Skip to content
Snippets Groups Projects
prometheus.service 874 B
Newer Older
[Unit]
Description=Prometheus service
Documentation=https://prometheus.io/docs/prometheus
Requires=network-online.target
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target

[Service]
User=prometheus
Group=prometheus
Restart=on-failure
WorkingDirectory=/usr/share/prometheus
EnvironmentFile=-/etc/conf.d/prometheus
ExecStart=/usr/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/data $PROMETHEUS_ARGS
ExecReload=/bin/kill -HUP $MAINPID
Jelle van der Waa's avatar
Jelle van der Waa committed
LimitNOFILE=65535
NoNewPrivileges=true
Johannes Löthberg's avatar
Johannes Löthberg committed
ProtectHome=true
ProtectSystem=full
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
LockPersonality=true
RestrictRealtime=yes
RestrictNamespaces=yes
MemoryDenyWriteExecute=yes
PrivateDevices=yes
CapabilityBoundingSet=

[Install]
WantedBy=multi-user.target