diff options
author | Malte Brandy <malte.brandy@maralorn.de> | 2021-05-07 15:03:54 +0200 |
---|---|---|
committer | Malte Brandy <malte.brandy@maralorn.de> | 2021-05-07 15:03:54 +0200 |
commit | 2a11f1f5cc1c4680b49240203db18ecbb19b9cc5 (patch) | |
tree | df44c5fcd797c97297ab663b63167e9b4bc06a72 /nixos/modules/services/monitoring/netdata.nix | |
parent | f73c2278d07e674233040422b71d965a0587756f (diff) | |
parent | ae1c8ede09b53007ba9b3c32f926c9c03547ae8b (diff) | |
download | nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.gz nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.bz2 nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.lz nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.xz nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.zst nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.zip |
Merge branch 'master' into haskell-updates
Diffstat (limited to 'nixos/modules/services/monitoring/netdata.nix')
-rw-r--r-- | nixos/modules/services/monitoring/netdata.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index 007024c04ce..c2ee1c0df7f 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -149,8 +149,9 @@ in { description = "Real time performance monitoring"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = (with pkgs; [ curl gawk which ]) ++ lib.optional cfg.python.enable - (pkgs.python3.withPackages cfg.python.extraPackages); + path = (with pkgs; [ curl gawk iproute2 which ]) + ++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages) + ++ lib.optional config.virtualisation.libvirtd.enable (config.virtualisation.libvirtd.package); environment = { PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules"; } // lib.optionalAttrs (!cfg.enableAnalyticsReporting) { @@ -182,6 +183,9 @@ in { ConfigurationDirectory = "netdata"; ConfigurationDirectoryMode = "0755"; # Capabilities + AmbientCapabilities = [ + "CAP_SETUID" # is required for cgroups and cgroups-network plugins + ]; CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins "CAP_DAC_READ_SEARCH" # is required for apps plugin @@ -191,6 +195,8 @@ in { "CAP_SYS_PTRACE" # is required for apps plugin "CAP_SYS_RESOURCE" # is required for ebpf plugin "CAP_NET_RAW" # is required for fping app + "CAP_SYS_CHROOT" # is required for cgroups plugin + "CAP_SETUID" # is required for cgroups and cgroups-network plugins ]; # Sandboxing ProtectSystem = "full"; |