summaryrefslogtreecommitdiff
path: root/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/monitoring/prometheus/exporter/nftables/templates/service.j2')
-rw-r--r--roles/monitoring/prometheus/exporter/nftables/templates/service.j23
1 files changed, 1 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
index b22d9582..ad67b0cf 100644
--- a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
+++ b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
@@ -1,12 +1,10 @@
[Unit]
Description=Prometheus nftables exporter
-After=systemd-modules-load.service
[Service]
Restart=always
User=prometheus-exporter
ExecStart=/usr/bin/prometheus-nftables-exporter --config=/etc/prometheus/exporter/nftables/config.yml
-ExecReload=/bin/kill -HUP $MAINPID
# systemd hardening-options
AmbientCapabilities=CAP_NET_ADMIN
@@ -16,6 +14,7 @@ DevicePolicy=strict
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
+PrivateDevices=true
PrivateTmp=true
ProtectControlGroups=true
ProtectHome=true
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 03:08:40 +0000