ansible-systemd/templates/influxdb.service.j2

[Unit]
StartLimitIntervalSec=0

[Service]
Restart=on-failure
RestartSec=10

# TODO: Add mounts
TemporaryFileSystem=/:ro
BindReadOnlyPaths=/etc/influxdb /usr /lib /lib64
BindPaths={{ influxdb.data.path }}

ProtectSystem=strict
PrivateUsers=true
NoNewPrivileges=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
PrivateTmp=yes
PrivateDevices=yes
Add restarts and stricter sandbox. Add influx 2020-05-16 21:41:11 +00:00			`[Unit]`
			`StartLimitIntervalSec=0`

			`[Service]`
Set restart policies 2020-06-04 12:37:46 +00:00			`Restart=on-failure`
Add restarts and stricter sandbox. Add influx 2020-05-16 21:41:11 +00:00			`RestartSec=10`

			`# TODO: Add mounts`
			`TemporaryFileSystem=/:ro`
			`BindReadOnlyPaths=/etc/influxdb /usr /lib /lib64`
Use new zfs paths and add deps 2020-07-12 16:33:52 +00:00			`BindPaths={{ influxdb.data.path }}`
Add restarts and stricter sandbox. Add influx 2020-05-16 21:41:11 +00:00
			`ProtectSystem=strict`
			`PrivateUsers=true`
			`NoNewPrivileges=yes`
			`ProtectControlGroups=yes`
			`ProtectKernelModules=yes`
			`ProtectKernelTunables=yes`
			`RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK`
			`RestrictNamespaces=yes`
			`RestrictRealtime=yes`
			`RestrictSUIDSGID=yes`
			`MemoryDenyWriteExecute=yes`
			`LockPersonality=yes`
			`PrivateTmp=yes`
			`PrivateDevices=yes`