Merge pull request #298641 from RaitoBezarius/netdata-45

    ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin

    ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin

    ln -s /run/wrappers/bin/systemd-journal.plugin $out/libexec/netdata/plugins.d/systemd-journal.plugin

    ln -s /run/wrappers/bin/logs-management.plugin $out/libexec/netdata/plugins.d/logs-management.plugin

    ln -s /run/wrappers/bin/network-viewer.plugin $out/libexec/netdata/plugins.d/network-viewer.plugin

    ln -s /run/wrappers/bin/debugfs.plugin $out/libexec/netdata/plugins.d/debugfs.plugin

  '';

  plugins = [

  defaultUser = "netdata";

  isThereAnyWireGuardTunnels = config.networking.wireguard.enable || lib.any (c: lib.hasAttrByPath [ "netdevConfig" "Kind" ] c && c.netdevConfig.Kind == "wireguard") (builtins.attrValues config.systemd.network.netdevs);

in {

  options = {

    services.netdata = {

            Whether to enable python-based plugins

          '';

        };

        recommendedPythonPackages = mkOption {

          type = types.bool;

          default = false;

          description = ''

            Whether to enable a set of recommended Python plugins

            by installing extra Python packages.

          '';

        };

        extraPackages = mkOption {

          type = types.functionTo (types.listOf types.package);

          default = ps: [];

        }

      ];

    # Includes a set of recommended Python plugins in exchange of imperfect disk consumption.

    services.netdata.python.extraPackages = lib.mkIf cfg.python.recommendedPythonPackages (ps: [

      ps.requests

      ps.pandas

      ps.numpy

      ps.psycopg2

      ps.python-ldap

      ps.netdata-pandas

      ps.changefinder

    ]);

    services.netdata.configDir.".opt-out-from-anonymous-statistics" = mkIf (!cfg.enableAnalyticsReporting) (pkgs.writeText ".opt-out-from-anonymous-statistics" "");

    environment.etc."netdata/netdata.conf".source = configFile;

    environment.etc."netdata/conf.d".source = configDirectory;

    systemd.services.netdata = {

      description = "Real time performance monitoring";

      after = [ "network.target" ];

      after = [ "network.target" "suid-sgid-wrappers.service" ];

      # No wrapper means no "useful" netdata.

      requires = [ "suid-sgid-wrappers.service" ];

      wantedBy = [ "multi-user.target" ];

      path = (with pkgs; [

          curl

          which

          procps

          bash

          nvme-cli # for go.d

          iw # for charts.d

          apcupsd # for charts.d

          # TODO: firehol # for FireQoS -- this requires more NixOS module support.

          util-linux # provides logger command; required for syslog health alarms

      ])

        ++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages)

        ++ lib.optional config.virtualisation.libvirtd.enable (config.virtualisation.libvirtd.package);

        ++ lib.optional config.virtualisation.libvirtd.enable config.virtualisation.libvirtd.package

        ++ lib.optional config.virtualisation.docker.enable config.virtualisation.docker.package

        ++ lib.optionals config.virtualisation.podman.enable [ pkgs.jq config.virtualisation.podman.package ];

      environment = {

        PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules";

        NETDATA_PIPENAME = "/run/netdata/ipc";

        # Configuration directory and mode

        ConfigurationDirectory = "netdata";

        ConfigurationDirectoryMode = "0755";

        # AmbientCapabilities

        AmbientCapabilities = lib.optional isThereAnyWireGuardTunnels "CAP_NET_ADMIN";

        # Capabilities

        CapabilityBoundingSet = [

          "CAP_DAC_OVERRIDE"      # is required for freeipmi and slabinfo plugins

          "CAP_SYS_CHROOT"        # is required for cgroups plugin

          "CAP_SETUID"            # is required for cgroups and cgroups-network plugins

          "CAP_SYSLOG"            # is required for systemd-journal plugin

        ];

        ] ++ lib.optional isThereAnyWireGuardTunnels "CAP_NET_ADMIN";

        # Sandboxing

        ProtectSystem = "full";

        ProtectHome = "read-only";

        permissions = "u+rx,g+x,o-rwx";

      };

      "debugfs.plugin" = {

        source = "${cfg.package}/libexec/netdata/plugins.d/debugfs.plugin.org";

        capabilities = "cap_dac_read_search+ep";

        owner = cfg.user;

        group = cfg.group;

        permissions = "u+rx,g+x,o-rwx";

      };

      "cgroup-network" = {

        source = "${cfg.package}/libexec/netdata/plugins.d/cgroup-network.org";

        capabilities = "cap_setuid+ep";

        permissions = "u+rx,g+x,o-rwx";

      };

      "logs-management.plugin" = {

        source = "${cfg.package}/libexec/netdata/plugins.d/logs-management.plugin.org";

        capabilities = "cap_dac_read_search,cap_syslog+ep";

        owner = cfg.user;

        group = cfg.group;

        permissions = "u+rx,g+x,o-rwx";

      };

      "slabinfo.plugin" = {

        source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org";

        capabilities = "cap_dac_override+ep";

        group = cfg.group;

        permissions = "u+rx,g+x,o-rwx";

      };

    } // optionalAttrs (cfg.package.withNetworkViewer) {

      "network-viewer.plugin" = {

        source = "${cfg.package}/libexec/netdata/plugins.d/network-viewer.plugin.org";

        capabilities = "cap_sys_admin,cap_dac_read_search,cap_sys_ptrace+ep";

        owner = cfg.user;

        group = cfg.group;

        permissions = "u+rx,g+x,o-rwx";

      };

    };

    security.pam.loginLimits = [

      ${defaultUser} = {

        group = defaultUser;

        isSystemUser = true;

        extraGroups = lib.optional config.virtualisation.docker.enable "docker"

          ++ lib.optional config.virtualisation.podman.enable "podman";

      };

    };

      { pkgs, ... }:

        {

          environment.systemPackages = with pkgs; [ curl jq netdata ];

          services.netdata.enable = true;

          services.netdata = {

            enable = true;

            python.recommendedPythonPackages = true;

          };

        };

    };

{ lib

, buildPythonPackage

, fetchFromGitHub

, setuptools

, numpy

, scipy

, statsmodels

}:

buildPythonPackage {

  pname = "changefinder";

  version = "unstable-2024-03-24";

  pyproject = true;

  src = fetchFromGitHub {

    owner = "shunsukeaihara";

    repo = "changefinder";

    rev = "58c8c32f127b9e46f9823f36221f194bdb6f3f8b";

    hash = "sha256-1If0gIsMU8673fKSSHVMvDgR1UnYgM/4HiyvZJ9T6VM=";

  };

  nativeBuildInputs = [

    setuptools

  ];

  propagatedBuildInputs = [

    numpy

    scipy

    statsmodels

  ];

  pythonImportsCheck = [ "changefinder" ];

  meta = with lib; {

    description = "Online Change-Point Detection library based on ChangeFinder algorithm";

    homepage = "https://github.com/shunsukeaihara/changefinder";

    license = licenses.mit;

    maintainers = with maintainers; [ raitobezarius ];

  };

}

{ lib

, buildPythonPackage

, fetchFromGitHub

, setuptools

, pandas

, requests

, trio

, asks

}:

buildPythonPackage rec {

  pname = "netdata-pandas";

  version = "0.0.41";

  pyproject = true;

  src = fetchFromGitHub {

    owner = "netdata";

    repo = "netdata-pandas";

    rev = "v${version}";

    hash = "sha256-AXt8BKWyM3glm5hrRryb+vBzs3z2x61HhbR6DDZkh9o=";

  };

  nativeBuildInputs = [

    setuptools

  ];

  propagatedBuildInputs = [

    pandas

    requests

    trio

    asks

  ];

  pythonImportsCheck = [ "netdata_pandas" ];

  meta = with lib; {

    description = "A helper library to pull data from the netdata REST API into a pandas dataframe.";

    homepage = "https://github.com/netdata/netdata-pandas";

    license = licenses.asl20;

    maintainers = with maintainers; [ raitobezarius ];

  };

}

{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, pkg-config, makeWrapper

{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, pkg-config, makeWrapper

, CoreFoundation, IOKit, libossp_uuid

, nixosTests

, netdata-go-plugins

, bash, curl, jemalloc, json_c, libuv, zlib, libyaml

, bash, curl, jemalloc, json_c, libuv, zlib, libyaml, libelf, libbpf

, libcap, libuuid, lm_sensors, protobuf

, go, buildGoModule, ninja

, withCups ? false, cups

, withDBengine ? true, lz4

, withIpmi ? (!stdenv.isDarwin), freeipmi

, withSsl ? true, openssl

, withSystemdJournal ? (!stdenv.isDarwin), systemd

, withDebug ? false

, withEbpf ? false

, withNetworkViewer ? (!stdenv.isDarwin)

}:

stdenv.mkDerivation rec {

  # Don't forget to update go.d.plugin.nix as well

  version = "1.44.3";

  version = "1.45.4";

  pname = "netdata";

  src = fetchFromGitHub {

    repo = "netdata";

    rev = "v${version}";

    hash = if withCloudUi

      then "sha256-ahWaq6geEoc6NZ2oU/Dqnb0bjRXd+q1zaRGOSIYVYok="

      else "sha256-2Kvh2WuoJjJxsFKueMjCAbazqZdzoOTxakbPVsj9PBo=";

      then "sha256-g/wxKtpNsDw/ZaUokdip39enQHMysJE6pYGsApuL4po="

      # we delete the v2 GUI after fetching

      else "sha256-Mkrmvdr19sWzFOkdpt46mcsbA3CNpXy4w8um95xaWlo=";

    fetchSubmodules = true;

    # Remove v2 dashboard distributed under NCUL1. Make sure an empty

    # Makefile.am exists, as autoreconf will get confused otherwise.

    postFetch = lib.optionalString (!withCloudUi) ''

      rm -rf $out/web/gui/v2/*

      touch $out/web/gui/v2/Makefile.am

      rm -rf $out/src/web/gui/v2/*

      touch $out/src/web/gui/v2/Makefile.am

    '';

  };

  strictDeps = true;

  nativeBuildInputs = [ autoreconfHook pkg-config makeWrapper protobuf ];

  nativeBuildInputs = [ cmake pkg-config makeWrapper go ninja ];

  # bash is only used to rewrite shebangs

  buildInputs = [ bash curl jemalloc json_c libuv zlib libyaml ]

    ++ lib.optionals stdenv.isDarwin [ CoreFoundation IOKit libossp_uuid ]

    ++ lib.optionals withNetfilter [ libmnl libnetfilter_acct ]

    ++ lib.optionals withConnPubSub [ google-cloud-cpp grpc ]

    ++ lib.optionals withConnPrometheus [ snappy ]

    ++ lib.optionals withEbpf [ libelf libbpf ]

    ++ lib.optionals (withCloud || withConnPrometheus) [ protobuf ]

    ++ lib.optionals withSystemdJournal [ systemd ]

    ++ lib.optionals withSsl [ openssl ];

  patches = [

    # required to prevent plugins from relying on /etc

    # and /var

    ./no-files-in-etc-and-var.patch

    # Avoid build-only inputs in closure leaked by configure command:

    #   https://github.com/NixOS/nixpkgs/issues/175693#issuecomment-1143344162

    ./skip-CONFIGURE_COMMAND.patch

    # Allow building without non-free v2 dashboard.

    (fetchpatch {

      url = "https://github.com/peat-psuwit/netdata/commit/6ccbdd1500db2b205923968688d5f1777430a326.patch";

      hash = "sha256-jAyk5HlxdjFn5IP6jOKP8/SXOraMQSA6r1krThe+s7g=";

      url = "https://github.com/netdata/netdata/pull/17240/commits/b108df72281633234b731b223d99ec99f1d36adf.patch";

      hash = "sha256-tgsnbNY0pxFU3bz1J1qPaAeVsozsk2bpHV2mNy8A9is=";

    })

    # Allow for go.d plugins to access the right directory.

    # Can be removed once > v1.45.4 is released

    # https://github.com/netdata/netdata/pull/17661

    (fetchpatch {

      url = "https://patch-diff.githubusercontent.com/raw/netdata/netdata/pull/17661.patch";

      sha256 = "sha256-j+mrwkibQio2KO8UnV7sxzCoHmkcsalHNzP+YvrRz74=";

    })

  ];

  env.NIX_CFLAGS_COMPILE = lib.optionalString withDebug "-O1 -ggdb -DNETDATA_INTERNAL_CHECKS=1";

  postInstall = ''

    ln -s ${netdata-go-plugins}/lib/netdata/conf.d/* $out/lib/netdata/conf.d

    ln -s ${netdata-go-plugins}/bin/godplugin $out/libexec/netdata/plugins.d/go.d.plugin

    # Relocate one folder above.

    mv $out/usr/* $out/

  '' + lib.optionalString (!stdenv.isDarwin) ''

    # rename this plugin so netdata will look for setuid wrapper

    mv $out/libexec/netdata/plugins.d/apps.plugin \

       $out/libexec/netdata/plugins.d/perf.plugin.org

    mv $out/libexec/netdata/plugins.d/slabinfo.plugin \

       $out/libexec/netdata/plugins.d/slabinfo.plugin.org

    mv $out/libexec/netdata/plugins.d/debugfs.plugin \

       $out/libexec/netdata/plugins.d/debugfs.plugin.org

    mv $out/libexec/netdata/plugins.d/logs-management.plugin \

       $out/libexec/netdata/plugins.d/logs-management.plugin.org

    ${lib.optionalString withSystemdJournal ''

      mv $out/libexec/netdata/plugins.d/systemd-journal.plugin \

         $out/libexec/netdata/plugins.d/systemd-journal.plugin.org

      mv $out/libexec/netdata/plugins.d/freeipmi.plugin \

         $out/libexec/netdata/plugins.d/freeipmi.plugin.org

    ''}

    ${lib.optionalString withNetworkViewer ''

      mv $out/libexec/netdata/plugins.d/network-viewer.plugin \

         $out/libexec/netdata/plugins.d/network-viewer.plugin.org

    ''}

    ${lib.optionalString (!withCloudUi) ''

      rm -rf $out/share/netdata/web/index.html

      cp $out/share/netdata/web/v1/index.html $out/share/netdata/web/index.html

    ''}

  '';

  preConfigure = lib.optionalString (!stdenv.isDarwin) ''

    substituteInPlace collectors/python.d.plugin/python_modules/third_party/lm_sensors.py \

      --replace 'ctypes.util.find_library("sensors")' '"${lm_sensors.out}/lib/libsensors${stdenv.hostPlatform.extensions.sharedLibrary}"'

    substituteInPlace src/collectors/python.d.plugin/python_modules/third_party/lm_sensors.py \

      --replace-fail 'ctypes.util.find_library("sensors")' '"${lm_sensors.out}/lib/libsensors${stdenv.hostPlatform.extensions.sharedLibrary}"'

  '' + ''

    export GOCACHE=$TMPDIR/go-cache

    export GOPATH=$TMPDIR/go

    export GOPROXY=file://${passthru.netdata-go-modules}

    export GOSUMDB=off

    # Prevent the path to be caught into the Nix store path.

    substituteInPlace CMakeLists.txt \

      --replace-fail 'set(CACHE_DIR "''${CMAKE_INSTALL_PREFIX}/var/cache/netdata")' 'set(CACHE_DIR "/var/cache/netdata")' \

      --replace-fail 'set(CONFIG_DIR "''${CMAKE_INSTALL_PREFIX}/etc/netdata")' 'set(CONFIG_DIR "/etc/netdata")' \

      --replace-fail 'set(LIBCONFIG_DIR "''${CMAKE_INSTALL_PREFIX}/usr/lib/netdata/conf.d")' 'set(LIBCONFIG_DIR "${placeholder "out"}/share/netdata/conf.d")' \

      --replace-fail 'set(LOG_DIR "''${CMAKE_INSTALL_PREFIX}/var/log/netdata")' 'set(LOG_DIR "/var/log/netdata")' \

      --replace-fail 'set(PLUGINS_DIR "''${CMAKE_INSTALL_PREFIX}/usr/libexec/netdata/plugins.d")' 'set(PLUGINS_DIR "${placeholder "out"}/libexec/netdata/plugins.d")' \

      --replace-fail 'set(VARLIB_DIR "''${CMAKE_INSTALL_PREFIX}/var/lib/netdata")' 'set(VARLIB_DIR "/var/lib/netdata")' \

      --replace-fail 'set(pkglibexecdir_POST "''${CMAKE_INSTALL_PREFIX}/usr/libexec/netdata")' 'set(pkglibexecdir_POST "${placeholder "out"}/libexec/netdata")' \

      --replace-fail 'set(localstatedir_POST "''${CMAKE_INSTALL_PREFIX}/var")' 'set(localstatedir_POST "/var")' \

      --replace-fail 'set(sbindir_POST "''${CMAKE_INSTALL_PREFIX}/usr/sbin")' 'set(sbindir_POST "${placeholder "out"}/bin")' \

      --replace-fail 'set(configdir_POST "''${CMAKE_INSTALL_PREFIX}/etc/netdata")' 'set(configdir_POST "/etc/netdata")' \

      --replace-fail 'set(libconfigdir_POST "''${CMAKE_INSTALL_PREFIX}/usr/lib/netdata/conf.d")' 'set(libconfigdir_POST "${placeholder "out"}/share/netdata/conf.d")' \

      --replace-fail 'set(cachedir_POST "''${CMAKE_INSTALL_PREFIX}/var/cache/netdata")' 'set(libconfigdir_POST "/var/cache/netdata")' \

      --replace-fail 'set(registrydir_POST "''${CMAKE_INSTALL_PREFIX}/var/lib/netdata/registry")' 'set(registrydir_POST "/var/lib/netdata/registry")' \

      --replace-fail 'set(varlibdir_POST "''${CMAKE_INSTALL_PREFIX}/var/lib/netdata")' 'set(varlibdir_POST "/var/lib/netdata")'

  '';

  configureFlags = [

    "--localstatedir=/var"

    "--sysconfdir=/etc"

    "--disable-ebpf"

    "--with-jemalloc=${jemalloc}"

  ] ++ lib.optionals (withSystemdJournal) [

    "--enable-plugin-systemd-journal"

  ] ++ lib.optionals (!withDBengine) [

    "--disable-dbengine"

  ] ++ lib.optionals (!withCloud) [

    "--disable-cloud"

  ] ++ lib.optionals (!withCloudUi) [

    "--disable-cloud-ui"

  cmakeFlags = [

    "-DWEB_DIR=share/netdata/web"

    (lib.cmakeBool "ENABLE_CLOUD" withCloud)

    # ACLK is agent cloud link.

    (lib.cmakeBool "ENABLE_ACLK" withCloud)

    (lib.cmakeBool "ENABLE_DASHBOARD_V2" withCloudUi)

    (lib.cmakeBool "ENABLE_DBENGINE" withDBengine)

    (lib.cmakeBool "ENABLE_PLUGIN_FREEIPMI" withIpmi)

    (lib.cmakeBool "ENABLE_PLUGIN_SYSTEMD_JOURNAL" withSystemdJournal)

    (lib.cmakeBool "ENABLE_PLUGIN_NETWORK_VIEWER" withNetworkViewer)

    (lib.cmakeBool "ENABLE_PLUGIN_EBPF" withEbpf)

    (lib.cmakeBool "ENABLE_PLUGIN_XENSTAT" false)

    (lib.cmakeBool "ENABLE_PLUGIN_CUPS" withCups)

    (lib.cmakeBool "ENABLE_EXPORTER_PROMETHEUS_REMOTE_WRITE" withConnPrometheus)

    (lib.cmakeBool "ENABLE_JEMALLOC" true)

    # Suggested by upstream.

    "-G Ninja"

  ];

  postFixup = ''

    # remove once https://github.com/netdata/netdata/pull/16300 merged

    substituteInPlace $out/bin/netdata-claim.sh \

      --replace /bin/echo echo

    wrapProgram $out/bin/netdata-claim.sh --prefix PATH : ${lib.makeBinPath [ openssl ]}

    wrapProgram $out/libexec/netdata/plugins.d/cgroup-network-helper.sh --prefix PATH : ${lib.makeBinPath [ bash ]}

    wrapProgram $out/bin/netdatacli --set NETDATA_PIPENAME /run/netdata/ipc

    # Time to cleanup the output directory.

    unlink $out/sbin

    cp $out/etc/netdata/edit-config $out/bin/netdata-edit-config

    mv $out/lib/netdata/conf.d $out/share/netdata/conf.d

    rm -rf $out/{var,usr,etc}

  '';

  enableParallelBuild = true;

  passthru = {

    inherit withIpmi;

  passthru = rec {

    netdata-go-modules = (buildGoModule {

      pname = "netdata-go-plugins";

      inherit version src;

      sourceRoot = "${src.name}/src/go/collectors/go.d.plugin";

      vendorHash = "sha256-KO+xMk6fpZCYRyxxKrsGfOHJ2bwjBaSmkgz1jIUHaZs=";

      doCheck = false;

      proxyVendor = true;

      ldflags = [ "-s" "-w" "-X main.version=${version}" ];

      passthru.tests = tests;

      meta = meta // {

        description = "Netdata orchestrator for data collection modules written in Go";

        mainProgram = "godplugin";

        license = lib.licenses.gpl3Only;

      };

    }).goModules;

    inherit withIpmi withNetworkViewer;

    tests.netdata = nixosTests.netdata;

  };

  meta = with lib; {

    broken = stdenv.isDarwin || stdenv.buildPlatform != stdenv.hostPlatform;

    broken = stdenv.isDarwin || stdenv.buildPlatform != stdenv.hostPlatform || withEbpf;

    description = "Real-time performance monitoring tool";

    homepage = "https://www.netdata.cloud/";

    changelog = "https://github.com/netdata/netdata/releases/tag/v${version}";

    license = [ licenses.gpl3Plus ]

      ++ lib.optionals (withCloudUi) [ licenses.ncul1 ];

    platforms = platforms.unix;

    maintainers = with maintainers; [ raitobezarius ];

    maintainers = [ ];

  };

}