Mirrors/ansible-role-borg-backup
1
0
Fork 0
mirror of https://github.com/borgbase/ansible-role-borgbackup.git synced 2024-12-21 19:09:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix systemd units not running as root

Browse Source
This commit is contained in:
Fabian Hausmann 2024-11-26 12:38:58 +01:00
parent efa8e5ec7f
commit 7f36d0aee4
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/borgmatic.service.j2
View File

@ -12,7 +12,7 @@ ConditionACPower=true
[Service]
Type=oneshot
User={{ borg_user }}
ExecStart=borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
ExecStart={{ 'sudo ' if borg_user != 'root'}}borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service
# Security settings for systemd running as root, optional but recommended to improve security. You
@ -22,7 +22,7 @@ LockPersonality=true
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
# But you can try setting it to "yes" for improved security if you don't use those features.
MemoryDenyWriteExecute=no
NoNewPrivileges=yes
NoNewPrivileges={{ 'no' if borg_user != 'root' else 'yes'}}
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes