro_mod_audit_desc": "Read-only, tamper-evident SQLite-backed audit log capturing who executed what, when, and the result.",
"docs_intro_mod_audit_title": "Audit Trail",
"docs_intro_ready_title": "Ready to deploy?",
"docs_intro_ready_desc": "Proceed to the installation guide to spin up the Web UI and deploy the backend agent.",
"docs_intro_ready_cta": "Get started",
"docs_install_title": "Installation",
"docs_install_desc": "Deploy Nadir in under two minutes. Run the central Web UI as a stateless Docker container and bootstrap agent nodes on target Linux hosts.",
"docs_install_webui_title": "1. Deploy the Web UI",
"docs_install_webui_desc": "The central dashboard operates as a stateless web server that registers and coordinates multiple node instances. Use Docker to spin it up in seconds:",
"docs_install_webui_run": "Once the container is running, navigate to <code>http://localhost:3000</code> to register your administrator account.",
"docs_install_agent_title": "2. Bootstrap agent nodes",
"docs_install_agent_desc": "Install the <code>nadir-agent</code> backend daemon on any Linux machine you want to manage. Run the bootstrap script on the host:",
"docs_install_disclaimer_title": "Disclaimer: Inspect Before Execution",
"docs_install_disclaimer_desc": "Piping untrusted scripts directly from the internet into a root shell is extremely dangerous. You should <strong>always inspect and read the source code</strong> of any script before running it. Review the installer code served by this instance at <a href=\"https://{nadirHost}/install.sh\" target=\"_blank\" class=\"underline text-primary hover:text-primary/80 font-medium\">/install.sh</a> or download it to read first: <code class=\"bg-muted px-1.5 py-0.5 rounded text-foreground font-mono text-[10px]\">curl -fsSL https://{nadirHost}/install.sh</code>.",
"docs_install_privilege_title": "Security & Privileges",
"docs_install_privilege_desc": "The bootstrap script must run as root (via <code>sudo sh</code>). The agent requires root privileges because it executes PAM authorization, checks systemd state, mounts filesystems, and interacts with <code>/etc/shadow</code> and <code>/etc/hosts</code> directly.",
"docs_install_tasks_intro": "The installer script performs the following tasks automatically:",
"docs_install_task_1": "Detects the system processor architecture (<code>amd64</code> or <code>arm64</code>).",
"docs_install_task_2": "Queries the configured Gitea repository API for the latest tagged binary release.",
"docs_install_task_3": "Downloads the release asset and verifies its SHA-256 signature against the published checksum file.",
"docs_install_task_4": "Installs the <code>nadir</code> executable to <code>/usr/local/bin/nadir</code>.",
"docs_install_task_5": "Provisions the dedicated PAM service <code>/etc/pam.d/nadir</code> to enable password validation.",
"docs_install_task_6": "Generates persistent self-signed TLS certificates under <code>/var/lib/nadir/tls</code> (if TLS is enabled).",
"docs_install_task_7": "Creates and starts a systemd service unit (<code>nadir.service</code>) that starts on boot.",
"docs_install_link_title": "3. Link nodes to dashboard",
"docs_install_link_desc": "When the installer finishes, it generates a bearer token (starting with <code>nad_</code>) for dashboard authentication. Copy this token, log into the Web UI, click <strong>Add Server</strong>, enter the IP address and port, paste the token, and save.",
"docs_install_link_manual": "To manually add additional authentication tokens on a host, run:",
"docs_arch_title": "Architecture",
"docs_arch_desc": "Nadir is engineered for high performance, isolation, and security. Learn about the technical implementation details that drive the Web UI and the Agent.",
"docs_arch_bounds_title": "Technical boundaries",
"docs_arch_bounds_desc": "The central Web UI and the individual agent instances interact over standard HTTPS connections using token-based authentication.",
"docs_arch_card_webui_title": "Nadir Web UI (Frontend)",
"docs_arch_card_webui_desc": "SvelteKit 2 + Svelte 5 console application",
"docs_arch_card_webui_item1": "SQLite Database for machine lists and profiles",
"docs_arch_card_webui_item2": "Better Auth session and security layers",
"docs_arch_card_webui_item3": "Stateless deployment in Docker",
"docs_arch_card_flow_title": "HTTPS / API Call",
"docs_arch_card_flow_desc": "Bearer token auth",
"docs_arch_card_agent_title": "Nadir Agent (Backend)",
"docs_arch_card_agent_desc": "Lightweight daemon compiled in Go",
"docs_arch_card_agent_item1": "Runs as root with PAM authentication + RBAC",
"docs_arch_card_agent_item2": "Direct communication with systemd & packages",
"docs_arch_card_agent_item3": "SQLite-backed local audit trail",
"docs_arch_daemon_title": "Self-contained Go agent",
"docs_arch_daemon_desc": "The agent daemon runs on each host machine as a systemd service. It is designed to be fully self-contained and does not require external databases, runtimes, or interpreters.",
"docs_arch_daemon_desc2": "Instead of implementing custom system logic, the Go daemon acts as an API proxy over the host's native utilities:",
"docs_arch_daemon_item1": "<strong>Systemd</strong> controls service operations via direct interactions with systemd units.",
"docs_arch_daemon_item2": "<strong>PAM (Pluggable Authentication Modules)</strong> handles credentials and account validations.",
"docs_arch_daemon_item3": "<strong>OS Utilities</strong> like <code>useradd</code>, <code>userdel</code>, <code>groupadd</code>, <code>groupdel</code>, <code>hostnamectl</code>, and filesystem tools perform account, host, and storage changes.",
"docs_arch_daemon_item4": "<strong>Package Managers</strong> (APT on Debian/Ubuntu, DNF on RHEL/Fedora, Pacman on Arch) perform software package updates and upgrades, streaming outputs live using Server-Sent Events (SSE).",
"docs_arch_pam_title": "Dedicated PAM integration",
"docs_arch_pam_desc": "To authenticate human logins, the agent delegates password checks to PAM (<code>pam_unix</code>). Instead of using default system login services, the agent installs a dedicated, minimal PAM service file at <code>/etc/pam.d/nadir</code>:",
"docs_arch_pam_desc2": "This specific setup prevents performance issues common with stock login services. For instance, on laptops, the default <code>system-auth</code> pulls in <code>pam_fprintd.so</code> which blocks password verification for up to 30 seconds while waiting for fingerprint swipes. A dedicated PAM service keeps login validation times down to milliseconds.",
"docs_arch_minisign_title": "Secure auto-updates via Minisign",
"docs_arch_minisign_desc": "To ensure agent updates are secure, the updater implements strict cryptographic signature verification:",
"docs_arch_minisign_item1": "The agent queries the configured Gitea release API to fetch the latest tagged release.",
"docs_arch_minisign_item2": "It downloads both the checksum list file (<code>sha256sums.txt</code>) and its signature file (<code>sha256sums.txt.minisig</code>).",
"docs_arch_minisign_item3": "It verifies the signature file against the hardcoded Minisign public key (<code>minisign.pub</code>) compiled into the binary. This trust anchor cannot be changed without rebuilding the binary.",
"docs_arch_minisign_item4": "If the signature checks out, the agent downloads the new binary, verifies its SHA-256 hash against the verified checksum file, atomically replaces the running binary at <code>/usr/local/bin/nadir</code>, and restarts the systemd unit.",
"docs_security_title": "Security & VPN",
"docs_security_desc": "Because Nadir executes system commands as root, maintaining strict network boundaries is the most critical element of a secure deployment.",
"docs_security_warning_title": "Warning: Root Access Risks",
"docs_security_warning_desc": "An instance of <code>nadir-agent</code> running on a host holds root privileges. Exposing the agent port directly to the public internet is extremely dangerous and strongly discouraged. By default, the agent binds to localhost to ensure it remains local-only.",
"docs_security_deploy_title": "Suggested deployments",
"docs_security_deploy_desc": "Choose one of these recommended deployment strategies to isolate your system administration ports:",
"docs_security_deploy_coloc_title": "A. Co-Location (Loopback)",
"docs_security_deploy_coloc_desc": "Install both the <strong>Nadir Web UI</strong> and the <strong>nadir-agent</strong> on the exact same virtual machine or server. Configure the agent to bind to <code>127.0.0.1:9999</code> and let the Web UI container access the local agent directly. This keeps the agent API completely unexposed to any external network interface.",
"docs_security_deploy_vpn_title": "B. Private Overlay VPN (Recommended)",
"docs_security_deploy_vpn_desc": "For managing multiple servers, configure an overlay VPN (such as <strong>Tailscale</strong>, <strong>Netbird</strong>, or <strong>WireGuard</strong>). Bind the <code>nadir-agent</code> instance only to the host's private overlay IP (e.g. <code>100.64.x.x</code>). This guarantees that only authenticated VPN peers can see the administration port.",
"docs_security_acl_title": "Access control list (ACL) rules",
"docs_security_acl_desc": "If you deploy over a private overlay network, restrict access so that only the central Web UI server is permitted to talk to the agent ports (tcp/9999):",
"docs_security_acl_tailscale": "<strong>Tailscale:</strong> Add an ACL rule restricting target ports to the proxy tag:",
"docs_security_acl_netbird": "<strong>Netbird:</strong> Setup an Access Control Policy permitting group <code>nadir-ui</code> to group <code>nadir-agent</code> on port <code>9999</code>, denying other peers.",
"docs_security_acl_iptables": "<strong>Standard iptables:</strong> Reject all connections on the WireGuard interface except from the proxy peer:",
"docs_security_tls_title": "TLS connection modes",
"docs_security_tls_desc": "API keys, tokens, and session cookies must always travel over encrypted HTTPS connections. Secure the connection using one of three modes:",
"docs_security_tls_proxy_desc": "Behind a reverse proxy (<code>trust_proxy: true</code>): A proxy like Traefik terminates TLS at the edge and forwards plaintext HTTP to the agent over a secure local network. In this setup, make sure the proxy overrides client-supplied <code>X-Forwarded-*</code> headers, and set <code>secure_tls: true</code> to ensure the session cookie keeps its Secure attribute.",
"docs_security_tls_direct_desc": "Direct TLS termination (<code>tls_cert</code> + <code>tls_key</code>): Specify paths to a valid PEM certificate and key file in <code>config.yaml</code> to have the agent server terminate TLS directly.",
"docs_security_tls_self_desc": "Self-signed certificate fallback (development only): If no proxy or certificates are configured, the agent generates an in-memory self-signed certificate valid for <code>localhost</code> for one year. This triggers browser security warnings and should never be used in production.",
"docs_limits_title": "Limitations & License",
"docs_limits_desc": "Review the current architectural limits of the agent and the open-source licensing terms of the Nadir project.",
"docs_limits_sys_title": "System limitations",
"docs_limits_sys_desc": "Because Nadir works directly with core operating system abstractions rather than virtualization layers, it is bound by the following environmental requirements:",
"docs_limits_sys_item1": "<strong>Linux Only:</strong> The agent relies heavily on standard Linux utilities (<code>useradd</code>, <code>groupadd</code>, <code>shutdown</code>), kernel namespaces, and file systems under <code>/sys</code>, <code>/proc</code>, and <code>/etc</code>. It cannot run on macOS, Windows, or BSD distributions.",
"docs_limits_sys_item2": "<strong>Systemd Dependency:</strong> The service management, boot status, and journal logging modules interact directly with <code>systemd</code> and <code>journald</code>. Runtimes using other init systems (like sysvinit, OpenRC, or Runit) are not supported.",
"docs_limits_sys_item3": "<strong>Root Privileges Required:</strong> The agent must execute as <code>root</code>. The PAM authenticator needs read access to <code>/etc/shadow</code>, and managing hardware settings (hostname, network interfaces, disk mounts) is locked behind root level syscalls by the kernel.",
"docs_limits_sys_item4": "<strong>Co-hosting CORS constraints:</strong> Running the Web UI cross-origin relative to target agents triggers browser CORS preflight checks. If you host the frontend on a different origin, you must utilize server-to-server dashboard API queries (default behavior of SvelteKit server load functions) or configure a reverse proxy to terminate both under a shared domain.",
"docs_limits_license_title": "Licensing",
"docs_limits_license_desc": "Nadir is free, open-source software published under the terms of the MIT License.",
"docs_limits_license_mit_title": "MIT License",
"docs_limits_license_mit_copyright": "Copyright (c) 2026 Urania",
"docs_limits_license_mit_body1": "Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:",
"docs_limits_license_mit_body2": "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.",
"docs_limits_license_mit_body3": "THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
"docs_limits_credits_title": "Credits & assets",
"docs_limits_credits_desc": "Nadir's branding assets and icons are based on open-source packages:",
"docs_limits_credits_item1": "<strong>Favicon:</strong> Recolored version of the <a class=\"text-primary hover:underline\" href=\"https://lucide.dev/icons/orbit\" target=\"_blank\" rel=\"noreferrer\">Orbit icon</a> from the Lucide project.",
"docs_limits_credits_item2": "<strong>Icons:</strong> Visual markers across pages are provided by the <a class=\"text-primary hover:underline\" href=\"https://lucide.dev\" target=\"_blank\" rel=\"noreferrer\">Lucide icons library</a>, licensed under the ISC License."
}
Reference in New Issue View Git Blame Copy Permalink