|
|
|
@ -9,9 +9,9 @@ let |
|
|
|
|
mkdir -p $out/libexec/netdata/plugins.d |
|
|
|
|
ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin |
|
|
|
|
ln -s /run/wrappers/bin/cgroup-network $out/libexec/netdata/plugins.d/cgroup-network |
|
|
|
|
ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin |
|
|
|
|
ln -s /run/wrappers/bin/perf.plugin $out/libexec/netdata/plugins.d/perf.plugin |
|
|
|
|
ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin |
|
|
|
|
ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin |
|
|
|
|
''; |
|
|
|
|
|
|
|
|
|
plugins = [ |
|
|
|
@ -211,44 +211,47 @@ in { |
|
|
|
|
|
|
|
|
|
systemd.enableCgroupAccounting = true; |
|
|
|
|
|
|
|
|
|
security.wrappers."apps.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org"; |
|
|
|
|
capabilities = "cap_dac_read_search,cap_sys_ptrace+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
security.wrappers = { |
|
|
|
|
"apps.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org"; |
|
|
|
|
capabilities = "cap_dac_read_search,cap_sys_ptrace+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
security.wrappers."cgroup-network" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/cgroup-network.org"; |
|
|
|
|
capabilities = "cap_setuid+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
"cgroup-network" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/cgroup-network.org"; |
|
|
|
|
capabilities = "cap_setuid+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
security.wrappers."freeipmi.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/freeipmi.plugin.org"; |
|
|
|
|
capabilities = "cap_dac_override,cap_fowner+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
"perf.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/perf.plugin.org"; |
|
|
|
|
capabilities = "cap_sys_admin+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
security.wrappers."perf.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/perf.plugin.org"; |
|
|
|
|
capabilities = "cap_sys_admin+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
"slabinfo.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org"; |
|
|
|
|
capabilities = "cap_dac_override+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
security.wrappers."slabinfo.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org"; |
|
|
|
|
capabilities = "cap_dac_override+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
} // optionalAttrs (cfg.package.withIpmi) { |
|
|
|
|
"freeipmi.plugin" = { |
|
|
|
|
source = "${cfg.package}/libexec/netdata/plugins.d/freeipmi.plugin.org"; |
|
|
|
|
capabilities = "cap_dac_override,cap_fowner+ep"; |
|
|
|
|
owner = cfg.user; |
|
|
|
|
group = cfg.group; |
|
|
|
|
permissions = "u+rx,g+x,o-rwx"; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
security.pam.loginLimits = [ |
|
|
|
|