diff options
Diffstat (limited to 'nixos/modules/services/monitoring/netdata.nix')
-rw-r--r-- | nixos/modules/services/monitoring/netdata.nix | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index a49555cf677f..f9b7550af23a 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -8,6 +8,7 @@ let wrappedPlugins = pkgs.runCommand "wrapped-plugins" { preferLocalBuild = true; } '' mkdir -p $out/libexec/netdata/plugins.d ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin + ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin ''; plugins = [ @@ -140,12 +141,18 @@ in { path = (with pkgs; [ gawk curl ]) ++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages); serviceConfig = { - User = cfg.user; - Group = cfg.group; Environment="PYTHONPATH=${pkgs.netdata}/libexec/netdata/python.d/python_modules"; - PermissionsStartOnly = true; - ExecStart = "${pkgs.netdata}/bin/netdata -D -c ${configFile}"; + ExecStart = "${pkgs.netdata}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}"; + ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID"; TimeoutStopSec = 60; + # User and group + User = cfg.user; + Group = cfg.group; + # Runtime directory and mode + RuntimeDirectory = "netdata"; + RuntimeDirectoryMode = "0755"; + # Performance + LimitNOFILE = "30000"; }; }; @@ -157,6 +164,18 @@ in { permissions = "u+rx,g+rx,o-rwx"; }; + security.wrappers."freeipmi.plugin" = { + source = "${pkgs.netdata}/libexec/netdata/plugins.d/freeipmi.plugin.org"; + capabilities = "cap_dac_override,cap_fowner+ep"; + owner = cfg.user; + group = cfg.group; + permissions = "u+rx,g+rx,o-rwx"; + }; + + security.pam.loginLimits = [ + { domain = "netdata"; type = "soft"; item = "nofile"; value = "10000"; } + { domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; } + ]; users.users = optional (cfg.user == defaultUser) { name = defaultUser; |