prometheus/nftables exporter: fix sytemd service unit

author: Christian Pointner <equinox@spreadspace.org> 2023-08-25 11:56:39 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2023-08-25 11:56:39 +0200
commit: a23f082a05f614cb54016634670cde315b2fc5d8 (patch)
tree: c9c25fbec1dfa8478dc154f014be97fc154e804c /roles/monitoring/prometheus
parent: update repo key for grafana apt repo (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
index b22d9582..ad67b0cf 100644
--- a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
+++ b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
@@ -1,12 +1,10 @@
 [Unit]
 Description=Prometheus nftables exporter
-After=systemd-modules-load.service
 
 [Service]
 Restart=always
 User=prometheus-exporter
 ExecStart=/usr/bin/prometheus-nftables-exporter --config=/etc/prometheus/exporter/nftables/config.yml
-ExecReload=/bin/kill -HUP $MAINPID
 
 # systemd hardening-options
 AmbientCapabilities=CAP_NET_ADMIN
@@ -16,6 +14,7 @@ DevicePolicy=strict
 LockPersonality=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
+PrivateDevices=true
 PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true
author	Christian Pointner <equinox@spreadspace.org>	2023-08-25 11:56:39 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2023-08-25 11:56:39 +0200
commit	a23f082a05f614cb54016634670cde315b2fc5d8 (patch)
tree	c9c25fbec1dfa8478dc154f014be97fc154e804c /roles/monitoring/prometheus
parent	update repo key for grafana apt repo (diff)