From e3a349e3a1ff4b27adecc386c1ef58ab916d1976 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 10 Aug 2022 18:19:24 -0500
Subject: [PATCH] pkg/alertmanager: Configure state directory

AlertManager is a stateful service, and as such needs a writable
location for its data.  Using the `StateDirectory` service unit
directive, we can configure systemd to create this directory
automatically, if it does not already exist when the service starts.

In order for the service to be able to write to the state directory, it
must have a stable UID.  This means it cannot use the `DynamicUser`
service unit directive.
---
 package/alertmanager/alertmanager.service | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/alertmanager/alertmanager.service b/package/alertmanager/alertmanager.service
index df779ac..e6e2218 100644
--- a/package/alertmanager/alertmanager.service
+++ b/package/alertmanager/alertmanager.service
@@ -15,11 +15,13 @@ ExecStart=/usr/sbin/alertmanager \
 	--web.listen-address=${WEB_LISTEN_ADDRESS}
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
+User=alertmanager
+StateDirectory=alertmanager
+WorkingDirectory=/var/lib/alertmanager
 
 CapabilityBoundingSet=
 DeviceAllow=
 DevicePolicy=closed
-DynamicUser=yes
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes