Tweak monitoring and varnish start options

templates/grafana-server.service.j2

@@ -1,6 +1,6 @@
 [Service]
 ExecStart=
-ExecStart=/usr/sbin/grafana-server --config=/etc/grafana/grafana.ini --pidfile=/run/grafana-server.pid --packaging=deb cfg:default.paths.logs=/var/log/grafana
+ExecStart=/usr/sbin/grafana-server --config=/etc/grafana/grafana.ini --pidfile=/run/grafana/grafana-server.pid --packaging=deb cfg:default.paths.logs=/var/log/grafana cfg:default.paths.data=/tmp/data cfg:default.paths.plugins=/tmp/plugins cfg:default.paths.provisioning=/tmp/provision
 # TODO: Store or provision a set of plugins, prefferably the latter
 
 ProtectSystem=strict
@@ -8,6 +8,8 @@ PrivateUsers=true
 NoNewPrivileges=yes
 TemporaryFileSystem=/:ro
 BindReadOnlyPaths=/etc/grafana /usr /lib /lib64
+LogsDirectory=grafana
+RuntimeDirectory=grafana
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes

templates/influxdb.service.j2

@@ -10,7 +10,6 @@ TemporaryFileSystem=/:ro
 BindReadOnlyPaths=/etc/influxdb /usr /lib /lib64
 BindPaths={{ influxdb.storage }}
 
-SecureBits=noroot
 ProtectSystem=strict
 PrivateUsers=true
 NoNewPrivileges=yes

templates/telegraf.service.j2

@@ -1,6 +1,9 @@
 [Service]
+EnvironmentFile=
+ExecStart=
+ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d
+
 ProtectSystem=strict
-PrivateUsers=true
 NoNewPrivileges=yes
 TemporaryFileSystem=/:ro
 BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys

templates/varnish.service.j2

@@ -1,3 +1,3 @@
 [Service]
 ExecStart=
-ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }} -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl
+ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }} -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl -s malloc,256m