[Unit] Description=Prometheus ipmi exporter After=systemd-modules-load.service [Service] Restart=always ExecStart=/usr/bin/prometheus-ipmi-exporter --web.listen-address="127.0.0.1:9290" --config.file=/etc/prometheus/exporter/ipmi/config.yml --freeipmi.path="/usr/sbin" ExecReload=/bin/kill -HUP $MAINPID # systemd hardening-options AmbientCapabilities= CapabilityBoundingSet= DeviceAllow=/dev/null rw DeviceAllow=char-ipmidev rw DevicePolicy=strict LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateTmp=true ProtectControlGroups=true ProtectHome=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict RemoveIPC=true RestrictNamespaces=true RestrictRealtime=true SystemCallArchitectures=native [Install] WantedBy=multi-user.target