foodogsquared/ansible-playbooks
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/ansible-playbooks.git synced 2025-01-31 16:57:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
da532aa8af
ansible-playbooks/roles/system/borg/files/borgmatic.service
Gabriel Arazas da532aa8af Create borg service role
2022-03-19 12:32:27 +08:00

37 lines
956 B
Desktop File
Raw Blame History

[Unit]
Description=Backup to external archive
Documentation=https://www.borgbackup.org/ https://torsion.org/borgmatic/ man:borg(1)
[Service]
LockPersonality=true
MemoryDenyWriteExecute=no
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
Nice=19
CPUSchedulingPolicy=batch
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IOWeight=100
Restart=no
LogRateLimitIntervalSec=0
ExecStartPre=sleep 1m
ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic --verbosity -1 --syslog-verbosity 1
Reference in New Issue View Git Blame Copy Permalink