{{ ansible_managed | comment }}
[Unit]
Description=Prometheus
After=network-online.target
Requires=local-fs.target
After=local-fs.target

[Service]
Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus | default(ansible_processor_count) }}"
User={{ prometheus_user }}
Group={{ prometheus_group }}
WorkingDirectory={{ prometheus_base_dir }}
ExecReload=/bin/kill -HUP $MAINPID
ExecStart={{ prometheus_base_dir }}/prometheus \
  --storage.tsdb.path={{ prometheus_data_dir }} \
  --storage.tsdb.retention.time={{ prometheus_storage_retention }} \
  --storage.tsdb.retention.size={{ prometheus_storage_retention_size }} \
  --web.config.file={{ prometheus_config_dir }}/web.yml \
  --web.console.libraries={{ prometheus_base_dir }}/console_libraries \
  --web.console.templates={{ prometheus_base_dir }}/consoles \
  --web.listen-address={{ prometheus_web_bind_ip }}:{{ prometheus_web_bind_port }} \
  --web.external-url={{ prometheus_web_external_url }} \
{% for flag in prometheus_config_flags_extra %}
{% if flag.value is not defined %}
  --{{ flag.name }} \
{% elif flag.value is string %}
  --{{ flag.name }}={{ flag.value }} \
{% elif flag.value is sequence %}
{% for flag_value_item in flag.value %}
  --{{ flag.name }}={{ flag_value_item }} \
{% endfor %}
{% endif %}
{% endfor %}
  --log.level={{ prometheus_log_level }} \
  --config.file={{ prometheus_config_dir }}/prometheus.yml

LimitNOFILE=65000
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true

ReadWriteDirectories={{ prometheus_data_dir }}
{% for path in prometheus_read_only_dirs %}
ReadOnlyDirectories={{ path }}
{% endfor %}

ProtectSystem=full
SyslogIdentifier=prometheus
Restart=on-failure

[Install]
WantedBy=multi-user.target