Overview

File restic-backup.service of Package pf-vendor

[Unit]
Description=Backup with restic
ConditionFileNotEmpty=/etc/pf-vendor/restic-backup.conf
ConditionPathExists=/etc/pf-vendor/restic-backup.conf.excludes
ConditionFileNotEmpty=/etc/pf-vendor/restic-backup.conf.includes

[Service]
DynamicUser=true
User=restic-backup
Group=restic-backup
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
AmbientCapabilities=CAP_DAC_READ_SEARCH
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=yes
ProtectClock=true
ProtectControlGroups=true
ProtectHome=read-only
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProcSubset=pid
ProtectSystem=strict
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
SystemCallFilter=fchownat setrlimit
RestrictRealtime=true
LockPersonality=true
MemoryDenyWriteExecute=true
RemoveIPC=true
UMask=0066
ProtectHostname=true
CacheDirectory=restic-backup
CacheDirectoryMode=750
Environment=HOME=/var/cache/restic-backup
EnvironmentFile=/etc/pf-vendor/restic-backup.conf
ExecStart=/usr/bin/restic-backup.sh
Nice=15
IOSchedulingPriority=6
openSUSE Build Service is sponsored by
Places