Install
Drop the binary on a host, point it at a config, run it.
nanook ships as a single static binary. No daemon directory, no service unit. You set up the rest.
One-liner
|
Detects arch, downloads the matching release tarball, verifies its sha256, picks an install dir (walks $PATH, prefers a writable user-owned entry under $HOME, falls back to a system dir with sudo, then ~/.local/bin), and runs nanook --version to confirm. Linux x86_64 and aarch64. Build from source on macOS and Windows.
If you already have a nanook binary handy, nanook install does the local-copy version of the same dance with no download. See the CLI reference.
Knobs:
| Env / flag | What |
|---|---|
NANOOK_VERSION=v0.1.0 or --version v0.1.0 | pin a release tag (default: latest) |
NANOOK_INSTALL_DIR=/opt/bin or --dir /opt/bin | install location |
NANOOK_OS, NANOOK_ARCH | override platform detection |
NANOOK_SKIP_VERIFY=1 or --skip-verify | skip sha256 check (use only for offline mirrors) |
NANOOK_NO_TRUST=1 or --no-trust | skip release-key trust bootstrap |
NO_COLOR=1 | plain text output |
After install, install.sh fetches keys/release.pub from the source tree and adds it to [self.signature].signers via nanook self trust add, so subsequent nanook self update runs will refuse a binary that doesn't carry a trailer signed by the project release key. See Trust for the full story.
Pin a version (recommended for CI):
| NANOOK_VERSION=v0.1.0
Inspect before running:
Manual download
Grab the latest release and unpack it somewhere on your $PATH.
|
Builds exist for Linux x86_64 and aarch64. For macOS and Windows, build from source.
From source
The workspace pins a toolchain via rust-toolchain.toml, so once you have rustup it just works.
Collectors, adapters, and channel actions are feature-gated. Drop the ones you do not need with --no-default-features and an explicit feature list:
Build presets
For common shapes, use one of the four bundled presets instead of hand-picking features. Pick exactly one:
| Preset | What it includes | Approx size |
|---|---|---|
preset-full (default) | every collector / adapter / action, admin server + ctl, tui dashboard, tls, discover, installer, plugins | ~15 MB |
preset-server | full collector / adapter / action set, admin server + tls, plugins; no tui / discover / installer | ~14 MB |
preset-slim | core system collectors (cpu/mem/disk/net/load/uptime), prometheus + stdout adapters, log action, admin (no tls) | ~12 MB |
preset-minimal | cpu + mem collectors, stdout adapter, log action; no admin / tui / plugins | ~9 MB |
Top-level toggles
Beyond per-kind features, nanook-cli exposes coarse switches you can mix into any feature set:
| Feature | What it gates | Default |
|---|---|---|
admin | REST/WS server + nanook ctl client | on |
tui | nanook tui dashboard + interactive nanook init wizard | on |
tls | admin TLS (rustls + --ca flag) | on |
discover | nanook discover subcommand + interactive picker | on |
installer | nanook install / uninstall / update subcommands | on |
plugins | dynamic plugin loading + nanook plugins subcommand surface | on |
Configs that reference plugin = "..." will fail at build time with nanook::collectors::plugins_disabled (or the matching adapters / actions code) when the plugins feature is off.
For the full per-feature catalogue, see Collectors → Slim builds. For loading extras at runtime as cdylibs, see Plugins.
What lives where
| Thing | Default |
|---|---|
| Binary | wherever you put it |
| Config | resolved in this order: explicit --config <path> → ./nanook.toml → ~/.nanook/nanook.toml → /etc/nanook/nanook.toml. When none of those exist, write-side commands (nanook init, nanook self trust add, etc.) default to ~/.nanook/nanook.toml. |
| Plugin search | the [plugins].dirs array in your config |
| Admin HTTP | disabled by default; set [admin].enabled = true and [admin].addr to expose it |
| Admin Unix socket | disabled by default; set [admin].socket to a path to expose it |
Running as a service
Linux with systemd, the bare-minimum unit:
[Unit]
nanook monitoring agent
network.target
[Service]
/usr/local/bin/nanook --config /etc/nanook/nanook.toml
on-failure
nanook
nanook
[Install]
multi-user.target
For macOS use a launchd plist; for Windows use the service manager (sc create). The binary is the same on each.
Verifying it works
check parses your config, builds every collector, adapter, action, and rule, and exits zero if it's all good. No metrics get collected, nothing fires. Use it before reloading a live agent so a typo never takes down monitoring.
Verifying the release
install.sh does this for you. Manual flow:
What this proves and what it doesn't: the signature check matches the binary on disk against the publisher key, which catches corruption in transit and an unsigned or wrong-signer build. It does not prove that an already-malicious binary is genuine, because the verifier and the artifact are the same bits — a tampered binary can fake the verdict. Bootstrapping the very first install rests on trust in how you fetched the binary and the key URL above, not on this command. From there on, nanook self update is the verification path with real teeth: the running (presumed-trusted) nanook verifies the new candidate before swap, so verifier and artifact are different bits. See Trust for the full picture.
nanook self update --skip-trust bypasses the signature check on update; use only when you have anchored trust outside nanook (e.g. distro-packaged binary already verified by your package manager).
Next: Quickstart.