nixpkgs/nixos/modules/services/monitoring/netdata.nix

{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.services.netdata;

  wrappedPlugins = pkgs.runCommand "wrapped-plugins" { preferLocalBuild = true; } ''
    mkdir -p $out/libexec/netdata/plugins.d
    ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin
    ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin
    ln -s /run/wrappers/bin/perf.plugin $out/libexec/netdata/plugins.d/perf.plugin
    ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin
  '';

  plugins = [
    "${cfg.package}/libexec/netdata/plugins.d"
    "${wrappedPlugins}/libexec/netdata/plugins.d"
  ] ++ cfg.extraPluginPaths;

  localConfig = {
    global = {
      "plugins directory" = concatStringsSep " " plugins;
    };
    web = {
      "web files owner" = "root";
      "web files group" = "root";
    };
  };
  mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
  configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);

  defaultUser = "netdata";

in {
  options = {
    services.netdata = {
      enable = mkEnableOption "netdata";

      package = mkOption {
        type = types.package;
        default = pkgs.netdata;
        defaultText = "pkgs.netdata";
        description = "Netdata package to use.";
      };

      user = mkOption {
        type = types.str;
        default = "netdata";
        description = "User account under which netdata runs.";
      };

      group = mkOption {
        type = types.str;
        default = "netdata";
        description = "Group under which netdata runs.";
      };

      configText = mkOption {
        type = types.nullOr types.lines;
        description = "Verbatim netdata.conf, cannot be combined with config.";
        default = null;
        example = ''
          [global]
          debug log = syslog
          access log = syslog
          error log = syslog
        '';
      };

      python = {
        enable = mkOption {
          type = types.bool;
          default = true;
          description = ''
            Whether to enable python-based plugins
          '';
        };
        extraPackages = mkOption {
          default = ps: [];
          defaultText = "ps: []";
          example = literalExample ''
            ps: [
              ps.psycopg2
              ps.docker
              ps.dnspython
            ]
          '';
          description = ''
            Extra python packages available at runtime
            to enable additional python plugins.
          '';
        };
      };

      extraPluginPaths = mkOption {
        type = types.listOf types.path;
        default = [ ];
        example = literalExample ''
          [ "/path/to/plugins.d" ]
        '';
        description = ''
          Extra paths to add to the netdata global "plugins directory"
          option.  Useful for when you want to include your own
          collection scripts.
          </para><para>
          Details about writing a custom netdata plugin are available at:
          <link xlink:href="https://docs.netdata.cloud/collectors/plugins.d/"/>
          </para><para>
          Cannot be combined with configText.
        '';
      };

      config = mkOption {
        type = types.attrsOf types.attrs;
        default = {};
        description = "netdata.conf configuration as nix attributes. cannot be combined with configText.";
        example = literalExample ''
          global = {
            "debug log" = "syslog";
            "access log" = "syslog";
            "error log" = "syslog";
          };
        '';
        };
      };
    };

  config = mkIf cfg.enable {
    assertions =
      [ { assertion = cfg.config != {} -> cfg.configText == null ;
          message = "Cannot specify both config and configText";
        }
      ];

    systemd.services.netdata = {
      description = "Real time performance monitoring";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      path = (with pkgs; [ curl gawk which ]) ++ lib.optional cfg.python.enable
        (pkgs.python3.withPackages cfg.python.extraPackages);
      serviceConfig = {
        Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";
        ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";
        ExecReload = "${pkgs.util-linux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";
        TimeoutStopSec = 60;
        Restart = "on-failure";
        # User and group
        User = cfg.user;
        Group = cfg.group;
        # Performance
        LimitNOFILE = "30000";
        # Runtime directory and mode
        RuntimeDirectory = "netdata";
        RuntimeDirectoryMode = "0750";
        # State directory and mode
        StateDirectory = "netdata";
        StateDirectoryMode = "0750";
        # Cache directory and mode
        CacheDirectory = "netdata";
        CacheDirectoryMode = "0750";
        # Logs directory and mode
        LogsDirectory = "netdata";
        LogsDirectoryMode = "0750";
        # Configuration directory and mode
        ConfigurationDirectory = "netdata";
        ConfigurationDirectoryMode = "0755";
        # Capabilities
        CapabilityBoundingSet = [
          "CAP_DAC_OVERRIDE"      # is required for freeipmi and slabinfo plugins
          "CAP_DAC_READ_SEARCH"   # is required for apps plugin
          "CAP_FOWNER"            # is required for freeipmi plugin
          "CAP_SETPCAP"           # is required for apps, perf and slabinfo plugins
          "CAP_SYS_ADMIN"         # is required for perf plugin
          "CAP_SYS_PTRACE"        # is required for apps plugin
          "CAP_SYS_RESOURCE"      # is required for ebpf plugin
          "CAP_NET_RAW"           # is required for fping app
        ];
        # Sandboxing
        ProtectSystem = "full";
        ProtectHome = "read-only";
        PrivateTmp = true;
        ProtectControlGroups = true;
        PrivateMounts = true;
      };
    };

    systemd.enableCgroupAccounting = true;

    security.wrappers."apps.plugin" = {
      source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org";
      capabilities = "cap_dac_read_search,cap_sys_ptrace+ep";
      owner = cfg.user;
      group = cfg.group;
      permissions = "u+rx,g+rx,o-rwx";
    };

    security.wrappers."freeipmi.plugin" = {
      source = "${cfg.package}/libexec/netdata/plugins.d/freeipmi.plugin.org";
      capabilities = "cap_dac_override,cap_fowner+ep";
      owner = cfg.user;
      group = cfg.group;
      permissions = "u+rx,g+rx,o-rwx";
    };

    security.wrappers."perf.plugin" = {
      source = "${cfg.package}/libexec/netdata/plugins.d/perf.plugin.org";
      capabilities = "cap_sys_admin+ep";
      owner = cfg.user;
      group = cfg.group;
      permissions = "u+rx,g+rx,o-rx";
    };

    security.wrappers."slabinfo.plugin" = {
      source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org";
      capabilities = "cap_dac_override+ep";
      owner = cfg.user;
      group = cfg.group;
      permissions = "u+rx,g+rx,o-rx";
    };

    security.pam.loginLimits = [
      { domain = "netdata"; type = "soft"; item = "nofile"; value = "10000"; }
      { domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; }
    ];

    users.users = optionalAttrs (cfg.user == defaultUser) {
      ${defaultUser} = {
        isSystemUser = true;
      };
    };

    users.groups = optionalAttrs (cfg.group == defaultUser) {
      ${defaultUser} = { };
    };

  };
}
netdata service: init 2016-11-05 20:09:29 +08:00			`{ config, pkgs, lib, ... }:`

			`with lib;`

			`let`
			`cfg = config.services.netdata;`

nixos: add preferLocalBuild=true; on derivations for config files 2018-11-08 11:59:03 +01:00			`wrappedPlugins = pkgs.runCommand "wrapped-plugins" { preferLocalBuild = true; } ''`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`mkdir -p $out/libexec/netdata/plugins.d`
			`ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin`
nixos/netdata: add capabilites to freeipmi.plugin 2019-07-04 12:09:54 +03:00			`ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin`
nixos/netdata: fix permissions for perf.plugin 2020-03-23 12:23:50 +03:00			`ln -s /run/wrappers/bin/perf.plugin $out/libexec/netdata/plugins.d/perf.plugin`
nixos/netdata: fix permissions for slabinfo.plugin 2020-03-23 10:27:29 +03:00			`ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`'';`

nixos/netdata: Add option to include extra plugins New option `extraPluginPaths' that allows users to supply additional paths for netdata plugins. Very useful for when you want to use custom collection scripts. 2019-01-21 13:27:46 -07:00			`plugins = [`
nixos/netdata: add module package option 2020-03-10 23:03:11 +01:00			`"${cfg.package}/libexec/netdata/plugins.d"`
nixos/netdata: Add option to include extra plugins New option `extraPluginPaths' that allows users to supply additional paths for netdata plugins. Very useful for when you want to use custom collection scripts. 2019-01-21 13:27:46 -07:00			`"${wrappedPlugins}/libexec/netdata/plugins.d"`
			`] ++ cfg.extraPluginPaths;`

netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`localConfig = {`
			`global = {`
nixos/netdata: Add option to include extra plugins New option `extraPluginPaths' that allows users to supply additional paths for netdata plugins. Very useful for when you want to use custom collection scripts. 2019-01-21 13:27:46 -07:00			`"plugins directory" = concatStringsSep " " plugins;`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`};`
netdata: 1.9.0 -> 1.10.0 (#44472) The web_access.patch would no longer apply. It disabled a check that required the static files for the web UI to be owned by the user the daemon runs as (not root, so it doesn't work well with nix). Besides updating netdata, this commit removes that patch, changes the netdata service config to set the "web files owner/group" option to "root" and adds a test that checks that the web UI is being served. This allows the web files to be owned by root without patching. 2018-08-05 00:05:48 +02:00			`web = {`
			`"web files owner" = "root";`
			`"web files group" = "root";`
			`};`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`};`
			`mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);`
			`configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);`
netdata service: init 2016-11-05 20:09:29 +08:00
			`defaultUser = "netdata";`

			`in {`
			`options = {`
			`services.netdata = {`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`enable = mkEnableOption "netdata";`
netdata service: init 2016-11-05 20:09:29 +08:00
nixos/netdata: add module package option 2020-03-10 23:03:11 +01:00			`package = mkOption {`
			`type = types.package;`
			`default = pkgs.netdata;`
			`defaultText = "pkgs.netdata";`
			`description = "Netdata package to use.";`
			`};`

netdata service: init 2016-11-05 20:09:29 +08:00			`user = mkOption {`
			`type = types.str;`
			`default = "netdata";`
			`description = "User account under which netdata runs.";`
			`};`

			`group = mkOption {`
			`type = types.str;`
			`default = "netdata";`
			`description = "Group under which netdata runs.";`
			`};`

			`configText = mkOption {`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`type = types.nullOr types.lines;`
			`description = "Verbatim netdata.conf, cannot be combined with config.";`
			`default = null;`
netdata service: init 2016-11-05 20:09:29 +08:00			`example = ''`
			`[global]`
			`debug log = syslog`
			`access log = syslog`
			`error log = syslog`
			`'';`
			`};`

netdata: fix python plugins fixes #33366 2018-11-17 15:11:46 +00:00			`python = {`
			`enable = mkOption {`
			`type = types.bool;`
			`default = true;`
			`description = ''`
			`Whether to enable python-based plugins`
			`'';`
			`};`
			`extraPackages = mkOption {`
			`default = ps: [];`
			`defaultText = "ps: []";`
			`example = literalExample ''`
			`ps: [`
			`ps.psycopg2`
			`ps.docker`
			`ps.dnspython`
			`]`
			`'';`
			`description = ''`
			`Extra python packages available at runtime`
			`to enable additional python plugins.`
			`'';`
			`};`
			`};`

nixos/netdata: Add option to include extra plugins New option `extraPluginPaths' that allows users to supply additional paths for netdata plugins. Very useful for when you want to use custom collection scripts. 2019-01-21 13:27:46 -07:00			`extraPluginPaths = mkOption {`
			`type = types.listOf types.path;`
			`default = [ ];`
			`example = literalExample ''`
			`[ "/path/to/plugins.d" ]`
			`'';`
			`description = ''`
			`Extra paths to add to the netdata global "plugins directory"`
			`option. Useful for when you want to include your own`
			`collection scripts.`
			`</para><para>`
			`Details about writing a custom netdata plugin are available at:`
			`<link xlink:href="https://docs.netdata.cloud/collectors/plugins.d/"/>`
			`</para><para>`
			`Cannot be combined with configText.`
			`'';`
			`};`

netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`config = mkOption {`
			`type = types.attrsOf types.attrs;`
			`default = {};`
			`description = "netdata.conf configuration as nix attributes. cannot be combined with configText.";`
			`example = literalExample ''`
			`global = {`
			`"debug log" = "syslog";`
			`"access log" = "syslog";`
			`"error log" = "syslog";`
			`};`
			`'';`
			`};`
			`};`
netdata service: init 2016-11-05 20:09:29 +08:00			`};`

			`config = mkIf cfg.enable {`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`assertions =`
			`[ { assertion = cfg.config != {} -> cfg.configText == null ;`
			`message = "Cannot specify both config and configText";`
			`}`
			`];`
netdata: create missing /etc/netdata Since netdata 1.11.0 updated in https://github.com/NixOS/nixpkgs/pull/50459 it needs to have a /etc/netdata directory, which we did not create by default. fixes #50893 2018-11-21 22:58:02 +00:00
netdata service: init 2016-11-05 20:09:29 +08:00			`systemd.services.netdata = {`
			`description = "Real time performance monitoring";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
nixos/netdata: add which to path 2019-10-28 21:20:57 +03:00			`path = (with pkgs; [ curl gawk which ]) ++ lib.optional cfg.python.enable`
netdata: fix python plugins fixes #33366 2018-11-17 15:11:46 +00:00			`(pkgs.python3.withPackages cfg.python.extraPackages);`
netdata service: init 2016-11-05 20:09:29 +08:00			`serviceConfig = {`
nixos/netdata: add module package option 2020-03-10 23:03:11 +01:00			`Environment="PYTHONPATH=${cfg.package}/libexec/netdata/python.d/python_modules";`
			`ExecStart = "${cfg.package}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}";`
utillinux: rename to util-linux 2020-11-24 10:29:28 -05:00			`ExecReload = "${pkgs.util-linux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID";`
netdata service: init 2016-11-05 20:09:29 +08:00			`TimeoutStopSec = 60;`
Automatically restart netdata on failures I've had Netdata crash on me sometimes. Rarely but more than once. And I lost days of data before I noticed. Let's be nice and restart it on failures by default. 2020-04-08 20:58:06 +01:00			`Restart = "on-failure";`
nixos/netdata: enable reload service and add PID file 2019-07-05 12:11:44 +03:00			`# User and group`
			`User = cfg.user;`
			`Group = cfg.group;`
nixos/netdata: increase performance 2019-07-05 22:15:38 +03:00			`# Performance`
			`LimitNOFILE = "30000";`
nixos/netadata: enable simple sandboxing 2020-05-14 14:10:49 +03:00			`# Runtime directory and mode`
			`RuntimeDirectory = "netdata";`
			`RuntimeDirectoryMode = "0750";`
			`# State directory and mode`
			`StateDirectory = "netdata";`
			`StateDirectoryMode = "0750";`
			`# Cache directory and mode`
			`CacheDirectory = "netdata";`
			`CacheDirectoryMode = "0750";`
			`# Logs directory and mode`
			`LogsDirectory = "netdata";`
			`LogsDirectoryMode = "0750";`
			`# Configuration directory and mode`
			`ConfigurationDirectory = "netdata";`
			`ConfigurationDirectoryMode = "0755";`
			`# Capabilities`
			`CapabilityBoundingSet = [`
			`"CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins`
			`"CAP_DAC_READ_SEARCH" # is required for apps plugin`
			`"CAP_FOWNER" # is required for freeipmi plugin`
			`"CAP_SETPCAP" # is required for apps, perf and slabinfo plugins`
			`"CAP_SYS_ADMIN" # is required for perf plugin`
			`"CAP_SYS_PTRACE" # is required for apps plugin`
			`"CAP_SYS_RESOURCE" # is required for ebpf plugin`
			`"CAP_NET_RAW" # is required for fping app`
			`];`
			`# Sandboxing`
			`ProtectSystem = "full";`
			`ProtectHome = "read-only";`
			`PrivateTmp = true;`
			`ProtectControlGroups = true;`
			`PrivateMounts = true;`
netdata service: init 2016-11-05 20:09:29 +08:00			`};`
			`};`

netdata: enable cgroup accounting 2019-08-19 14:57:41 +02:00			`systemd.enableCgroupAccounting = true;`

netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`security.wrappers."apps.plugin" = {`
nixos/netdata: add module package option 2020-03-10 23:03:11 +01:00			`source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org";`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00			`capabilities = "cap_dac_read_search,cap_sys_ptrace+ep";`
			`owner = cfg.user;`
			`group = cfg.group;`
			`permissions = "u+rx,g+rx,o-rwx";`
			`};`

nixos/netdata: add capabilites to freeipmi.plugin 2019-07-04 12:09:54 +03:00			`security.wrappers."freeipmi.plugin" = {`
nixos/netdata: add module package option 2020-03-10 23:03:11 +01:00			`source = "${cfg.package}/libexec/netdata/plugins.d/freeipmi.plugin.org";`
nixos/netdata: add capabilites to freeipmi.plugin 2019-07-04 12:09:54 +03:00			`capabilities = "cap_dac_override,cap_fowner+ep";`
			`owner = cfg.user;`
			`group = cfg.group;`
			`permissions = "u+rx,g+rx,o-rwx";`
			`};`
netdata service: fix permissions for apps.plugin apps.plugin requires capabilities for full process monitoring. with 1.9.0, netdata allows multiple directories to search for plugins and the setuid directory can be specified here. the module is backwards compatible with older configs. a test is included that verifies data gathering for the elevated privileges. one additional attribute is added to make configuration more generic than including configuration in string form. 2017-10-17 19:51:41 -04:00
nixos/netdata: fix permissions for perf.plugin 2020-03-23 12:23:50 +03:00			`security.wrappers."perf.plugin" = {`
			`source = "${cfg.package}/libexec/netdata/plugins.d/perf.plugin.org";`
			`capabilities = "cap_sys_admin+ep";`
			`owner = cfg.user;`
			`group = cfg.group;`
			`permissions = "u+rx,g+rx,o-rx";`
			`};`

nixos/netdata: fix permissions for slabinfo.plugin 2020-03-23 10:27:29 +03:00			`security.wrappers."slabinfo.plugin" = {`
			`source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org";`
			`capabilities = "cap_dac_override+ep";`
			`owner = cfg.user;`
			`group = cfg.group;`
			`permissions = "u+rx,g+rx,o-rx";`
			`};`

nixos/netdata: increase performance 2019-07-05 22:15:38 +03:00			`security.pam.loginLimits = [`
			`{ domain = "netdata"; type = "soft"; item = "nofile"; value = "10000"; }`
			`{ domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; }`
			`];`

treewide: use attrs instead of list for types.loaOf options 2019-09-14 19:51:29 +02:00			`users.users = optionalAttrs (cfg.user == defaultUser) {`
			`${defaultUser} = {`
			`isSystemUser = true;`
			`};`
netdata service: init 2016-11-05 20:09:29 +08:00			`};`

treewide: use attrs instead of list for types.loaOf options 2019-09-14 19:51:29 +02:00			`users.groups = optionalAttrs (cfg.group == defaultUser) {`
			`${defaultUser} = { };`
netdata service: init 2016-11-05 20:09:29 +08:00			`};`

			`};`
			`}`