[Unit]
Description=Bridge for local Prometheus metrics
After=network.target

[Container]
Image=git.pyrocufflink.net/containerimages/local_exporter:latest
Exec=serve
Volume=/run:/run:rw
Volume=/etc/local_exporter:/etc/local_exporter:ro
PublishPort=9598:9598
# Must run as user "zincati"
User=981
ReadOnly=yes
VolatileTmp=yes
# container_t does not have permission to write to var_run_t
SecurityLabelDisable=yes
NoNewPrivileges=yes

[Service]
Restart=always

[Install]
WantedBy=multi-user.target