feat: adds borg, timers and systemd service support
This commit is contained in:
31
config/ansible/templates/borg-backup.service.j2
Normal file
31
config/ansible/templates/borg-backup.service.j2
Normal file
@@ -0,0 +1,31 @@
|
||||
[Unit]
|
||||
Description=Borg Backup Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User=root
|
||||
Group=root
|
||||
ExecStart={{ borg_config_dir }}/backup.sh
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
Environment="BORG_PASSPHRASE={{ borg_passphrase }}"
|
||||
Environment="BORG_REPO={{ borg_repo_dir }}"
|
||||
Environment="BORG_CACHE_DIR={{ borg_config_dir }}/cache"
|
||||
Environment="BORG_CONFIG_DIR={{ borg_config_dir }}/config"
|
||||
Environment="BORG_SECURITY_DIR={{ borg_config_dir }}/security"
|
||||
Environment="BORG_KEYS_DIR={{ borg_config_dir }}/keys"
|
||||
|
||||
# Security settings
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ReadWritePaths=/mnt/services /mnt/object_storage /var/log {{ borg_config_dir }}
|
||||
ProtectHome=read-only
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user