Infrastructure Monitoring

Helix

A unified monitoring dashboard that consolidates Prometheus, Alertmanager, Loki, Wazuh, and CrowdSec into one interface. Built for homelab infrastructure.

View on GitHub Explore
Capabilities

Five views. One surface.

Stop switching between Grafana, the Wazuh dashboard, and CrowdSec's CLI. Helix surfaces everything in one place with real-time updates.

Command Centre

D3 force-directed topology graph of your service mesh, active alerts from Prometheus and Wazuh, system metric sparklines, and a live event timeline.

Alerts

Unified alert table across Prometheus and Wazuh with search, source and severity filtering, detail expansion, and the ability to create Alertmanager silences directly.

Security

Wazuh agent inventory with status and scan triggers, HIDS alerts, file integrity monitoring events, and CrowdSec ban decisions with confirmation-gated unbanning.

Metrics

Time-series charts for CPU, memory, disk, and network. Per-container resource usage and network probe results backed by Prometheus range queries.

Logs

Loki log viewer with container filtering, text search, and virtualised scrolling. Supports both polling and live tail mode via Server-Sent Events.

Real-Time

Alertmanager and Wazuh push webhooks into an in-memory event bus. Browsers subscribe over SSE. UI refreshes instantly without waiting for the next poll cycle.

System Design

Architecture

Helix runs as a thin proxy layer with no persistent state. Next.js API routes handle authentication, input validation, and response caching between the browser and each monitoring backend.

Caddy (TLS + Authelia) | Helix (Next.js) / | | \ \ Prometheus | Loki | CrowdSec Alertmanager | | Wazuh Manager Wazuh Indexer
Proxy Layer

API routes handle auth, input validation, and response caching. No direct client-to-backend communication.

Event Bus

Webhooks from Alertmanager and Wazuh feed an in-memory pub/sub. Browsers subscribe over SSE for instant updates.

LRU Cache

Server-side cache with 50 entries, 5-second TTL, and 50MB cap. Reduces redundant upstream calls across connected clients.

Memory Bound

Capped at 512MB. Typical usage sits around 150-250MB. Runs on Node.js 20 Alpine in production.

Built With

Tech Stack

Production-grade tooling for a responsive, real-time monitoring experience.

FrameworkNext.js 14
DataTanStack Query v5
VisualisationD3 Force
ChartsRecharts
AnimationFramer Motion
StylingTailwind CSS
PrimitivesRadix UI
VirtualisationTanStack Virtual
TLSundici
RuntimeNode.js 20
CanvasHTML5 Canvas
TransportSSE
Quickstart

Getting Started

Helix assumes your backend services (Prometheus, Alertmanager, Loki, Wazuh, CrowdSec) are already running.

01
Clone and configure

Copy the example environment file and fill in your Wazuh passwords and webhook secret.

git clone https://github.com/asharahmed/helix.git
cd helix
cp .env.example .env.local
02
Development

Install dependencies and start the dev server. Backend services must be reachable from your machine.

npm install
npm run dev
# Available at http://localhost:3000
03
Production

Deploy with Docker Compose. The container exposes no ports directly. Caddy reaches it over the Docker network.

docker compose -f docker-compose.yml -f docker-compose.helix.yml up -d