ryan
168b3558f7
- Add comprehensive command configuration to systant.toml with user-defined commands
- Create Systant.CommandExecutor module with strict security validation:
* Whitelist-only command execution (no arbitrary shell commands)
* Parameter validation against allowed lists
* Command timeouts and confirmation requirements
* Full audit logging and response tracking
- Implement Systant.MqttHandler for processing command messages:
* JSON command parsing and validation
* Response publishing to systant/{hostname}/responses topic
* Built-in "list" command to show available commands
* Error handling with detailed response messages
- Update MqttClient to use custom handler instead of Logger
- Security features:
* Only predefined commands from TOML config
* Parameter substitution with validation ($SERVICE, $PATH, etc.)
* Execution timeouts and comprehensive logging
* Structured response format with request tracking
Example commands configured: restart services, system info, disk usage, process status, network tests.
Users can customize commands in their systant.toml file.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
149 lines
4.0 KiB
TOML
149 lines
4.0 KiB
TOML
# Systant Configuration File
|
|
# This file controls which metrics are collected and how they're reported
|
|
|
|
[general]
|
|
# Enable/disable entire metric categories
|
|
enabled_modules = ["cpu", "memory", "disk", "gpu", "network", "temperature", "processes", "system"]
|
|
|
|
# Collection intervals (in milliseconds)
|
|
collection_interval = 30000 # 30 seconds
|
|
startup_delay = 5000 # 5 seconds
|
|
|
|
[cpu]
|
|
# CPU metrics are always lightweight, no specific options needed
|
|
enabled = true
|
|
|
|
[memory]
|
|
enabled = true
|
|
# Show detailed breakdown (buffers, cached, etc.)
|
|
show_detailed = true
|
|
|
|
[disk]
|
|
enabled = true
|
|
# Specific mount points to monitor (empty = all)
|
|
include_mounts = []
|
|
# Mount points to exclude
|
|
exclude_mounts = ["/snap", "/boot", "/dev", "/sys", "/proc", "/run", "/tmp"]
|
|
# Filesystem types to exclude
|
|
exclude_types = ["tmpfs", "devtmpfs", "squashfs", "overlay"]
|
|
# Only show disks above this usage percentage
|
|
min_usage_percent = 1
|
|
|
|
[gpu]
|
|
enabled = true
|
|
# Enable NVIDIA GPU monitoring (requires nvidia-smi)
|
|
nvidia_enabled = true
|
|
# Enable AMD GPU monitoring (requires rocm-smi or sysfs)
|
|
amd_enabled = true
|
|
# Maximum number of GPUs to report
|
|
max_gpus = 8
|
|
|
|
[network]
|
|
enabled = true
|
|
# Specific interfaces to monitor (empty = all)
|
|
include_interfaces = []
|
|
# Interfaces to exclude (common virtual/loopback interfaces)
|
|
exclude_interfaces = ["lo", "docker0", "br-", "veth", "virbr"]
|
|
# Only show interfaces with traffic above this threshold (bytes)
|
|
min_bytes_threshold = 1024
|
|
|
|
[temperature]
|
|
enabled = true
|
|
# Enable CPU temperature monitoring
|
|
cpu_temp_enabled = true
|
|
# Enable lm-sensors integration (requires 'sensors' command)
|
|
sensors_enabled = true
|
|
# Temperature units: "celsius" or "fahrenheit"
|
|
temp_unit = "celsius"
|
|
|
|
[processes]
|
|
enabled = true
|
|
# Number of top processes to report
|
|
max_processes = 10
|
|
# Sort by: "cpu" or "memory"
|
|
sort_by = "cpu"
|
|
# Minimum CPU percentage to include process
|
|
min_cpu_percent = 0.1
|
|
# Minimum memory percentage to include process
|
|
min_memory_percent = 0.1
|
|
# Truncate command names to this length
|
|
max_command_length = 50
|
|
|
|
[system]
|
|
enabled = true
|
|
# Additional system info to collect
|
|
include_uptime = true
|
|
include_load_average = true
|
|
include_kernel_version = true
|
|
include_os_info = true
|
|
|
|
# MQTT Configuration (can be overridden by environment variables)
|
|
[mqtt]
|
|
host = "mqtt.home"
|
|
port = 1883
|
|
client_id_prefix = "systant"
|
|
username = ""
|
|
password = ""
|
|
# Topics are auto-generated as: systant/{hostname}/stats and systant/{hostname}/commands
|
|
# QoS level (0, 1, or 2)
|
|
qos = 0
|
|
|
|
[logging]
|
|
# Log level: "debug", "info", "warning", "error"
|
|
level = "info"
|
|
# Log configuration loading and metric collection details
|
|
log_config_changes = true
|
|
log_metric_collection = false
|
|
|
|
# Command Execution Configuration
|
|
[commands]
|
|
enabled = true
|
|
# Security: only allow predefined commands, no arbitrary shell execution
|
|
max_execution_time = 30 # seconds
|
|
log_all_commands = true
|
|
|
|
# Define your custom commands here - these are examples, customize for your system
|
|
[[commands.available]]
|
|
name = "restart_service"
|
|
description = "Restart a system service"
|
|
trigger = "restart"
|
|
command = ["systemctl", "restart", "$SERVICE"]
|
|
allowed_params = ["nginx", "postgresql", "redis", "docker", "ssh"]
|
|
timeout = 30
|
|
requires_confirmation = true
|
|
|
|
[[commands.available]]
|
|
name = "system_info"
|
|
description = "Get system information"
|
|
trigger = "info"
|
|
command = ["uname", "-a"]
|
|
allowed_params = []
|
|
timeout = 10
|
|
requires_confirmation = false
|
|
|
|
[[commands.available]]
|
|
name = "disk_usage"
|
|
description = "Check disk usage for specific paths"
|
|
trigger = "df"
|
|
command = ["df", "-h", "$PATH"]
|
|
allowed_params = ["/", "/home", "/var", "/tmp"]
|
|
timeout = 5
|
|
requires_confirmation = false
|
|
|
|
[[commands.available]]
|
|
name = "process_status"
|
|
description = "Check if a process is running"
|
|
trigger = "ps"
|
|
command = ["pgrep", "-f", "$PROCESS"]
|
|
allowed_params = ["nginx", "postgres", "redis", "docker", "systemd"]
|
|
timeout = 5
|
|
requires_confirmation = false
|
|
|
|
[[commands.available]]
|
|
name = "network_test"
|
|
description = "Test network connectivity"
|
|
trigger = "ping"
|
|
command = ["ping", "-c", "3", "$HOST"]
|
|
allowed_params = ["google.com", "1.1.1.1", "localhost"]
|
|
timeout = 15
|
|
requires_confirmation = false |