Allow telegram to snoop on seedbox files, monitor the seedbox and increase the backend size for varnish

templates/haproxy.service.j2

@@ -2,8 +2,8 @@
 StartLimitIntervalSec=0
 
 [Service]
-User=varnish
+User={{ haproxy.user }}
-Group=varnish
+Group={{ haproxy.group }}
 
 Restart=on-failure
 RestartSec=10

templates/telegraf.service.j2

@@ -13,6 +13,9 @@ ProtectSystem=strict
 NoNewPrivileges=yes
 TemporaryFileSystem=/:ro
 BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys
+{% if inventory_hostname == "n2" %}
+BindReadOnlyPaths=/mnt/seedbox 
+{% endif %}
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
@@ -27,4 +30,7 @@ PrivateDevices=yes
 {% if inventory_hostname == "n1" %}
 CapabilityBoundingSet=CAP_NET_ADMIN
 AmbientCapabilities=CAP_NET_ADMIN
+{% elif inventory_hostname == "n2" %}
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH
+AmbientCapabilities=CAP_DAC_READ_SEARCH
 {% endif %}

templates/varnish.service.j2

@@ -8,4 +8,4 @@ RestartSec=10
 
 CacheDirectory=varnish
 ExecStart=
-ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }},PROXY -p feature=+http2 -p tcp_fastopen=on -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl -s file,/var/cache/varnish/file,4G
+ExecStart=/usr/sbin/varnishd -F -a {{ varnish.frontend.sock }},user={{ varnish.frontend.user }},group={{ varnish.frontend.group }},mode={{ varnish.frontend.mode }},PROXY -p feature=+http2 -p tcp_fastopen=on -j unix,user={{ varnish.jail.user }} -f /etc/varnish/default.vcl -s file,/var/cache/varnish/file,10G