Ana Sayfa Keşfet Yardım
Giriş Yap
mirrors
/
borgmatic
şunun yansıması https://github.com/witten/borgmatic
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Ağaç: 9b83fcbf06
Dallar Biçim İmleri
borgmatic
/
sample
/
systemd
/
borgmatic.service

borgmatic.service 2.0 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. [Unit]
    2. 

  2. Description=borgmatic backup
    3. 

  3. Wants=network-online.target
    4. 

  4. After=network-online.target
    5. 

  5. ConditionACPower=true
    6. 

  6. 

  7. [Service]
    8. 

  8. Type=oneshot
    9. 

  9. 

  10. # Security settings for systemd running as root
    11. 

  11. # For more details about this settings check the systemd manuals
    12. 

  12. # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
    13. 

  13. LockPersonality=true
    14. 

  14. # Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
    15. 

  15. # But you can try setting it to "yes" for improved security if you don't use those features.
    16. 

  16. MemoryDenyWriteExecute=no
    17. 

  17. NoNewPrivileges=yes
    18. 

  18. PrivateDevices=yes
    19. 

  19. PrivateTmp=yes
    20. 

  20. ProtectClock=yes
    21. 

  21. ProtectControlGroups=yes
    22. 

  22. ProtectHostname=yes
    23. 

  23. ProtectKernelLogs=yes
    24. 

  24. ProtectKernelModules=yes
    25. 

  25. ProtectKernelTunables=yes
    26. 

  26. RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
    27. 

  27. RestrictNamespaces=yes
    28. 

  28. RestrictRealtime=yes
    29. 

  29. RestrictSUIDSGID=yes
    30. 

  30. SystemCallArchitectures=native
    31. 

  31. SystemCallFilter=@system-service
    32. 

  32. # Restrict write access
    33. 

  33. # Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file
    34. 

  34. # system read-only be default and uncomment 'ReadWritePaths' for the required write access.
    35. 

  35. # Add local repositroy paths to the list of 'ReadWritePaths' like '-/mnt/my_backup_drive'.
    36. 

  36. ProtectSystem=full
    37. 

  37. # ProtectHome=read-only
    38. 

  38. # ReadWritePaths=-/root/.config/borg -/root/.cache/borg -/root/.borgmatic
    39. 

  39. 

  40. CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
    41. 

  41. 

  42. # Lower CPU and I/O priority.
    43. 

  43. Nice=19
    44. 

  44. CPUSchedulingPolicy=batch
    45. 

  45. IOSchedulingClass=best-effort
    46. 

  46. IOSchedulingPriority=7
    47. 

  47. IOWeight=100
    48. 

  48. 

  49. Restart=no
    50. 

  50. # Prevent rate limiting of borgmatic log events. If you are using an older version of systemd that
    51. 

  51. # doesn't support this (pre-240 or so), you may have to remove this option.
    52. 

  52. LogRateLimitIntervalSec=0
    53. 

  53. 

  54. # Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
    55. 

  55. # dbus-user-session to be installed.
    56. 

  56. ExecStartPre=sleep 1m
    57. 

  57. ExecStart=systemd-inhibit --who="borgmatic" --why="Prevent interrupting scheduled backup" /root/.local/bin/borgmatic --syslog-verbosity 1
    58.