public/infmap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
121 commits 1 branch 0 tags 522 KiB
  • Go 53.6%
  • HTML 30.8%
  • Shell 15.3%
  • Dockerfile 0.3%
Find a file
Exact
j dc1c391641
All checks were successful
Build-Publish / build-agent (amd64, linux) (push) Successful in 12s
Details
Build-Publish / build-agent (arm, 7, linux) (push) Successful in 15s
Details
Build-Publish / build-agent (arm64, linux) (push) Successful in -32s
Details
Build-Publish / build-agent (mips, linux) (push) Successful in 11s
Details
Build-Publish / build-agent (mipsle, linux) (push) Successful in 15s
Details
Build-Publish / publish-install-script (push) Successful in 6s
Details
Build-Publish / build-server-image (linux/arm64) (push) Successful in 41s
Details
Build-Publish / build-server-image (linux/amd64) (push) Successful in -24s
Details
Build-Publish / create-manifest (push) Successful in 7s
Details
Add env/config to systemd unit and prefer logfile over journalctl
2026-05-12 13:10:02 +12:00
.gitea/workflows Fix Go build by ensuring HOME and Go env vars are set in CI workflow 2026-05-09 15:33:55 +12:00
agent Add PCI device ID lookup table for GPU names and deduplicate GPUs across containers 2026-05-09 12:51:45 +12:00
cmd Change stale host purge threshold to 30 minutes 2026-04-15 08:54:23 +12:00
dropshell Add env/config to systemd unit and prefer logfile over journalctl 2026-05-12 13:10:02 +12:00
server Move dashboard rendering from server-side Go templates to client-side JS with pan/zoom canvas 2026-05-02 20:10:56 +12:00
shared Add GPU UUID matching for containers and non-disruptive auto-refresh 2026-04-28 08:07:12 +12:00
web Add PCI device ID lookup table for GPU names and deduplicate GPUs across containers 2026-05-09 12:51:45 +12:00
.gitignore Fix CI build: downgrade to Go 1.24, add missing files, INFMAP_TOKEN env var 2026-04-14 21:40:04 +12:00
Dockerfile Fix CI build: downgrade to Go 1.24, add missing files, INFMAP_TOKEN env var 2026-04-14 21:40:04 +12:00
dropshell-templates.list Rewrite infmap from Python/SSH to Go agent+server architecture 2026-04-14 21:04:56 +12:00
go.mod Fix CI build: downgrade to Go 1.24, add missing files, INFMAP_TOKEN env var 2026-04-14 21:40:04 +12:00
go.sum Fix CI build: downgrade to Go 1.24, add missing files, INFMAP_TOKEN env var 2026-04-14 21:40:04 +12:00
install.sh Allow agent install without root — gather what's accessible 2026-04-14 22:28:06 +12:00
README.md Add Authentik forward auth support via nginx reverse proxy 2026-04-25 21:37:20 +12:00

README.md

infmap - Infrastructure Map

A Dropshell template that provides a web dashboard showing the status of your servers. It SSHes into configured servers periodically to collect system information and displays it in an attractive dark-themed web UI.

What It Collects

  • System: hostname, OS, kernel, architecture, uptime
  • Hardware: motherboard make/model/version, BIOS version/date
  • CPU: model, cores, sockets, threads, live usage %
  • Memory: total, used, available, live usage %
  • Storage: physical disks, mounted filesystems with usage %
  • GPUs: all detected graphics/3D/display adapters
  • Network: all interfaces with IPv4/IPv6, MAC, state, speed, driver
  • Routing: default gateway and interface
  • DNS: configured nameservers
  • Temperatures: CPU/chipset temps via lm-sensors or thermal zones
  • Tailscale: IP and hostname (if installed)

All information is gathered without root access using /sys/class/dmi/id/, lscpu, /proc/meminfo, lspci, ip addr, sensors, etc.

Architecture

Single Docker container running a Python Flask app:

  • Collector thread: SSHes into servers on a schedule, runs a gather script, stores results in SQLite
  • Web server: Serves the dashboard on a configurable HTTP port

Data is persisted in a Docker volume (${CONTAINER_NAME}_data).

Setup

1. Create the service

dropshell create-service <server> infmap <service-name>

2. Configure

Edit service.env:

Variable Default Description
CONTAINER_NAME infmap Docker container/project name
SSH_USER root Dropshell SSH user for this service
WEB_PORT 8080 HTTP port for the web dashboard
SSH_KEY_PATH /root/.ssh/id_ed25519 Host path to SSH private key for connecting to monitored servers
COLLECTION_INTERVAL 300 Seconds between collection runs
MAX_CONCURRENT_SSH 5 Max simultaneous SSH connections

Edit infrastructure.conf to define your servers:

Production
  prod-web-01 https://web01.example.com
  prod-db-01
  prod-app-01 https://app01.example.com:8080

Development
  dev-01
  dev-02
  admin@legacy-server
  • Group names are freeform labels (no indentation)
  • Servers are indented with HOSTNAME, USERNAME@HOSTNAME, or either followed by a URL
  • Username defaults to infmap if not specified
  • An optional URL after the host adds a clickable link on the dashboard
  • Lines starting with # are comments

3. Setup remote servers

Run the setup script on each server you want to monitor. It creates a locked-down infmap user, installs your public key with SSH restrictions, and installs dependencies (lm-sensors, pciutils, etc.):

curl -fsSL https://getbin.xyz/infmap-setup | bash

To use a custom public key URL instead of the default (https://getbin.xyz/infmap-pub):

curl -fsSL https://getbin.xyz/infmap-setup | bash -s https://example.com/my-key.pub

The script:

  • Creates an infmap user with no password (locked)
  • Installs the SSH key restricted to bash -s only (no shell, no forwarding)
  • Disables password auth for the user via sshd Match block
  • Installs lm-sensors, pciutils, iproute2 for full data collection
  • Supports Debian/Ubuntu, Alpine, and OpenWrt

4. Install

dropshell install <server> <service-name>

The dashboard will be available at http://<server>:<WEB_PORT>.

Authentication (Authentik)

The infmap dashboard can be protected with Authentik forward auth. When enabled, nginx sits in front of infmap and requires users to authenticate through Authentik before accessing the dashboard. The agent report endpoint (/api/v1/report) bypasses authentication so agents can continue pushing data with their bearer tokens.

Step 1: Set AUTHENTIK_URL in service.env

Add your Authentik server URL to the infmap service configuration:

AUTHENTIK_URL="https://auth.example.com"

Step 2: Create a Proxy Provider in Authentik

  1. Log into your Authentik admin panel (e.g. https://auth.example.com/if/admin/)
  2. Go to Applications > Providers
  3. Click Create and select Proxy Provider
  4. Configure:
    • Name: infmap
    • Authorization flow: default-provider-authorization-implicit-consent (or choose one requiring explicit consent)
    • Mode: Forward auth (single application)
    • External host: https://infmap.example.com (the URL users visit)
  5. Click Finish

Step 3: Create an Application in Authentik

  1. Go to Applications > Applications
  2. Click Create
  3. Configure:
    • Name: infmap
    • Slug: infmap
    • Provider: select the infmap proxy provider from Step 2
  4. Click Create

Step 4: Configure the Embedded Outpost

  1. Go to Applications > Outposts
  2. Edit the authentik Embedded Outpost
  3. In the Applications field, add infmap to the selected applications
  4. Click Update

Step 5: Redeploy infmap

dropshell install <server> <service-name>

After redeployment, visiting the infmap dashboard will redirect to your Authentik login page. The authenticated username is displayed on the dashboard.

Web Dashboard

  • Servers displayed in cards grouped by group name, sorted by primary IP
  • Each card shows hostname, IP, OS, and color-coded usage bars for CPU, RAM, and disk
    • Green: < 60%
    • Yellow: 60-75%
    • Orange: 75-90%
    • Red: > 90%
  • Click a card to expand full hardware and network details
  • Page auto-refreshes every 60 seconds

API

  • GET / - Web dashboard
  • GET /api/servers - JSON array of all servers with full details