{{ ansible_managed | comment }}
[Unit]
Description=Alertmanager
After=network-online.target
Requires=local-fs.target
After=local-fs.target

[Service]
Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus | default(ansible_processor_count) }}"
User={{ alertmanager_user }}
Group={{ alertmanager_group }}
WorkingDirectory={{ alertmanager_base_dir }}
ExecReload=/bin/kill -HUP $MAINPID
ExecStart={{ alertmanager_base_dir }}/alertmanager \
  --storage.path={{ alertmanager_data_dir }} \
  --data.retention={{ alertmanager_storage_retention }} \
  --web.config.file={{ alertmanager_config_dir }}/web.yml \
  --web.listen-address={{ alertmanager_web_bind_ip }}:{{ alertmanager_web_bind_port }} \
  --web.external-url={{ alertmanager_web_external_url }} \
  --cluster.listen-address={{ alertmanager_cluster_bind_ip }}:{{ alertmanager_cluster_bind_port }} \
{% for flag in alertmanager_config_flags_extra %}
{% if flag.value is not defined %}
  --{{ flag.name }} \
{% elif flag.value is string %}
  --{{ flag.name }}={{ flag.value }} \
{% elif flag.value is sequence %}
{% for flag_value_item in flag.value %}
  --{{ flag.name }}={{ flag_value_item }} \
{% endfor %}
{% endif %}
{% endfor %}
  --log.level={{ alertmanager_log_level }} \
  --config.file={{ alertmanager_config_dir }}/alertmanager.yml

LimitNOFILE=65000
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true

ReadWriteDirectories={{ alertmanager_data_dir }}
{% for path in alertmanager_read_only_dirs %}
ReadOnlyDirectories={{ path }}
{% endfor %}

ProtectSystem=full
SyslogIdentifier=alertmanager
Restart=on-failure

[Install]
WantedBy=multi-user.target