49 lines
1.0 KiB
Django/Jinja
49 lines
1.0 KiB
Django/Jinja
[Unit]
|
|
Description=Borg Local Sync - Copy Borg repository to local storage
|
|
Documentation=man:borg(1)
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
# Ensure this runs after the main backup has completed
|
|
After=borg-backup.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=root
|
|
Group=root
|
|
|
|
# Set up environment
|
|
Environment="PATH=/usr/local/bin:/usr/bin:/bin"
|
|
Environment="LANG=en_US.UTF-8"
|
|
Environment="LC_ALL=en_US.UTF-8"
|
|
|
|
# Security settings
|
|
ProtectSystem=strict
|
|
ProtectHome=read-only
|
|
ReadWritePaths=/var/log /mnt/borg-backups {{ borg_config_dir }}
|
|
PrivateTmp=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
|
|
# Resource limits
|
|
MemoryMax=2G
|
|
CPUQuota=80%
|
|
IOWeight=200
|
|
|
|
# Timeout settings (local sync might take a while for initial copy)
|
|
TimeoutStartSec=3600
|
|
TimeoutStopSec=300
|
|
|
|
# Execute the sync script
|
|
ExecStart=/usr/local/bin/borg-local-sync.sh
|
|
|
|
# Logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=borg-local-sync
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|