[Unit]
Description=Real time performance monitoring
After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service

[Service]
Type=simple
WorkingDirectory=/tmp
User=netdata
Group=netdata
RuntimeDirectory=netdata
ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata
ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata
ExecStartPre=/bin/chmod 0775 @localstatedir_POST@/run/netdata
ExecStart=@sbindir_POST@/netdata -D -P @localstatedir_POST@/run/netdata/netdata.pid

# -----------------------------------------------------------------------------
# Stopping netdata

KillMode=mixed
KillSignal=SIGTERM

# saving a big db on slow disks may need some time
TimeoutStopSec=60

# and disable SIGKILL - if sent during save, we will loose the db
SendSIGKILL=no

# -----------------------------------------------------------------------------
# Hardening netdata

# These will apply these capabilities to the entire netdata process tree
# We don't want this - only apps.plugin needs them
# AmbientCapabilities=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE
# CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE

PrivateTmp=true
ProtectSystem=full
ProtectHome=read-only

# is implicitly set by the MemoryDenyWriteExecute=true
# NoNewPrivileges=true

# Do not enable - it makes node.js plugins to crash
# MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target