diff --git a/defaults/main.yml b/defaults/main.yml
index 83e183c..05d389a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -113,7 +113,11 @@ prometheus_alert_rules:
     labels:
       severity: warning
     annotations:
-      description: "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty."
+      description: >-
+        This is an alert meant to ensure that the entire alerting pipeline is functional.
+        This alert is always firing, therefore it should always be firing in Alertmanager
+        and always fire against a receiver. There are integrations with various notification
+        mechanisms that send a notification when this alert is not firing.
       summary: "Ensure entire alerting pipeline is functional"
   - alert: InstanceDown
     expr: "up == 0"
diff --git a/molecule/centos7/molecule.yml b/molecule/centos7/molecule.yml
index f636281..cf21ea7 100644
--- a/molecule/centos7/molecule.yml
+++ b/molecule/centos7/molecule.yml
@@ -3,6 +3,7 @@ dependency:
   name: galaxy
   options:
     role-file: molecule/requirements.yml
+    requirements-file: molecule/requirements.yml
   env:
     ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
 driver:
@@ -18,5 +19,6 @@ provisioner:
   env:
     ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
     ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
+  log: False
 verifier:
   name: testinfra
diff --git a/tasks/setup.yml b/tasks/setup.yml
index 9defb1b..a769aad 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -27,11 +27,10 @@
         extra_opts:
           - --strip-components=1
         remote_src: yes
-        include:
-          - prometheus-{{ prometheus_version }}.linux-amd64/consoles/
-          - prometheus-{{ prometheus_version }}.linux-amd64/console_libraries/
-          - prometheus-{{ prometheus_version }}.linux-amd64/prometheus
-          - prometheus-{{ prometheus_version }}.linux-amd64/promtool
+        exclude:
+          - prometheus-{{ prometheus_version }}.linux-amd64/LICENSE
+          - prometheus-{{ prometheus_version }}.linux-amd64/NOTICE
+          - prometheus-{{ prometheus_version }}.linux-amd64/prometheus.yml
       notify: __prometheus_restart
   become: True
   become_user: "{{ prometheus_user }}"
@@ -48,8 +47,8 @@
       notify: __prometheus_reload
 
     - name: Copy prometheus web config file
-      copy:
-        content: "{{ prometheus_web_config | to_nice_yaml(indent=2) }}"
+      template:
+        src: "conf/web.yml.j2"
         dest: "{{ prometheus_config_dir }}/web.yml"
         owner: "{{ prometheus_user }}"
         group: "{{ prometheus_user }}"
diff --git a/templates/conf/web.yml.j2 b/templates/conf/web.yml.j2
new file mode 100644
index 0000000..04fa7b9
--- /dev/null
+++ b/templates/conf/web.yml.j2
@@ -0,0 +1,4 @@
+#jinja2: lstrip_blocks: True
+{{ ansible_managed | comment }}
+
+{{ prometheus_web_config | to_nice_yaml(indent=2) }}
diff --git a/templates/etc/systemd/system/prometheus.service.j2 b/templates/etc/systemd/system/prometheus.service.j2
index 7ce9a2d..8eb0e6d 100644
--- a/templates/etc/systemd/system/prometheus.service.j2
+++ b/templates/etc/systemd/system/prometheus.service.j2
@@ -34,16 +34,11 @@ ExecStart={{ prometheus_base_dir }}/prometheus \
 {% endfor %}
   --config.file={{ prometheus_config_dir }}/prometheus.yml
 
-CapabilityBoundingSet=CAP_SET_UID
 LimitNOFILE=65000
-LockPersonality=true
 NoNewPrivileges=true
-MemoryDenyWriteExecute=true
 PrivateDevices=true
 PrivateTmp=true
 ProtectHome=true
-RemoveIPC=true
-RestrictSUIDSGID=true
 
 ReadWriteDirectories={{ prometheus_data_dir }}
 {% for path in prometheus_read_only_dirs %}