Add hitch & varnish overrides, move murmur to it's task, it's not a override

templates/hitch.service.j2

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/hitch --user {{ hitch.user }} --group {{ hitch.group }} --config /etc/hitch/hitch.conf -L 2 --backend="{{ hitch.backend.sock }}" --frontend="[*]:{{ hitch.frontend.port }}"

templates/murmur.service.j2

@@ -1,19 +0,0 @@
-[Service]
-ExecStart=
-ExecStart=/usr/sbin/murmurd -fg -ini {{ global.murmur.configpath }}
-ProtectSystem=strict
-PrivateUsers=true
-NoNewPrivileges=yes
-TemporaryFileSystem=/:ro
-BindReadOnlyPaths={{ global.murmur.configpath }} /usr /lib /lib64
-ProtectControlGroups=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-MemoryDenyWriteExecute=yes
-LockPersonality=yes
-PrivateTmp=yes
-PrivateDevices=yes

templates/varnish.service.j2

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }} -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl