ansible-systemd/templates/telegraf.service.j2

[Service]
ProtectSystem=strict
PrivateUsers=true
NoNewPrivileges=yes
TemporaryFileSystem=/:ro
BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
PrivateTmp=yes
PrivateDevices=yes
Add back grafana and telegraf, add daemon reload notifier for overrides 2020-05-29 18:04:06 +00:00			`[Service]`
			`ProtectSystem=strict`
			`PrivateUsers=true`
			`NoNewPrivileges=yes`
			`TemporaryFileSystem=/:ro`
			`BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys`
			`ProtectControlGroups=yes`
			`ProtectKernelModules=yes`
			`ProtectKernelTunables=yes`
			`RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK`
			`RestrictNamespaces=yes`
			`RestrictRealtime=yes`
			`RestrictSUIDSGID=yes`
			`MemoryDenyWriteExecute=yes`
			`LockPersonality=yes`
			`PrivateTmp=yes`
			`PrivateDevices=yes`