summaryrefslogtreecommitdiffstats
path: root/system/systemd/netdata.service.in
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 02:57:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 02:57:58 +0000
commitbe1c7e50e1e8809ea56f2c9d472eccd8ffd73a97 (patch)
tree9754ff1ca740f6346cf8483ec915d4054bc5da2d /system/systemd/netdata.service.in
parentInitial commit. (diff)
downloadnetdata-be1c7e50e1e8809ea56f2c9d472eccd8ffd73a97.tar.xz
netdata-be1c7e50e1e8809ea56f2c9d472eccd8ffd73a97.zip
Adding upstream version 1.44.3.upstream/1.44.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--system/systemd/netdata.service.in84
1 files changed, 84 insertions, 0 deletions
diff --git a/system/systemd/netdata.service.in b/system/systemd/netdata.service.in
new file mode 100644
index 00000000..7d15dad7
--- /dev/null
+++ b/system/systemd/netdata.service.in
@@ -0,0 +1,84 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+[Unit]
+Description=Real time performance monitoring
+
+# append here other services you want netdata to wait for them to start
+After=network.target
+
+[Service]
+LogNamespace=netdata
+Type=simple
+User=root
+RuntimeDirectory=netdata
+RuntimeDirectoryMode=0775
+PIDFile=/run/netdata/netdata.pid
+ExecStart=@sbindir_POST@/netdata -P /run/netdata/netdata.pid -D
+ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata
+ExecStartPre=/bin/chown -R @netdata_user_POST@ @localstatedir_POST@/cache/netdata
+ExecStartPre=/bin/mkdir -p /run/netdata
+ExecStartPre=/bin/chown -R @netdata_user_POST@ /run/netdata
+PermissionsStartOnly=true
+
+# saving a big db on slow disks may need some time
+TimeoutStopSec=150
+
+# restart netdata if it crashes
+Restart=on-failure
+RestartSec=30
+
+# Valid policies: other (the system default) | batch | idle | fifo | rr
+# To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99
+CPUSchedulingPolicy=batch
+
+# This sets the scheduling priority (for policies: rr and fifo).
+# Priority gets values 1 (lowest) to 99 (highest).
+#CPUSchedulingPriority=1
+
+# For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest).
+Nice=0
+
+# Capabilities
+# is required for freeipmi and slabinfo plugins
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
+# is required for apps plugin
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH
+# is required for freeipmi plugin
+CapabilityBoundingSet=CAP_FOWNER CAP_SYS_RAWIO
+# is required for apps, perf and slabinfo plugins
+CapabilityBoundingSet=CAP_SETPCAP
+# is required for perf plugin
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON
+# is required for apps plugin
+CapabilityBoundingSet=CAP_SYS_PTRACE
+# is required for ebpf plugin
+CapabilityBoundingSet=CAP_SYS_RESOURCE
+# is required for go.d/ping app
+CapabilityBoundingSet=CAP_NET_RAW
+# is required for cgroups plugin
+CapabilityBoundingSet=CAP_SYS_CHROOT
+# is required for nfacct plugin (bandwidth accounting)
+CapabilityBoundingSet=CAP_NET_ADMIN
+# is required for plugins that use sudo
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID
+# is required to change file ownership
+CapabilityBoundingSet=CAP_CHOWN
+# is required for logs-management.plugin
+CapabilityBoundingSet=CAP_SYSLOG
+
+# Sandboxing
+ProtectSystem=full
+ProtectHome=read-only
+# PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587
+#PrivateTmp=true
+ProtectControlGroups=on
+# We whitelist this because it's the standard location to listen on a UNIX socket.
+ReadWriteDirectories=/run/netdata
+# This is needed to make email-based alert deliver work if Postfix is the email provider on the system.
+ReadWriteDirectories=-/var/spool/postfix/maildrop
+# LXCFS directories (https://github.com/lxc/lxcfs#lxcfs)
+# If we don't set them explicitly, systemd mounts procfs from the host. See https://github.com/netdata/netdata/issues/14238.
+BindReadOnlyPaths=-/proc/cpuinfo -/proc/diskstats -/proc/loadavg -/proc/meminfo
+BindReadOnlyPaths=-/proc/stat -/proc/swaps -/proc/uptime -/proc/slabinfo
+
+[Install]
+WantedBy=multi-user.target