# SPDX-License-Identifier: GPL-3.0-or-later [Unit] Description=Real time performance monitoring # append here other services you want netdata to wait for them to start After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service [Service] Type=simple User=netdata Group=netdata RuntimeDirectory=netdata RuntimeDirectoryMode=0775 PIDFile=@localstatedir_POST@/run/netdata/netdata.pid ExecStart=@sbindir_POST@/netdata -P @localstatedir_POST@/run/netdata/netdata.pid -D ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/cache/netdata ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata PermissionsStartOnly=true # saving a big db on slow disks may need some time TimeoutStopSec=150 # restart netdata if it crashes Restart=on-failure RestartSec=30 # Valid policies: other (the system default) | batch | idle | fifo | rr # To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99 CPUSchedulingPolicy=batch # This sets the scheduling priority (for policies: rr and fifo). # Priority gets values 1 (lowest) to 99 (highest). #CPUSchedulingPriority=1 # For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest). Nice=0 # Capabilities # is required for freeipmi and slabinfo plugins CapabilityBoundingSet=CAP_DAC_OVERRIDE # is required for apps plugin CapabilityBoundingSet=CAP_DAC_READ_SEARCH # is required for freeipmi plugin CapabilityBoundingSet=CAP_FOWNER # is required for apps, perf and slabinfo plugins CapabilityBoundingSet=CAP_SETPCAP # is required for perf plugin CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON # is required for apps plugin CapabilityBoundingSet=CAP_SYS_PTRACE # is required for ebpf plugin CapabilityBoundingSet=CAP_SYS_RESOURCE # is required for fping app CapabilityBoundingSet=CAP_NET_RAW # is required for cgroups plugin CapabilityBoundingSet=CAP_SYS_CHROOT # is required for nfacct plugin (bandwidth accounting) CapabilityBoundingSet=CAP_NET_ADMIN # is required for plugins that use sudo CapabilityBoundingSet=CAP_SETGID CAP_SETUID # Sandboxing ProtectSystem=full ProtectHome=read-only # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587 #PrivateTmp=true ProtectControlGroups=true # We whitelist this because it's the standard location to listen on a UNIX socket. ReadWriteDirectories=/run/netdata # This is needed to make email-based alert deliver work if Postfix is the email provider on the system. ReadWriteDirectories=-/var/spool/postfix/maildrop [Install] WantedBy=multi-user.target