1 files changed, 34 insertions, 0 deletions
diff --git a/prometheus-opnsense-exporter@.service b/prometheus-opnsense-exporter@.service
new file mode 100644
index 000000000000..81f6f513cca7
--- /dev/null
+++ b/prometheus-opnsense-exporter@.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=Prometheus exporter for OPNsense metrics for %I
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+DynamicUser=yes
+User=opnsense-exporter
+Restart=on-failure
+EnvironmentFile=-/etc/conf.d/prometheus-opnsense-exporter.%I
+ExecStart=/usr/bin/prometheus-opnsense-exporter --exporter.instance-label=%I $OPNSENSE_EXPORTER_ARGS
+
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=true
+PrivateDevices=yes
+PrivateTmp=disconnected
+PrivateUsers=yes
+ProcSubset=pid
+ProtectClock=yes
+ProtectControlGroups=strict
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+RestrictNamespaces=yes
+RestrictRealtime=yes
+
+[Install]
+WantedBy=multi-user.target
+DefaultInstance=opnsense