summaryrefslogtreecommitdiffstats
path: root/debian/netdata-core.netdata.service
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2019-01-01 16:05:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2019-01-27 20:49:02 +0000
commit9defc7d3bebf04db61dcdcbaca9fe9be79432a46 (patch)
tree48a43ce97bb0cf13c1a40c7fe38cc525a631d2e3 /debian/netdata-core.netdata.service
parentMoving architecture-independent plugins to interpreter specific netdata-plugi... (diff)
downloadnetdata-9defc7d3bebf04db61dcdcbaca9fe9be79432a46.tar.xz
netdata-9defc7d3bebf04db61dcdcbaca9fe9be79432a46.zip
Renaming netdata to netdata-core, making netdata a meta package depending on the (typical) netdata components that it contained before the package reshuffeling.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/netdata-core.netdata.service')
-rw-r--r--debian/netdata-core.netdata.service53
1 files changed, 53 insertions, 0 deletions
diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service
new file mode 100644
index 000000000..54f4d03e7
--- /dev/null
+++ b/debian/netdata-core.netdata.service
@@ -0,0 +1,53 @@
+# netdata systemd target
+
+[Unit]
+Description=netdata - Real-time performance monitoring
+Documentation=man:netdata
+Documentation=file:///usr/share/doc/netdata/html/index.html
+Documentation=https://github.com/netdata/netdata
+After=network-online.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service
+ConditionPathExists=/etc/netdata/netdata.conf
+
+[Service]
+Type=simple
+Environment="netdata_LOG_LOCATION=/var/log/netdata/log"
+ExecStart=/usr/sbin/netdata -D
+ExecReload=/usr/sbin/netdata reload
+TimeoutStopSec=10
+KillMode=mixed
+KillSignal=SIGTERM
+OOMScoreAdjust=-900
+
+User=netdata
+Group=netdata
+Restart=on-abnormal
+RestartSec=2s
+LimitNOFILE=65536
+
+WorkingDirectory=/tmp
+
+# Hardening
+
+NoNewPrivileges=false
+PermissionsStartOnly=true
+# CAP_SETGID is required for setgroups()
+# CAP_NET_RAW is needed by fping, see #864370
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW
+PrivateTmp=true
+ProtectHome=read-only
+ProtectSystem=full
+
+ReadOnlyDirectories=/
+ReadWriteDirectories=/proc/self
+ReadWriteDirectories=/var
+
+# Access to devices and kernel modules and tunables is required
+PrivateDevices=no
+ProtectKernelModules=no
+ProtectKernelTunables=no
+
+StandardOutput=syslog+console
+StandardError=syslog+console
+
+[Install]
+WantedBy=multi-user.target