Observatory is a simple, modular way to view vital information about your machines. It's not just a dashboard but rather a window into what's going on. The netstat mdule allows you to keep an eye out for bad actors, and the S.M.A.R.T module can alert you to failing disks. All of this is FOSS under a GNU GPL license for you and others to improve.
The backend is a simple express webserver with microservices for each endpoint so that you can add what you need and remove what you don't. The backend runs commands like netstat and smartctl to get information, so that you don't have to.
The frontend is written in vanilla JavaScript and utilizes the TailwindCSS framework for a responsive, mobile-friendly layout that's easy on the eyes.
config.js in the backend folder should look familiar to anyone who's used JS or JSON. You can configure the port, Pi-Hole URL, search engine query URL, and the module blacklist, which is an array of module names to be disabled.
// /path/to/config.js
module.exports = {
port: 8080,
// piholeUrl: "http://10.0.0.1" // URL to the Pi-Hole web interface which is used for API access
piholeUrl: "http://localhost",
searchUrl: "https://duckduckgo.com/?q=",
moduleBlacklist: [ // Add names of modules to the array to blacklist them
"search"
]
};Observatory has a few dependencies due to utilizing CLI utilities that are run on the host through the use of chroot. Depending on your distribution, you may have to install net-tools and procps on debian or their Fedora/Arch/Gentoo/etc. equivalents.
Use the Docker compose file below, and the webserver will be accessible on port 8080. The express backend and static frontend are also separate, so modifying the code to keep the two on different containers or machines would be simple. The frontend will have an option to choose from different backends soon.
Modules can be enabled or disabled on the user end using this modal, and preferences are stored in LocalStorage. Choose to show/hide what you need/don't need respectively.
Here's the compose file and rationalization:
# docker-compose.yml
version: '3'
services:
observatory:
image: ghcr.io/teknowafel/observatory:latest
privileged: true # Needs access for various diagnostic commands
network_mode: host # Needs access to the host network for netstat
volumes:
- /path/to/config.js:/backend/config.js
- /:/host:ro # Mount the host filesystem in read-only mode for chroot
- /var/run/docker.sock:/var/run/docker.sock:ro # We need the docker socket in read-only to check running containersIn case you're worried about someone seeing your server's CPU usage, reverse proxies like NGINX support authentication before redirecting the user to the site. I'm not going into detail here, but it should be pretty straightforward.