Tweak monitoring and varnish start options
This commit is contained in:
parent
806a6acd9d
commit
5203629648
|
@ -1,6 +1,6 @@
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=/usr/sbin/grafana-server --config=/etc/grafana/grafana.ini --pidfile=/run/grafana-server.pid --packaging=deb cfg:default.paths.logs=/var/log/grafana
|
ExecStart=/usr/sbin/grafana-server --config=/etc/grafana/grafana.ini --pidfile=/run/grafana/grafana-server.pid --packaging=deb cfg:default.paths.logs=/var/log/grafana cfg:default.paths.data=/tmp/data cfg:default.paths.plugins=/tmp/plugins cfg:default.paths.provisioning=/tmp/provision
|
||||||
# TODO: Store or provision a set of plugins, prefferably the latter
|
# TODO: Store or provision a set of plugins, prefferably the latter
|
||||||
|
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
|
@ -8,6 +8,8 @@ PrivateUsers=true
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
TemporaryFileSystem=/:ro
|
TemporaryFileSystem=/:ro
|
||||||
BindReadOnlyPaths=/etc/grafana /usr /lib /lib64
|
BindReadOnlyPaths=/etc/grafana /usr /lib /lib64
|
||||||
|
LogsDirectory=grafana
|
||||||
|
RuntimeDirectory=grafana
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectKernelModules=yes
|
ProtectKernelModules=yes
|
||||||
ProtectKernelTunables=yes
|
ProtectKernelTunables=yes
|
||||||
|
|
|
@ -10,7 +10,6 @@ TemporaryFileSystem=/:ro
|
||||||
BindReadOnlyPaths=/etc/influxdb /usr /lib /lib64
|
BindReadOnlyPaths=/etc/influxdb /usr /lib /lib64
|
||||||
BindPaths={{ influxdb.storage }}
|
BindPaths={{ influxdb.storage }}
|
||||||
|
|
||||||
SecureBits=noroot
|
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
PrivateUsers=true
|
PrivateUsers=true
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
[Service]
|
[Service]
|
||||||
|
EnvironmentFile=
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d
|
||||||
|
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
PrivateUsers=true
|
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
TemporaryFileSystem=/:ro
|
TemporaryFileSystem=/:ro
|
||||||
BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys
|
BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }} -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl
|
ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }} -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl -s malloc,256m
|
||||||
|
|
Reference in New Issue