ansible-loki-role/templates/loki.service.j2

{{ ansible_managed | comment }}

[Unit]
Description=Loki
After=network-online.target

[Service]
Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}"
User={{ loki_user }}
Group={{ loki_group }}
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/loki \
  -config.file {{ loki_config_dir }}/loki.yml \

CapabilityBoundingSet=CAP_SET_UID
LimitNOFILE=65000
LockPersonality=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
RemoveIPC=true
RestrictSUIDSGID=true


SyslogIdentifier=loki
Restart=always

[Install]
WantedBy=multi-user.target
add promtail 2020-04-20 02:21:00 +02:00			`{{ ansible_managed \| comment }}`

			`[Unit]`
			`Description=Loki`
			`After=network-online.target`

			`[Service]`
			`Type=simple`
			`Environment="GOMAXPROCS={{ ansible_processor_vcpus\|default(ansible_processor_count) }}"`
			`User={{ loki_user }}`
			`Group={{ loki_group }}`
			`ExecReload=/bin/kill -HUP $MAINPID`
			`ExecStart=/usr/local/bin/loki \`
			`-config.file {{ loki_config_dir }}/loki.yml \`

			`CapabilityBoundingSet=CAP_SET_UID`
			`LimitNOFILE=65000`
			`LockPersonality=true`
			`NoNewPrivileges=true`
			`MemoryDenyWriteExecute=true`
			`PrivateDevices=true`
			`PrivateTmp=true`
			`ProtectHome=true`
			`RemoveIPC=true`
			`RestrictSUIDSGID=true`


			`SyslogIdentifier=loki`
			`Restart=always`

			`[Install]`
			`WantedBy=multi-user.target`