diff options
| author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2018-01-19 23:19:29 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-01-19 23:19:29 +0000 |
| commit | dfa6a81a319a210b9143239065e2b26f9c01f7dc (patch) | |
| tree | 03d9485c9b55b4275cb21e6173539c213f4419f1 /nixos/modules | |
| parent | 836951fc14e56c62cf5706d20ede240223db8f83 (diff) | |
| parent | f3cba4f6bb613654b74c63be4ef49a8ba675647a (diff) | |
| download | nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.tar nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.tar.gz nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.tar.bz2 nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.tar.lz nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.tar.xz nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.tar.zst nixlib-dfa6a81a319a210b9143239065e2b26f9c01f7dc.zip | |
Merge pull request #33331 from cransom/netdata-module
netdata service: fix permissions for apps.plugin
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/monitoring/netdata.nix | 54 |
1 files changed, 44 insertions, 10 deletions
diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index e1fde4fc9500..d23b329eeb25 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -5,18 +5,25 @@ with lib; let cfg = config.services.netdata; - configFile = pkgs.writeText "netdata.conf" cfg.configText; + wrappedPlugins = pkgs.runCommand "wrapped-plugins" {} '' + mkdir -p $out/libexec/netdata/plugins.d + ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin + ''; + + localConfig = { + global = { + "plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d"; + }; + }; + mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config); + configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig); defaultUser = "netdata"; in { options = { services.netdata = { - enable = mkOption { - default = false; - type = types.bool; - description = "Whether to enable netdata monitoring."; - }; + enable = mkEnableOption "netdata"; user = mkOption { type = types.str; @@ -31,9 +38,9 @@ in { }; configText = mkOption { - type = types.lines; - default = ""; - description = "netdata.conf configuration."; + type = types.nullOr types.lines; + description = "Verbatim netdata.conf, cannot be combined with config."; + default = null; example = '' [global] debug log = syslog @@ -42,11 +49,29 @@ in { ''; }; + config = mkOption { + type = types.attrsOf types.attrs; + default = {}; + description = "netdata.conf configuration as nix attributes. cannot be combined with configText."; + example = literalExample '' + global = { + "debug log" = "syslog"; + "access log" = "syslog"; + "error log" = "syslog"; + }; + ''; + }; + }; }; - }; config = mkIf cfg.enable { + assertions = + [ { assertion = cfg.config != {} -> cfg.configText == null ; + message = "Cannot specify both config and configText"; + } + ]; systemd.services.netdata = { + path = with pkgs; [ gawk curl ]; description = "Real time performance monitoring"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -66,6 +91,15 @@ in { }; }; + security.wrappers."apps.plugin" = { + source = "${pkgs.netdata}/libexec/netdata/plugins.d/apps.plugin"; + capabilities = "cap_dac_read_search,cap_sys_ptrace+ep"; + owner = cfg.user; + group = cfg.group; + permissions = "u+rx,g+rx,o-rwx"; + }; + + users.extraUsers = optional (cfg.user == defaultUser) { name = defaultUser; }; |