blob: edcaa10d969dd7427c3140d8b786626a9d3bbdb3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.netdata;
wrappedPlugins = pkgs.runCommand "wrapped-plugins" {} ''
mkdir -p $out/libexec/netdata/plugins.d
ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin
'';
localConfig = {
global = {
"plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d";
};
web = {
"web files owner" = "root";
"web files group" = "root";
};
};
mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);
defaultUser = "netdata";
in {
options = {
services.netdata = {
enable = mkEnableOption "netdata";
user = mkOption {
type = types.str;
default = "netdata";
description = "User account under which netdata runs.";
};
group = mkOption {
type = types.str;
default = "netdata";
description = "Group under which netdata runs.";
};
configText = mkOption {
type = types.nullOr types.lines;
description = "Verbatim netdata.conf, cannot be combined with config.";
default = null;
example = ''
[global]
debug log = syslog
access log = syslog
error log = syslog
'';
};
config = mkOption {
type = types.attrsOf types.attrs;
default = {};
description = "netdata.conf configuration as nix attributes. cannot be combined with configText.";
example = literalExample ''
global = {
"debug log" = "syslog";
"access log" = "syslog";
"error log" = "syslog";
};
'';
};
};
};
config = mkIf cfg.enable {
assertions =
[ { assertion = cfg.config != {} -> cfg.configText == null ;
message = "Cannot specify both config and configText";
}
];
systemd.services.netdata = {
path = with pkgs; [ gawk curl ];
description = "Real time performance monitoring";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = concatStringsSep "\n" (map (dir: ''
mkdir -vp ${dir}
chmod 750 ${dir}
chown -R ${cfg.user}:${cfg.group} ${dir}
'') [ "/var/cache/netdata"
"/var/log/netdata"
"/var/lib/netdata" ]);
serviceConfig = {
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
ExecStart = "${pkgs.netdata}/bin/netdata -D -c ${configFile}";
TimeoutStopSec = 60;
};
};
security.wrappers."apps.plugin" = {
source = "${pkgs.netdata}/libexec/netdata/plugins.d/apps.plugin";
capabilities = "cap_dac_read_search,cap_sys_ptrace+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+rx,o-rwx";
};
users.users = optional (cfg.user == defaultUser) {
name = defaultUser;
};
users.groups = optional (cfg.group == defaultUser) {
name = defaultUser;
};
};
}
|