system/netdata.service.in

   1 [Unit]
   2 Description=Real time performance monitoring
   3 After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service
   4
   5 [Service]
   6 Type=simple
   7 WorkingDirectory=/tmp
   8 User=netdata
   9 Group=netdata
  10 RuntimeDirectory=netdata
  11 ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata
  12 ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata
  13 ExecStartPre=/bin/chmod 0775 @localstatedir_POST@/run/netdata
  14 ExecStart=@sbindir_POST@/netdata -D -P @localstatedir_POST@/run/netdata/netdata.pid
  15
  16 # -----------------------------------------------------------------------------
  17 # Stopping netdata
  18
  19 KillMode=mixed
  20 KillSignal=SIGTERM
  21
  22 # saving a big db on slow disks may need some time
  23 TimeoutStopSec=60
  24
  25 # and disable SIGKILL - if sent during save, we will loose the db
  26 SendSIGKILL=no
  27
  28 # -----------------------------------------------------------------------------
  29 # Hardening netdata
  30
  31 AmbientCapabilities=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE
  32 CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE
  33 PrivateTmp=true
  34 ProtectSystem=full
  35 ProtectHome=read-only
  36
  37 # is implicitly set by the MemoryDenyWriteExecute=true
  38 # NoNewPrivileges=true
  39
  40 # Do not enable - it makes node.js plugins to crash
  41 # MemoryDenyWriteExecute=true
  42
  43 [Install]
  44 WantedBy=multi-user.target