From e1cae7cc17d7ad9d062bf7f561ee90712b51b5e8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 8 Nov 2022 09:38:18 +0100
Subject: ...

---
 hosts/surtr/prometheus/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'hosts/surtr/prometheus/default.nix')

diff --git a/hosts/surtr/prometheus/default.nix b/hosts/surtr/prometheus/default.nix
index 0f0cf586..685d117b 100644
--- a/hosts/surtr/prometheus/default.nix
+++ b/hosts/surtr/prometheus/default.nix
@@ -203,6 +203,12 @@ in {
       };
     };
 
+    systemd.services.prometheus = {
+      serviceConfig = {
+        SystemCallFilter = mkForce [ "@system-service" "~@privileged" ];
+      };
+    };
+
     sops.secrets."prometheus.key" = {
       format = "binary";
       sopsFile = ./tls.key;
-- 
cgit v1.2.3