Menno van Leeuwen
a987adb86b
Use /mnt/borg-backups in place of /mnt/object_storage for Borg. Remove JuiceFS and Redis artifacts (tasks, templates, service configs) and delete borg-local-sync tooling. Update borg-backup service ReadWritePaths, remove Plex slow tvshows mount, add system sysctl performance tunings, and apply minor code and flake.lock updates.
32 lines
848 B
Django/Jinja
32 lines
848 B
Django/Jinja
[Unit]
|
|
Description=Borg Backup Service
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=root
|
|
Group=root
|
|
ExecStart={{ borg_config_dir }}/backup.sh
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
Environment="BORG_PASSPHRASE={{ borg_passphrase }}"
|
|
Environment="BORG_REPO={{ borg_repo_dir }}"
|
|
Environment="BORG_CACHE_DIR={{ borg_config_dir }}/cache"
|
|
Environment="BORG_CONFIG_DIR={{ borg_config_dir }}/config"
|
|
Environment="BORG_SECURITY_DIR={{ borg_config_dir }}/security"
|
|
Environment="BORG_KEYS_DIR={{ borg_config_dir }}/keys"
|
|
|
|
# Security settings
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/mnt/services /mnt/borg-backups /var/log {{ borg_config_dir }}
|
|
ProtectHome=read-only
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
SystemCallFilter=@system-service
|
|
SystemCallErrorNumber=EPERM
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|