From c5849679f975baa9cd27276dfd8ae5dfb40471e2 Mon Sep 17 00:00:00 2001
From: Arpad Krejczinger <krejczinger.arpad@gmail.com>
Date: Tue, 9 Sep 2025 21:12:27 +0200
Subject: [PATCH] Add privacy-focused Netdata configuration and Glances service

- Add Netdata config with cloud features disabled
- Configure localhost-only binding for security
- Disable telemetry and registry features
- Add systemd service configuration for Glances web server
- Ensure monitoring services run with proper isolation
---
 config/netdata/netdata.conf        | 31 ++++++++++++++++++++++++++++++
 config/systemd/glances-web.service | 18 +++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 config/netdata/netdata.conf
 create mode 100644 config/systemd/glances-web.service

diff --git a/config/netdata/netdata.conf b/config/netdata/netdata.conf
new file mode 100644
index 0000000..12a3bd8
--- /dev/null
+++ b/config/netdata/netdata.conf
@@ -0,0 +1,31 @@
+# DEPLOYMENT LOCATION: /etc/netdata/netdata.conf
+# Deploy with: sudo cp config/netdata/netdata.conf /etc/netdata/netdata.conf
+
+[global]
+    # Run as netdata user
+    run as user = netdata
+    
+    # Bind only to localhost (security)
+    bind socket to IP = 127.0.0.1
+    default port = 19999
+    
+    # Disable telemetry and cloud features
+    telemetry enabled = no
+
+[web]
+    # Web server settings
+    web files owner = root
+    web files group = netdata
+    
+    # Only allow access from localhost (reverse proxy)
+    allow connections from = localhost 127.0.0.1
+    allow dashboard from = localhost 127.0.0.1
+    allow management from = localhost 127.0.0.1
+
+[cloud]
+    # Completely disable Netdata Cloud
+    enabled = no
+    
+[registry]
+    # Disable registry (used for cloud)
+    enabled = no
\ No newline at end of file
diff --git a/config/systemd/glances-web.service b/config/systemd/glances-web.service
new file mode 100644
index 0000000..3166d35
--- /dev/null
+++ b/config/systemd/glances-web.service
@@ -0,0 +1,18 @@
+# DEPLOYMENT LOCATION: /etc/systemd/system/glances-web.service
+# Deploy with: sudo cp config/systemd/glances-web.service /etc/systemd/system/
+# Enable with: sudo systemctl daemon-reload && sudo systemctl enable --now glances-web.service
+
+[Unit]
+Description=Glances Web Server
+After=network.target
+
+[Service]
+Type=simple
+User=glances
+Group=glances
+ExecStart=/usr/bin/glances -w -p 61208 --disable-plugin docker
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file