mirror of
https://github.com/borgbase/ansible-role-borgbackup.git
synced 2024-12-27 00:08:33 +01:00
Fix systemd units not running as root
This commit is contained in:
parent
efa8e5ec7f
commit
7f36d0aee4
@ -12,7 +12,7 @@ ConditionACPower=true
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
User={{ borg_user }}
|
User={{ borg_user }}
|
||||||
ExecStart=borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
|
ExecStart={{ 'sudo ' if borg_user != 'root'}}borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
|
||||||
|
|
||||||
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
|
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
|
||||||
# Security settings for systemd running as root, optional but recommended to improve security. You
|
# Security settings for systemd running as root, optional but recommended to improve security. You
|
||||||
@ -22,7 +22,7 @@ LockPersonality=true
|
|||||||
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
||||||
# But you can try setting it to "yes" for improved security if you don't use those features.
|
# But you can try setting it to "yes" for improved security if you don't use those features.
|
||||||
MemoryDenyWriteExecute=no
|
MemoryDenyWriteExecute=no
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges={{ 'no' if borg_user != 'root' else 'yes'}}
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectClock=yes
|
ProtectClock=yes
|
||||||
|
Loading…
Reference in New Issue
Block a user