# SPDX-License-Identifier: GPL-3.0-or-later [Unit] Description=Real time performance monitoring # append here other services you want netdata to wait for them to start After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service [Service] Type=simple User=netdata Group=netdata RuntimeDirectory=netdata RuntimeDirectoryMode=0775 PIDFile=@localstatedir_POST@/run/netdata/netdata.pid ExecStart=@sbindir_POST@/netdata -P @localstatedir_POST@/run/netdata/netdata.pid -D ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/cache/netdata ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata ExecStopPost=@pluginsdir_POST@/reset_netdata_trace.sh PermissionsStartOnly=true # saving a big db on slow disks may need some time TimeoutStopSec=150 # restart netdata if it crashes Restart=on-failure RestartSec=30 # The minimum netdata Out-Of-Memory (OOM) score. # netdata (via [global].OOM score in netdata.conf) can only increase the value set here. # To decrease it, set the minimum here and set the same or a higher value in netdata.conf. # Valid values: -1000 (never kill netdata) to 1000 (always kill netdata). OOMScoreAdjust=1000 # Valid policies: other (the system default) | batch | idle | fifo | rr # To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99 CPUSchedulingPolicy=idle # This sets the scheduling priority (for policies: rr and fifo). # Priority gets values 1 (lowest) to 99 (highest). #CPUSchedulingPriority=1 # For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest). #Nice=0 # Capabilities # is required for freeipmi and slabinfo plugins CapabilityBoundingSet=CAP_DAC_OVERRIDE # is required for apps plugin CapabilityBoundingSet=CAP_DAC_READ_SEARCH # is required for freeipmi plugin CapabilityBoundingSet=CAP_FOWNER # is required for apps, perf and slabinfo plugins CapabilityBoundingSet=CAP_SETPCAP # is required for perf plugin CapabilityBoundingSet=CAP_SYS_ADMIN # is required for apps plugin CapabilityBoundingSet=CAP_SYS_PTRACE # is required for ebpf plugin CapabilityBoundingSet=CAP_SYS_RESOURCE # is required for fping app CapabilityBoundingSet=CAP_NET_RAW # is required for cgroups plugin CapabilityBoundingSet=CAP_SYS_CHROOT # Sandboxing ProtectSystem=full ProtectHome=read-only # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587 #PrivateTmp=true ProtectControlGroups=true # We whitelist this because it's the standard location to listen on a UNIX socket. ReadWriteDirectories=/run/netdata [Install] WantedBy=multi-user.target