From a23f082a05f614cb54016634670cde315b2fc5d8 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 25 Aug 2023 11:56:39 +0200
Subject: prometheus/nftables exporter: fix sytemd service unit

---
 roles/monitoring/prometheus/exporter/nftables/templates/service.j2 | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'roles')

diff --git a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2 b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
index b22d9582..ad67b0cf 100644
--- a/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
+++ b/roles/monitoring/prometheus/exporter/nftables/templates/service.j2
@@ -1,12 +1,10 @@
 [Unit]
 Description=Prometheus nftables exporter
-After=systemd-modules-load.service
 
 [Service]
 Restart=always
 User=prometheus-exporter
 ExecStart=/usr/bin/prometheus-nftables-exporter --config=/etc/prometheus/exporter/nftables/config.yml
-ExecReload=/bin/kill -HUP $MAINPID
 
 # systemd hardening-options
 AmbientCapabilities=CAP_NET_ADMIN
@@ -16,6 +14,7 @@ DevicePolicy=strict
 LockPersonality=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
+PrivateDevices=true
 PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true
-- 
cgit v1.2.3