Commit graph

53 commits

Author SHA1 Message Date
David Härdeman
2f3c0bec5b Update systemd .service example
First, ProtectSystem=strict will make the entire file system hierarchy (except
/dev, /proc/ and /sys) read-only, so separate ReadOnlyPaths= is not necessary.

Second, ProtectHome=tmpfs will not just mount an empty tmpfs on /root, but also
on /home and /run/user. As it's likely quite common to want to backup /home,
this seems like a footgun.

Finally, it's quite likely that borgbackup will want access to root's SSH keys
in order to connect to remote backup servers.

Note that all these options are commented out by default, so this is more of
a documentation change than any real change in functionality.
2023-10-15 11:30:11 +02:00
Dan Helfman
1d7c7eaaa7 Add sample systemd user serivce for running borgmatic as a non-root user (#669). 2023-06-14 14:57:57 -07:00
Soumik Dutta
f512d1e460 add verbosity level -2
Signed-off-by: Soumik Dutta <shalearkane@gmail.com>
2023-05-26 08:57:12 +05:30
LaserEyess
2e9f70d496 Do not inhibit idle in borgmatic.service
When backing up a machine with a monitor using logind to control idle
timeout and things like DPMS, borgmatic can block the screen from
turning on/off with systemd-inhibit. This is because by default
systemd-inhibit will block "idle:sleep:shutdown". Borgmatic does not
need to care about idle, only about suspend and shutdown. So, add an
explicit `--what` flag for what borgmatic should inhibit.

For more information see systemd-inhibit(1).
2022-10-01 09:33:38 -04:00
Dan Helfman
ca0c79c93c Fix duplicate bind path in sample systemd service. 2022-08-28 14:49:23 -07:00
Daniel Lo Nigro
3ecb92a8d2
Add randomized delay to systemd timer 2022-05-07 16:42:06 -07:00
Dan Helfman
bb0716421d Add comment about systemd service setting that may interfere with external commands in hooks (#492). 2022-01-25 09:26:11 -08:00
Dan Helfman
1004500d65 Update sample systemd service file comments about more granular read-only filesystem settings. 2021-10-11 09:33:07 -07:00
Vladimir Timofeenko
6df6176f3a
Added more strict ProtectHome to systemd unit
This commit changes the comment in sample systemd service.

Using a combination of 'ProtectHome' and 'BindPaths' it's possible to
hide the irrelevant paths inside /root from borgmatic service when it is
run.

ReadWritePaths are suggested to be used only for paths that contain borg
repositories and the backup sources can be specified as ReadOnlyPaths.
2021-08-30 11:20:34 -07:00
Dan Helfman
bc2e611a74 Suppress console output in sample crontab/systemd service files (#379).
Reviewed-on: https://projects.torsion.org/witten/borgmatic/pulls/379
2021-06-23 17:32:47 +00:00
Dan Helfman
b37dd1a79e Document use case of running backups conditionally based on laptop power level (#419). 2021-06-09 10:03:35 -07:00
Jeffery To
d1c403999f
Reduce console output in sample crontab/systemd service files.
As borgmatic will log to syslog in the sample crontab/systemd service
files, this makes console output redundant. (cron will mail any console
output to the root user; systemd will log any console output to syslog.)

This adds --verbosity -1 to both files to reduce console output to the
minimum.
2021-04-13 01:40:57 +08:00
Dan Helfman
717c90a7d0 Clarify in systemd service file comment that security settings are optional. 2020-12-09 10:08:07 -08:00
Dan Helfman
8fde19a7dc Update systemd service example to return a permission error when a system call isn't permitted. 2020-11-30 22:14:28 -08:00
Dan Helfman
9b83fcbf06 Add comment about MemoryDenyWriteExecute value and the tradeoffs thereof. 2020-08-23 14:11:19 -07:00
Dan Helfman
32a93ce8a2 Loosen systemd memory security setting to allow Healthchecks ping. 2020-08-22 13:37:34 -07:00
palto42
631c3068a9 systemd security settings 2020-08-22 15:41:25 +02:00
Dan Helfman
602ad9e7ee Add note about indirect dbus dependency. 2020-05-21 19:56:32 -07:00
Dan Helfman
88f06f7921 Revert "Use absolute paths in systemd commands."
This reverts commit 24e1516ec5.
2020-01-21 16:03:24 -08:00
Dan Helfman
1995c80e60 Add comment about old versions of systemd and option compatibility (#275). 2020-01-02 10:05:32 -08:00
Dan Helfman
24e1516ec5 Use absolute paths in systemd commands. 2020-01-01 17:14:55 -08:00
Dan Helfman
a472735616 Merge sample cron files. 2019-09-24 10:49:46 -07:00
Dan Helfman
b3fec03cf4 Up the syslog verbosity in sample cron files. 2019-09-24 10:47:39 -07:00
Dan Helfman
89dccc25c3 Add AC power condition for systemd service (#205). 2019-09-24 10:43:30 -07:00
Dan Helfman
3846155d62 More robust sample systemd service: boot delay, network dependency, lowered CPU/IO priority, etc (#205). 2019-09-24 10:16:30 -07:00
Dan Helfman
4f0d3bf4ed Add docs/default about systemd journald rate limiting. 2019-06-11 17:03:40 -07:00
Dan Helfman
67f2862fb1 Change paths to reflect new pip install --user documentation. 2019-05-14 10:00:50 -07:00
grerrg
e5870a169b Add example for cron in Alpine Linux (#24) 2018-09-05 21:58:30 -07:00
Florian Lindner
64bdbc4bf0 Add Persistent, so that the timer is triggered if missed last time. 2018-05-17 21:47:58 +02:00
Dan Helfman
f98558546c Documentation updates based on the new YAML configuration. 2017-07-10 11:06:28 -07:00
Dan Helfman
f19a40ef9c Basic YAML generating / validating / converting to. 2017-07-08 22:33:51 -07:00
Dan Helfman
4d7556f68b Basic YAML configuration file parsing. 2017-07-04 16:52:24 -07:00
Dan Helfman
ebd34f1695 Changed example umask config to be more realistic. 2017-06-25 10:36:36 -07:00
Dan Helfman
49c4f483fd Sample files for triggering borgmatic from a systemd timer. 2016-07-04 09:19:34 -07:00
Dan Helfman
3579dbe813 #19: Support for Borg's --remote-path option to use an alternate Borg executable. 2016-06-10 13:31:37 -07:00
Dan Helfman
40a215802f Dropping support for Attic. 2016-06-10 11:21:53 -07:00
Dan Helfman
5bffa35741 Fixed links to Borg documentation. 2016-04-10 10:23:32 -07:00
Robin Schneider
f669e31305 Made globing for source_directories the default.
Don’t remove non existing files/directories from the list and let
attic/borg handle this.
2016-02-13 21:05:34 +01:00
Robin Schneider
e4cf193cd7 Added support for file globs in source_directories.
source_directories_glob can be used to enable glob support (defaults to
disabled).
2016-01-25 23:52:16 +01:00
Dan Helfman
dd2be365b1 Support borg create --umask. (Merge PR from ypid.) 2016-02-13 10:59:43 -08:00
Dan Helfman
d6585811d6 Added support for --one-file-system for Borg. 2016-02-13 10:43:31 -08:00
Dan Helfman
a44212ff00 #9: New configuration option for the encryption passphrase. #10: Support for Borg's new archive compression feature. 2015-09-02 22:48:07 -07:00
Dan Helfman
2444c4b372 #1: Add support for "borg check --last N" to Borg backend. 2015-07-27 21:47:52 -07:00
Dan Helfman
9ecc207139 #6: Fixing example config file to use valid keep_within value. 2015-07-27 19:06:39 -07:00
Dan Helfman
803fd3a851 Linking to both Attic and Borg check docs from sample config. 2015-07-26 22:02:43 -07:00
Dan Helfman
837d25cfd8 Linking to both Attic and Borg prune docs from sample config. 2015-07-26 20:57:31 -07:00
Dan Helfman
cc09d7fc10 Adding borgmatic cron example. 2015-07-18 18:44:11 -07:00
Dan Helfman
f2f8503e77 New "borgmatic" command to support Borg backup software, a fork of Attic. 2015-07-18 18:35:29 -07:00
Dan Helfman
df2d059af2 New configuration section for customizing which Attic consistency checks run, if any. 2015-05-10 22:00:31 -07:00
Dan Helfman
63018fad4e Configuration support for additional attic prune flags: keep_within, keep_hourly, keep_yearly, and prefix. 2014-12-06 18:35:20 -08:00