Skip to content
Snippets Groups Projects
Verified Commit f1075f12 authored by nd's avatar nd
Browse files

jail service

parent d1fb9915
No related branches found
No related tags found
No related merge requests found
Pipeline #8974 waiting for manual action
Stage: build
Stage: package
Stage: autoupdate
Show whitespace changes
Inline Side-by-side
debian/conffiles 0 → 100644
+ 1
0
View file @ f1075f12
#/etc/prometheus-hcloud-exporter/
prometheus-hcloud-exporter@.service
+ 29
1
View file @ f1075f12
[Unit] [Unit]
Description=Prometheus exporter for hetzner cloud metrics Description=Prometheus exporter for hetzner cloud metrics
After=network.target
[Service] [Service]
Restart=always Restart=always
DynamicUser=yes RestartSec=10
DynamicUser=true
PrivateUsers=true
CapabilityBoundingSet=
NoNewPrivileges=true
RemoveIPC=true
LockPersonality=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectClock=true
ProtectHostname=true
ProtectProc=noaccess
RestrictRealtime=true
RestrictSUIDSGID=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
MemoryDenyWriteExecute=true
EnvironmentFile=/etc/prometheus-hcloud-exporter/%i.env EnvironmentFile=/etc/prometheus-hcloud-exporter/%i.env
ExecStart=/usr/bin/prometheus-hcloud-exporter $ARGS ExecStart=/usr/bin/prometheus-hcloud-exporter $ARGS
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment

Impressum - Datenschutzerklärung