netdata: set NETDATA_PIPENAME to /run/netdata/ipc

Netdata creates its control socket at /tmp/netdata-ipc by default, which
is insecure and actually inaccessible with systemd's PrivateTmp enabled.

Originally we patched its source code to move the socket to
/run/netdata/ipc. However, it was removed due to incompatibility when
upgrading to v1.41.0: 1d2a2dc7d0396495e2bb3878dc62eab620425c85

Fortunately, this new version of netdata adds support for setting the
location of the control socket via the environment variable
NETDATA_PIPENAME. So let's set it for the netdata service and the
command line utility so that they can communicate properly.

2 files changed, 1 insertions, 13 deletions

diff --git a/pkgs/tools/system/netdata/default.nix b/pkgs/tools/system/netdata/default.nix
index 6c89a3d2e559..c99151299eac 100644
--- a/pkgs/tools/system/netdata/default.nix
+++ b/pkgs/tools/system/netdata/default.nix
@@ -103,6 +103,7 @@ stdenv.mkDerivation rec {
   postFixup = ''
     wrapProgram $out/bin/netdata-claim.sh --prefix PATH : ${lib.makeBinPath [ openssl ]}
     wrapProgram $out/libexec/netdata/plugins.d/cgroup-network-helper.sh --prefix PATH : ${lib.makeBinPath [ bash ]}
+    wrapProgram $out/bin/netdatacli --set NETDATA_PIPENAME /run/netdata/ipc
   '';
 
   enableParallelBuild = true;
diff --git a/pkgs/tools/system/netdata/ipc-socket-in-run.patch b/pkgs/tools/system/netdata/ipc-socket-in-run.patch
deleted file mode 100644
index a117955af095..000000000000
--- a/pkgs/tools/system/netdata/ipc-socket-in-run.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/daemon/commands.h b/daemon/commands.h
-index bd4aabfe1cbe4..ce7eb3c730228 100644
---- a/daemon/commands.h
-+++ b/daemon/commands.h
-@@ -6,7 +6,7 @@
- #ifdef _WIN32
- # define PIPENAME "\\\\?\\pipe\\netdata-cli"
- #else
--# define PIPENAME "/tmp/netdata-ipc"
-+# define PIPENAME "/run/netdata/ipc"
- #endif
- 
- #define MAX_COMMAND_LENGTH 4096