ansible-collection-prometheus/roles/bind_exporter/templates/bind_exporter.service.j2

{{ ansible_managed | comment }}

[Unit]
Description=Prometheus BIND Exporter
After=network-online.target

[Service]
Type=simple
User={{ bind_exporter_system_user }}
Group={{ bind_exporter_system_group }}
ExecStart={{ bind_exporter_binary_install_dir }}/bind_exporter \
{% if bind_exporter_stats_groups | length > 0 %}
    --bind.stats-groups="{{ bind_exporter_stats_groups | join(',') }}" \
{% endif %}
{% if bind_exporter_tls_server_config | length > 0 or bind_exporter_http_server_config | length > 0 or bind_exporter_basic_auth_users | length > 0 %}
    --web.config.file={{ bind_exporter_config_dir }}/web_config.yml \
{% endif %}
    --bind.stats-url="{{ bind_exporter_stats_url }}" \
    --bind.timeout="{{ bind_exporter_timeout }}" \
    --bind.pid-file="{{ bind_exporter_pid_file }}" \
    --bind.stats-version={{ bind_exporter_stats_version }} \
{% if bind_exporter_web_listen_address is iterable and
      bind_exporter_web_listen_address is not mapping and
      bind_exporter_web_listen_address is not string %}
{%   for address in bind_exporter_web_listen_address %}
    --web.listen-address={{ address }} \
{%   endfor %}
{% else %}
    --web.listen-address={{ bind_exporter_web_listen_address }} \
{% endif %}
    --web.telemetry-path={{ bind_exporter_web_telemetry_path }}


SyslogIdentifier=bind_exporter
Restart=always
RestartSec=1
StartLimitInterval=0

{% set protect_home = 'yes' %}
{% for m in ansible_facts['mounts'] if m.mount.startswith('/home') %}
{%   set protect_home = 'read-only' %}
{% endfor %}
ProtectHome={{ protect_home }}
NoNewPrivileges=yes

{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
ProtectSystem=strict
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=yes
{% else %}
ProtectSystem=full
{% endif %}

[Install]
WantedBy=multi-user.target
feat: Add bind_exporter role Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 13:33:13 +03:00			`{{ ansible_managed \| comment }}`

			`[Unit]`
			`Description=Prometheus BIND Exporter`
			`After=network-online.target`

			`[Service]`
			`Type=simple`
			`User={{ bind_exporter_system_user }}`
			`Group={{ bind_exporter_system_group }}`
			`ExecStart={{ bind_exporter_binary_install_dir }}/bind_exporter \`
			`{% if bind_exporter_stats_groups \| length > 0 %}`
			`--bind.stats-groups="{{ bind_exporter_stats_groups \| join(',') }}" \`
			`{% endif %}`
			`{% if bind_exporter_tls_server_config \| length > 0 or bind_exporter_http_server_config \| length > 0 or bind_exporter_basic_auth_users \| length > 0 %}`
refactor(bind_exporter): delegate common tasks to _common role Signed-off-by: gardar <gardar@users.noreply.github.com> 2024-10-15 17:01:51 +00:00			`--web.config.file={{ bind_exporter_config_dir }}/web_config.yml \`
feat: Add bind_exporter role Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 13:33:13 +03:00			`{% endif %}`
			`--bind.stats-url="{{ bind_exporter_stats_url }}" \`
			`--bind.timeout="{{ bind_exporter_timeout }}" \`
			`--bind.pid-file="{{ bind_exporter_pid_file }}" \`
			`--bind.stats-version={{ bind_exporter_stats_version }} \`
fix: bind_exporter multiple listen addresses definition Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 22:04:27 +03:00			`{% if bind_exporter_web_listen_address is iterable and`
			`bind_exporter_web_listen_address is not mapping and`
			`bind_exporter_web_listen_address is not string %}`
			`{% for address in bind_exporter_web_listen_address %}`
			`--web.listen-address={{ address }} \`
			`{% endfor %}`
			`{% else %}`
feat: Add bind_exporter role Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 13:33:13 +03:00			`--web.listen-address={{ bind_exporter_web_listen_address }} \`
fix: bind_exporter multiple listen addresses definition Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 22:04:27 +03:00			`{% endif %}`
feat: Add bind_exporter role Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 13:33:13 +03:00			`--web.telemetry-path={{ bind_exporter_web_telemetry_path }}`


			`SyslogIdentifier=bind_exporter`
			`Restart=always`
			`RestartSec=1`
			`StartLimitInterval=0`

			`{% set protect_home = 'yes' %}`
Use variables from ansible_facts to allow ANSIBLE_INJECT_FACT_VARS to become false Signed-off-by: Marcus Klein <marcus.klein@open-xchange.com> 2024-11-28 10:25:38 +01:00			`{% for m in ansible_facts['mounts'] if m.mount.startswith('/home') %}`
feat: Add bind_exporter role Signed-off-by: anviar <oleg.kluchkin+github@gmail.com> 2024-02-23 13:33:13 +03:00			`{% set protect_home = 'read-only' %}`
			`{% endfor %}`
			`ProtectHome={{ protect_home }}`
			`NoNewPrivileges=yes`

			`{% if (ansible_facts.packages.systemd \| first).version is version('232', '>=') %}`
			`ProtectSystem=strict`
			`ProtectControlGroups=true`
			`ProtectKernelModules=true`
			`ProtectKernelTunables=yes`
			`{% else %}`
			`ProtectSystem=full`
			`{% endif %}`

			`[Install]`
			`WantedBy=multi-user.target`