2016-11-05 05:09:29 -07:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.netdata;
|
|
|
|
|
2017-10-17 16:51:41 -07:00
|
|
|
wrappedPlugins = pkgs.runCommand "wrapped-plugins" {} ''
|
|
|
|
mkdir -p $out/libexec/netdata/plugins.d
|
|
|
|
ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin
|
|
|
|
'';
|
|
|
|
|
|
|
|
localConfig = {
|
|
|
|
global = {
|
2018-10-12 01:57:45 -07:00
|
|
|
"plugins directory" = "${pkgs.netdata}/libexec/netdata/plugins.d ${wrappedPlugins}/libexec/netdata/plugins.d";
|
2017-10-17 16:51:41 -07:00
|
|
|
};
|
2018-08-04 15:05:48 -07:00
|
|
|
web = {
|
|
|
|
"web files owner" = "root";
|
|
|
|
"web files group" = "root";
|
|
|
|
};
|
2017-10-17 16:51:41 -07:00
|
|
|
};
|
|
|
|
mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
|
|
|
|
configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);
|
2016-11-05 05:09:29 -07:00
|
|
|
|
|
|
|
defaultUser = "netdata";
|
|
|
|
|
|
|
|
in {
|
|
|
|
options = {
|
|
|
|
services.netdata = {
|
2017-10-17 16:51:41 -07:00
|
|
|
enable = mkEnableOption "netdata";
|
2016-11-05 05:09:29 -07:00
|
|
|
|
|
|
|
user = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "netdata";
|
|
|
|
description = "User account under which netdata runs.";
|
|
|
|
};
|
|
|
|
|
|
|
|
group = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "netdata";
|
|
|
|
description = "Group under which netdata runs.";
|
|
|
|
};
|
|
|
|
|
|
|
|
configText = mkOption {
|
2017-10-17 16:51:41 -07:00
|
|
|
type = types.nullOr types.lines;
|
|
|
|
description = "Verbatim netdata.conf, cannot be combined with config.";
|
|
|
|
default = null;
|
2016-11-05 05:09:29 -07:00
|
|
|
example = ''
|
|
|
|
[global]
|
|
|
|
debug log = syslog
|
|
|
|
access log = syslog
|
|
|
|
error log = syslog
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2017-10-17 16:51:41 -07:00
|
|
|
config = mkOption {
|
|
|
|
type = types.attrsOf types.attrs;
|
|
|
|
default = {};
|
|
|
|
description = "netdata.conf configuration as nix attributes. cannot be combined with configText.";
|
|
|
|
example = literalExample ''
|
|
|
|
global = {
|
|
|
|
"debug log" = "syslog";
|
|
|
|
"access log" = "syslog";
|
|
|
|
"error log" = "syslog";
|
|
|
|
};
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2016-11-05 05:09:29 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2017-10-17 16:51:41 -07:00
|
|
|
assertions =
|
|
|
|
[ { assertion = cfg.config != {} -> cfg.configText == null ;
|
|
|
|
message = "Cannot specify both config and configText";
|
|
|
|
}
|
|
|
|
];
|
2016-11-05 05:09:29 -07:00
|
|
|
systemd.services.netdata = {
|
2017-10-17 16:51:41 -07:00
|
|
|
path = with pkgs; [ gawk curl ];
|
2016-11-05 05:09:29 -07:00
|
|
|
description = "Real time performance monitoring";
|
|
|
|
after = [ "network.target" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
preStart = concatStringsSep "\n" (map (dir: ''
|
|
|
|
mkdir -vp ${dir}
|
|
|
|
chmod 750 ${dir}
|
|
|
|
chown -R ${cfg.user}:${cfg.group} ${dir}
|
|
|
|
'') [ "/var/cache/netdata"
|
|
|
|
"/var/log/netdata"
|
|
|
|
"/var/lib/netdata" ]);
|
|
|
|
serviceConfig = {
|
|
|
|
User = cfg.user;
|
|
|
|
Group = cfg.group;
|
|
|
|
PermissionsStartOnly = true;
|
|
|
|
ExecStart = "${pkgs.netdata}/bin/netdata -D -c ${configFile}";
|
|
|
|
TimeoutStopSec = 60;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2017-10-17 16:51:41 -07:00
|
|
|
security.wrappers."apps.plugin" = {
|
2018-10-12 01:57:45 -07:00
|
|
|
source = "${pkgs.netdata}/libexec/netdata/plugins.d/apps.plugin.org";
|
2017-10-17 16:51:41 -07:00
|
|
|
capabilities = "cap_dac_read_search,cap_sys_ptrace+ep";
|
|
|
|
owner = cfg.user;
|
|
|
|
group = cfg.group;
|
|
|
|
permissions = "u+rx,g+rx,o-rwx";
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2018-06-29 16:58:35 -07:00
|
|
|
users.users = optional (cfg.user == defaultUser) {
|
2016-11-05 05:09:29 -07:00
|
|
|
name = defaultUser;
|
|
|
|
};
|
|
|
|
|
2018-06-29 16:58:35 -07:00
|
|
|
users.groups = optional (cfg.group == defaultUser) {
|
2016-11-05 05:09:29 -07:00
|
|
|
name = defaultUser;
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
}
|