sync doc with wiki

HouzuoGuo · HouzuoGuo · commit f251d7de79ad · 2024-09-09T09:42:57.000+01:00
diff --git a/README.md b/README.md
@@ -46,7 +46,7 @@ software, please file an [issue](https://github.com/HouzuoGuo/laitos/issues).
 
 I'd love to hear from your feedback, feel free to
 [Email me](mailto:guohouzuo@gmail.com), get in touch on
-[Twitter](https://twitter.com/hzguo), and visit my home page
+[X (Twitter)](https://x.com/hzguo), and visit my home page
 [hz.gl](https://hz.gl).
 
 This is not an officially supported Google product.
diff --git a/doc/Home.md b/doc/Home.md
@@ -46,7 +46,7 @@ software, please file an [issue](https://github.com/HouzuoGuo/laitos/issues).
 
 I'd love to hear from your feedback, feel free to
 [Email me](mailto:guohouzuo@gmail.com), get in touch on
-[Twitter](https://twitter.com/hzguo), and visit my home page
+[X (Twitter)](https://x.com/hzguo), and visit my home page
 [hz.gl](https://hz.gl).
 
 This is not an officially supported Google product.
diff --git a/doc/[Daemon]-DNS-server.md b/doc/[Daemon]-DNS-server.md
@@ -5,6 +5,7 @@ The DNS server daemon simultaneously serves as:
 - An authoritative DNS server for configured domain names (`MyDomainNames`),
   responding to SOA, NS, MX, and address queries. MX and address responses point
   to the server's own public IP.
+- An authoritative DNS server for predefined custom records on any domain name.
 - A stub resolver that blocks advertising and malicious domains for home
   networks (`AllowQueryFromCidrs`).
 - Handle TXT queries as the [carrier of app command invocation](<https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-DNS-server-(invoke-app-commands)>).
@@ -42,9 +43,9 @@ JSON config file:
     <td>MyDomainNames</td>
     <td>array of strings</td>
     <td>
-        The laitos DNS server's own domain names.
+        Define the DNS server's own domain names.
         <br />
-        The DNS server gives authoritative responses to SOA, NS, MX, A queries of these domain names.
+        The DNS server will automatically respond to SOA, NS, MX, and address queries for these domains with its own server IP.
         <br />
         This is also used by <a href="https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-DNS-server-(invoke-app-commands)">DNS server (invoke app commands)</a>
         and <a href="https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-DNS-server-(TCP-over-DNS)">DNS server (TCP over DNS)</a>
@@ -122,13 +123,106 @@ Here is a minimal JSON config file example:
 }
 </pre>
 
+### Define custom DNS records
+
+In addition to blocking ads, the DNS server also responds to predefined custom
+records, which is useful for hosting a personal website.
+
+The custom records may be defined on any domain name regardless of the `MyDomainNames` value.
+
+Under `DNSDaemon`, add a new JSON object `CustomRecords`. Populate the keys with
+record names (FQDN e.g. `myhost.example.com`), and define the records for each key:
+
+<table>
+<tr>
+    <th>Property</th>
+    <th>Type</th>
+    <th>Meaning</th>
+    <th>Default value</th>
+</tr>
+<tr>
+    <td>A</td>
+    <td>JSON object {"Addresses": ["1.1.1.1", "2.2.2.2", ...]} or {"CanonicalName": "foo.example.com"}</td>
+    <td>Respond to the query with the IPv4 addresses or the canonical name.</td>
+    <td>Empty</td>
+</tr>
+<tr>
+    <td>AAAA</td>
+    <td>JSON object {"Addresses": ["1.1.1.1", "2.2.2.2", ...]} or {"CanonicalName": "foo.example.com"}</td>
+    <td>Respond to the query with the IPv6 addresses or the canonical name.</td>
+    <td>Empty</td>
+</tr>
+<tr>
+    <td>TXT</td>
+    <td>JSON object {"Entries": ["text1", "text2", ...]}</td>
+    <td>
+        Respond to the query with the text entries.
+        Do not put extra double quotes in each text, the DNS server will add the
+        double quotes automatically when needed.
+    </td>
+    <td>Empty</td>
+</tr>
+<tr>
+    <td>MX</td>
+    <td>Array of objects [{"Host": "mx1.example.com", "Pref": 1}, {"Host": "mx2.example.com", "Pref": 2}, ...]</td>
+    <td> Respond to the query with the mail exchange records.</td>
+    <td>Empty</td>
+</tr>
+<tr>
+    <td>NS</td>
+    <td>JSON object {"Names": ["ns1.example.com", "ns2.example.com", ...]}</td>
+    <td> Respond to the query with the name server records.</td>
+    <td>Empty</td>
+</tr>
+</table>
+
+Here is a minimal example:
+
+<pre>
+{
+    ...
+
+    "DNSDaemon": {
+        "AllowQueryFromCidrs": ["35.196.0.0/16", "37.228.0.0/16"],
+        "CustomRecords": {
+            "altn.example.com": {
+                "A": {
+                    "Addresses": ["1.1.1.1", "2.2.2.2"]
+                },
+                "TXT": {
+                    "Entries": [
+                        "v=spf1 mx a mx:mx1.altn.example.com mx:mx2.altn.example.com ?all",
+                        "google-site-verification=xxxx_yyyy",
+                    ]
+                },
+                "MX":[
+                    {"Host":"mx1.altn.example.com", "Pref": 1},
+                    {"Host":"mx2.altn.example.com", "Pref": 2}
+                ],
+                "NS": {
+                    "Names": ["ns1.altn.example.com", "ns2.altn.example.com"]
+                }
+            },
+            "mx1.altn.example.com": {
+                "A": {"CanonicalName": "mx2.altn.example.com"}
+            },
+            "mx2.altn.example.com": {
+                "AAAA": ["2900:4b11:d822:4f33:6844:fe55:cb66:6777"]
+            }
+        }
+    },
+
+    ...
+}
+</pre>
+
 ### Configuration tips
 
 Instead of manually figure out your home public IP and placing it into `AllowQueryFromCidrs`,
 run [phone-home telemetry daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-phone-home-telemetry)
 on a computer inside that network (e.g. on a laptop or desktop) and configure
 the daemon to send reports to this laitos server. All telemetry subjects
-are automatically allowed to use the DNS server without restrictions.
+are automatically allowed to query the DNS server.
 
 ## Run
 
diff --git a/doc/[Daemon]-system-maintenance.md b/doc/[Daemon]-system-maintenance.md
@@ -23,6 +23,7 @@ System maintenance tasks comprise:
   journal.
 - Synchronise system clock.
 - On Windows, verify and maintain system files integrity with `DISM` and `SFC`.
+- Discard older systemd journal content to conserve disk space.
 - Set Linux system time zone (additional configuration required).
 
 (Miscellaneous)
@@ -158,7 +159,57 @@ laitos works with the following system package managers for installing and updat
     <td>(Not used)</td>
     <td>Universal</td>
 </tr>
+<tr>
+    <td>RegisterPrometheusMetrics</td>
+    <td>true/false</td>
+    <td>
+        Record the process statistics (e.g. CPU time & context switches) in promehteus metrics.
+        <br />
+        The metrics are served by <a href="https://github.com/HouzuoGuo/laitos/wiki/%5BWeb-service%5D-prometheus-metrics-exporter">prometheus metrics exporter web handler</a>.
+    </td>
+    <td>(Not enabled)</td>
+    <td>Linux</td>
+</tr>
+<tr>
+    <td>RegsiterProcessActivityMetrics</td>
+    <td>true/false</td>
+    <td>
+        Record the laitos process file and network activities in prometheus metrics.
+        This requires "bpftrace" and requires an additional 100 MB of system memory.
+        <br />
+        The metrics are served by <a href="https://github.com/HouzuoGuo/laitos/wiki/%5BWeb-service%5D-prometheus-metrics-exporter">prometheus metrics exporter web handler</a>.
+    </td>
+    <td>(Not enabled)</td>
+    <td>Linux</td>
+</tr>
+<tr>
+    <td>RegsiterSystemActivityMetrics</td>
+    <td>true/false</td>
+    <td>
+        Record the system-wide file and network activities in prometheus metrics.
+        This requires "bpftrace" and requires an additional 500 - 1000 MB of system memory.
+        <br />
+        The metrics are served by <a href="https://github.com/HouzuoGuo/laitos/wiki/%5BWeb-service%5D-prometheus-metrics-exporter">prometheus metrics exporter web handler</a>.
+    </td>
+    <td>(Not enabled)</td>
+    <td>Linux</td>
+</tr>
+<tr>
+    <td>PrometheusScrapeIntervalSec</td>
+    <td>integer</td>
+    <td>The scrape interval expected from prometheus, measured in seconds. This is used to determine the sampling period of certain gauges.</td>
+    <td>60 (seconds)</td>
+    <td>Universal</td>
+</tr>
+<tr>
+    <td>ShrinkSystemdJournalSizeMB</td>
+    <td>integer</td>
+    <td>Retain this much system journal (measured in MB) and discard the older content to conserve disk space.</td>
+    <td>(Not enabled)</td>
+    <td>Linux</td>
+</tr>
 </table>
+
 2. Follow [outgoing mail configuration](https://github.com/HouzuoGuo/laitos/wiki/Outgoing-mail-configuration).
 
 Here is an example configuration that keeps system up-to-date, while also checking whether mail(25), DNS(53), and HTTP(80, 443) daemons are online:
diff --git a/doc/[Web-service]-prometheus-metrics-exporter.md b/doc/[Web-service]-prometheus-metrics-exporter.md
@@ -7,18 +7,30 @@ information collected from the following sources in the prometheus-exporter form
 - All web proxy requests: time to first byte, connection duration, size of response.
 
 ## Configuration
+
 Under the JSON key `HTTPHandlers`, add a string property called `PrometheusMetricsEndpoint`, value being the URL location of the service.
+Keep the location a secret to yourself and make it difficult to guess.
+
+Check out the additional process and system activity metrics available from the  [system maintenance](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-system-maintenance) daemon,
+enable them as you wish.
 
-Keep the location a secret to yourself and make it difficult to guess. Here is an example:
+Here is an example:
 <pre>
 {
     ...
 
+    "Maintenance": {
+      ...
+      "PrometheusScrapeIntervalSec": 60,
+      "RegsiterSystemActivityMetrics": true,
+      "RegsiterProcessActivityMetrics": true,
+      "RegisterPrometheusMetrics": true,
+      ...
+    },
+
     "HTTPHandlers": {
         ...
-
         "PrometheusMetricsEndpoint": "/my-precious-metrics",
-
         ...
     },
 
@@ -36,13 +48,18 @@ The exporter is hosted by web server, therefore remember to [run web server](htt
 
 ## Usage
 
-There are three categories of performance metrics exported by this web service:
+The prometheus web handler serves all of these metrics:
+
 - [Web server (httpd and insecurehttpd)](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-web-server) statistics are always included, such as
   individual handler's processing duration, response size, time-to-first-byte, etc.
-- When you enable the [web proxy daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-web-proxy), the exporter will automatically include
+- If [web proxy daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-web-proxy) is enabled, the exporter will automatically include
   statistics such as data transfer per proxy destination, number of connections, connection duration, etc.
-- When you enable the [maintenance daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-system-maintenance), the exporter will automatically
-  include laitos program's process statistics such as CPU usage and scheduler performance. These stats rely on Linux (`procfs`).
+- If [maintenance daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-system-maintenance) `RegisterPrometheusMetrics` is enabled,
+  the exporter will automatically include laitos program's process statistics such as CPU usage and scheduler performance. This relies on Linux (`procfs`).
+- If [maintenance daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-system-maintenance) `RegsiterProcessActivityMetrics` is enabled,
+  the exporter will automatically include the file and network activities of the laitos process. This relies on `bpftrace` tool.
+- If [maintenance daemon](https://github.com/HouzuoGuo/laitos/wiki/%5BDaemon%5D-system-maintenance) `RegsiterSystemActivityMetrics` is enabled,
+  the exporter will automatically include the system-wide file and network activities. This relies on `bpftrace` tool.
 
 Next, follow the installation instructions of [prometheus](https://prometheus.io/docs/prometheus/latest/installation/) to install and start the
 prometheus daemon. Feel free to run the daemon on a home desktop, a dedicated server, or on the same computer that runs laitos.
@@ -54,7 +71,7 @@ the web service's endpoint:
 ...
 scrape_configs:
     - job_name: 'laitos'
-      scrape_interval: 20s
+      scrape_interval: 60s # set to the same value as the system maintenance daemon's PrometheusScrapeIntervalSec
       scrape_timeout: 5s
       scheme: https # or https
       metrics_path: '/my-precious-metrics'
