[Unit]
Description=Victoria Metrics vmagent
Documentation=https://docs.victoriametrics.com/vmagent.html
Wants=network-online.target
After=network-online.target

[Service]
Type=exec
Environment=httpListenAddr=[::1]:8429
Environment=loggerDisableTimestamps=true
Environment=remoteWrite_tmpDataPath=/var/lib/victoria-metrics/vmagent
EnvironmentFile=-/etc/sysconfig/vmagent
ExecStart=/usr/bin/vmagent -enableTCP6 -envflag.enable
Restart=on-failure
User=victoriametrics
Group=victoriametrics
ReadWritePaths=/var/lib/victoria-metrics

CapabilityBoundingSet=
DeviceAllow=
DevicePolicy=closed
DynamicUser=yes
IPAddressAllow=localhost
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateUsers=yes
PrivateTmp=yes
ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
UMask=0027

[Install]
WantedBy=multi-user.target