mirror of
https://github.com/grafana/grafana.git
synced 2024-11-27 19:30:36 -06:00
ca4b35e596
* Remove privateusers=true from grafana-server.service
55 lines
1.6 KiB
Desktop File
55 lines
1.6 KiB
Desktop File
[Unit]
|
|
Description=Grafana instance
|
|
Documentation=http://docs.grafana.org
|
|
Wants=network-online.target
|
|
After=network-online.target
|
|
After=postgresql.service mariadb.service mysql.service
|
|
|
|
[Service]
|
|
EnvironmentFile=/etc/default/grafana-server
|
|
User=grafana
|
|
Group=grafana
|
|
Type=simple
|
|
Restart=on-failure
|
|
WorkingDirectory=/usr/share/grafana
|
|
RuntimeDirectory=grafana
|
|
RuntimeDirectoryMode=0750
|
|
ExecStart=/usr/sbin/grafana-server \
|
|
--config=${CONF_FILE} \
|
|
--pidfile=${PID_FILE_DIR}/grafana-server.pid \
|
|
--packaging=deb \
|
|
cfg:default.paths.logs=${LOG_DIR} \
|
|
cfg:default.paths.data=${DATA_DIR} \
|
|
cfg:default.paths.plugins=${PLUGINS_DIR} \
|
|
cfg:default.paths.provisioning=${PROVISIONING_CFG_DIR}
|
|
|
|
|
|
LimitNOFILE=10000
|
|
TimeoutStopSec=20
|
|
CapabilityBoundingSet=
|
|
DeviceAllow=
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=false
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectProc=invisible
|
|
ProtectSystem=full
|
|
RemoveIPC=true
|
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|
|
RestrictSUIDSGID=true
|
|
SystemCallArchitectures=native
|
|
UMask=0027
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|