foodogsquared/ansible-playbooks
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/ansible-playbooks.git synced 2025-01-31 22:57:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
da532aa8af
ansible-playbooks/roles/system/borg/files/borgmatic.service

37 lines
956 B
SYSTEMD
Raw Normal View History

Create borg service role
2022-03-19 04:19:38 +00:00
[Unit]
Description=Backup to external archive
Documentation=https://www.borgbackup.org/ https://torsion.org/borgmatic/ man:borg(1)
[Service]
LockPersonality=true
MemoryDenyWriteExecute=no
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100
Restart=no
LogRateLimitIntervalSec=0
ExecStartPre=sleep 1m
ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1
Reference in New Issue Copy Permalink