[Unit]
StartLimitIntervalSec=0

[Service]
EnvironmentFile=
ExecStart=
ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d

Restart=on-failure
RestartSec=10

ProtectSystem=strict
NoNewPrivileges=yes
TemporaryFileSystem=/:ro
BindReadOnlyPaths=/etc/telegraf /usr /lib /lib64 /proc /sys
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
PrivateTmp=yes
PrivateDevices=yes