{{ ansible_managed | comment }}

[Unit]
Description = Prometheus timeseries database

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ monitoring_prometheus_containerimage }}:{{ monitoring_prometheus_image_tag }}
ContainerName = prometheus

Exec = --config.file=/etc/prometheus/prometheus.yml \
    --storage.tsdb.path=/prometheus \
    --storage.tsdb.retention.time={{ monitoring_prometheus_retention_time }} \
    --web.console.libraries=/usr/share/prometheus/console_libraries \
    --web.console.templates=/usr/share/prometheus/consoles \
{% if monitoring_prometheus_write_receiver_enable %}
    --web.enable-remote-write-receiver \
{% endif %}
    --log.level={{ monitoring_prometheus_loglevel }}

AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
ReadOnly = true
DropCapability = all
UserNS = auto:size=65535
{% if monitoring_prometheus_selinux_level != omit %}
SecurityLabelLevel = {{ monitoring_prometheus_selinux_level }}
{% endif %}

Network = caddy.network

ExposeHostPort = 9090

Volume = {{ monitoring_install_dir }}/prometheus/data:/prometheus:U
Volume = {{ monitoring_install_dir }}/prometheus/config:/etc/prometheus:ro,U

PodmanArgs = --memory={{ monitoring_prometheus_memory_high }}
PodmanArgs = --memory-swap={{ monitoring_prometheus_swap_max }}
PodmanArgs = --memory-reservation={{ monitoring_prometheus_memory_low }}

[Install]
WantedBy = default.target