# netdata systemd target

[Unit]
Description=netdata - Real-time performance monitoring
Documentation=man:netdata
Documentation=file:///usr/share/doc/netdata/html/index.html
Documentation=https://github.com/firehol/netdata
After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service
Wants=network-online.target
ConditionPathExists=/etc/netdata/netdata.conf

[Service]
Type=simple
Environment="netdata_LOG_LOCATION=/var/log/netdata/log"
ExecStart=/usr/sbin/netdata -D
ExecReload=/usr/sbin/netdata reload
TimeoutStopSec=10
KillMode=mixed
KillSignal=SIGTERM

User=netdata
Group=netdata
Restart=on-abnormal
RestartSec=2s
LimitNOFILE=65536

WorkingDirectory=/tmp

# Hardening
#AppArmorProfile=system_netdata
#NoNewPrivileges=true
PermissionsStartOnly=true
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE
PrivateTmp=true
ProtectHome=read-only
ProtectSystem=full

ReadOnlyDirectories=/
ReadWriteDirectories=/proc/self
ReadWriteDirectories=/var/lib/netdata
ReadWriteDirectories=/var/log/netdata
ReadWriteDirectories=/var/cache/netdata

[Install]
WantedBy=multi-user.target