Add privacy-focused Netdata configuration and Glances service

- Add Netdata config with cloud features disabled - Configure localhost-only binding for security - Disable telemetry and registry features - Add systemd service configuration for Glances web server - Ensure monitoring services run with proper isolation
2025-09-09 21:12:27 +02:00
parent fe9651f2fa
commit c5849679f9
2 changed files with 49 additions and 0 deletions
--- a/config/netdata/netdata.conf
+++ b/config/netdata/netdata.conf
@@ -0,0 +1,31 @@
+# DEPLOYMENT LOCATION: /etc/netdata/netdata.conf
+# Deploy with: sudo cp config/netdata/netdata.conf /etc/netdata/netdata.conf
+
+[global]
+    # Run as netdata user
+    run as user = netdata
+    
+    # Bind only to localhost (security)
+    bind socket to IP = 127.0.0.1
+    default port = 19999
+    
+    # Disable telemetry and cloud features
+    telemetry enabled = no
+
+[web]
+    # Web server settings
+    web files owner = root
+    web files group = netdata
+    
+    # Only allow access from localhost (reverse proxy)
+    allow connections from = localhost 127.0.0.1
+    allow dashboard from = localhost 127.0.0.1
+    allow management from = localhost 127.0.0.1
+
+[cloud]
+    # Completely disable Netdata Cloud
+    enabled = no
+    
+[registry]
+    # Disable registry (used for cloud)
+    enabled = no
--- a/config/systemd/glances-web.service
+++ b/config/systemd/glances-web.service
@@ -0,0 +1,18 @@
+# DEPLOYMENT LOCATION: /etc/systemd/system/glances-web.service
+# Deploy with: sudo cp config/systemd/glances-web.service /etc/systemd/system/
+# Enable with: sudo systemctl daemon-reload && sudo systemctl enable --now glances-web.service
+
+[Unit]
+Description=Glances Web Server
+After=network.target
+
+[Service]
+Type=simple
+User=glances
+Group=glances
+ExecStart=/usr/bin/glances -w -p 61208 --disable-plugin docker
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target