32 lines
870 B
INI
32 lines
870 B
INI
[Unit]
|
|
Description=Back up filesystem with restic
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
LoadCredential=restic.aws.credentials
|
|
LoadCredential=restic.password
|
|
Environment=AWS_SHARED_CREDENTIALS_FILE=%d/restic.aws.credentials
|
|
Environment=RESTIC_PASSWORD_FILE=%d/restic.password
|
|
Environment=XDG_CACHE_HOME=%C
|
|
EnvironmentFile=-%E/restic/environment
|
|
ExecStart=/usr/bin/restic backup --files-from %E/restic/include --exclude-file %E/restic/exclude --exclude-if-present .nobackup
|
|
CacheDirectory=restic
|
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
|
|
MemoryDenyWriteExecute=yes
|
|
PrivateDevices=yes
|
|
PrivateTmp=yes
|
|
ProtectClock=yes
|
|
ProtectControlGroups=yes
|
|
ProtectHome=read-only
|
|
ProtectKernelLogs=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectProc=invisible
|
|
ProtectSystem=strict
|
|
ReadWritePaths=%t
|
|
ReadWritePaths=%T
|
|
ReadWritePaths=%V
|
|
RestrictRealtime=yes
|
|
RestrictSUIDSGID=yes
|
|
UMask=0077
|